Need Confirmation That This Is Clean. [resolved][RESOLVED]


Recommended Posts

Darn kids don't listen. I yelled at them for using P2P plus not clicking links or playing games at Facebook and Myspace.

This Dell came with a trial of Norton but the kids installed Avast. After niece noticed popup ads after going to Facebook her husband tried installing PC-cillin, oh joy. I see I missed deleting some entries for those programs.. I was finally able to install Panda AV Pro which I pay for several licenses each year.

I ran all scans on each account. I will list them separately here in this thread. I didn't realize that System Restore was turned off so I enabled it then made a restore point when Comedian said it couldn't create one.

Bill's account

Malwarebytes' Anti-Malware 1.39

Database version: 2506

Windows 5.1.2600 Service Pack 3

7/31/2009 10:46:15 PM

mbam-log-2009-07-31 (22-46-15).txt

Scan type: Quick Scan

Objects scanned: 125706

Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 2

Registry Keys Infected: 12

Registry Values Infected: 11

Registry Data Items Infected: 4

Folders Infected: 1

Files Infected: 9

Memory Processes Infected:

C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.

c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\Bill\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.

c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.

c:\WINDOWS\system32\netdde.sys (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Bill\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

-------------------------------------------------------------------------------------------

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP Home Edition (5.1.2600) Service Pack 3

[32_bits] - x86 Family 15 Model 127 Stepping 2, AuthenticAMD

.

[wscsvc] (Security Center) RUNNING (state:4)

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Disabled !

.

Internet Explorer 8.0.6001.18702

Mozilla Firefox 3.5.1 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:148 Go - Free:116 Go )

D:\ [CD_Rom]

.

Scan : 11:59.55

Path : C:\Documents and Settings\Bill\Desktop\Rooter.exe

User : Bill ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (976)

______ \??\C:\WINDOWS\system32\csrss.exe (1024)

______ \??\C:\WINDOWS\system32\winlogon.exe (1048)

______ C:\WINDOWS\system32\services.exe (1092)

______ C:\WINDOWS\system32\lsass.exe (1104)

______ C:\WINDOWS\system32\svchost.exe (1272)

______ C:\WINDOWS\system32\svchost.exe (1332)

______ C:\WINDOWS\system32\svchost.exe (1452)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (1480)

______ C:\WINDOWS\system32\svchost.exe (1572)

______ C:\WINDOWS\system32\svchost.exe (748)

______ C:\WINDOWS\system32\spoolsv.exe (260)

______ C:\WINDOWS\system32\svchost.exe (764)

______ C:\WINDOWS\system32\svchost.exe (1544)

______ C:\Program Files\Java\jre6\bin\jqs.exe (2016)

______ C:\WINDOWS\system32\nvsvc32.exe (460)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (1176)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (1768)

______ C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (328)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (120)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (1880)

______ C:\Program Files\CyberLink\Shared files\RichVideo.exe (368)

______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (1840)

______ C:\WINDOWS\system32\svchost.exe (488)

______ C:\WINDOWS\system32\fxssvc.exe (1820)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (1548)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (1668)

______ C:\WINDOWS\Explorer.EXE (2392)

______ C:\WINDOWS\RTHDCPL.EXE (3248)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (3568)

______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3648)

______ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (3768)

______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (3880)

______ C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (3924)

______ C:\WINDOWS\System32\drivers\PhiBtn.exe (4020)

______ C:\WINDOWS\system32\RUNDLL32.EXE (2708)

______ C:\Program Files\Java\jre6\bin\jusched.exe (1952)

______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (3228)

______ C:\WINDOWS\system32\ctfmon.exe (2340)

______ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe (2816)

______ C:\WINDOWS\system32\wuauclt.exe (2000)

______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (2968)

______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3216)

______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2592)

______ C:\WINDOWS\System32\alg.exe (1224)

______ C:\WINDOWS\system32\wscntfy.exe (2736)

______ C:\Documents and Settings\Bill\Desktop\Rooter.exe (2636)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)

\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:159948794880)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\EasyShare Registration Task.job

C:\WINDOWS\Tasks\SA.DAT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 12:00.00

.

C:\Rooter$\Rooter_1.txt - (02/08/2009 | 12:00.00)

-------------------------------------------------------------------

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/02 12:02

Program Version: Version 1.3.3.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: av5flt.sys

Image Path: C:\WINDOWS\system32\drivers\av5flt.sys

Address: 0xB4ACD000 Size: 92544 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB624A000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA5D4000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PavSRK.sys

Image Path: C:\WINDOWS\system32\PavSRK.sys

Address: 0xBA368000 Size: 32768 File Visible: No Signed: -

Status: -

Name: PavTPK.sys

Image Path: C:\WINDOWS\system32\PavTPK.sys

Address: 0xBA2D8000 Size: 49152 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB4A95000 Size: 49152 File Visible: No Signed: -

Status: -

SSDT

-------------------

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb577da30

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb577ce50

Hidden Services

-------------------

Service Name: vsfocedsyafrmm

Image Path: C:\WINDOWS\system32\drivers\vsfocexpnfvaql.sys

Service Name: vsfocetymovrod

Image Path: C:\WINDOWS\system32\drivers\vsfoceulqjnogt.sys

==EOF==

---------------------------------------------------------------------------

OTL logfile created on: 8/2/2009 12:07:58 PM - Run 1

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 75.48% Memory free

3.79 Gb Paging File | 3.43 Gb Available in Paging File | 90.60% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 116.87 Gb Free Space | 78.46% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCK7T3G1

Current User Name: Bill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (APPFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\APPFLT.SYS (Panda Security, S.L.)

DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AvFlt [On_Demand | Running]) -- File not found

DRV - (camvid40 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\camdrv41.sys (Philips Consumer Electronics)

DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (ComFiltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys ()

DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (DSAFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\DSAFLT.SYS (Panda Security, S.L.)

DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (FNETMON [system | Running]) -- C:\WINDOWS\System32\Drivers\fnetmon.SYS (Panda Security, S.L.)

DRV - (GoProto [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\goprot51.sys (Gteko Ltd.)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (IDSFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\IDSFLT.SYS (Panda Security, S.L.)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (NETFLTDI [system | Running]) -- C:\WINDOWS\System32\Drivers\NETFLTDI.SYS (Panda Security, S.L.)

DRV - (NETIMFLT01060034 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\neti1634.sys (Panda Security, S.L.)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)

DRV - (pavboot [boot | Running]) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.)

DRV - (PAVDRV [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\pavdrv51.sys (Panda Security, S.L.)

DRV - (PavProc [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\PavProc.sys (Panda Security, S.L.)

DRV - (PavSRK.sys [On_Demand | Running]) -- File not found

DRV - (PavTPK.sys [On_Demand | Running]) -- File not found

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (ShldDrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys (Panda Security, S.L.)

DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (WNMFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS (Panda Security, S.L.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.auctionsinternational.com/

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\S-1-5-21-1216478575-1639340339-3823283540-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M]

[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions

[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008/07/08 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\[email protected]

[2009/08/02 09:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions

[2009/07/29 05:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/12/25 19:02:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\FireFox\Profiles\789pe03b.default\searchplugins\ask.xml

[2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

O4 - HKLM..\Run: [HP Component Manager] c:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\System32\drivers\Tray900.exe (Philips)

O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()

O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..Trusted Domains: rbrooks.com ([project] https in Trusted sites)

O15 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class)

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found

O33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

NetSvcs: msncache - Service key not found. File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: PskSvcRetail - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/08/02 12:01:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat

[2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/08/02 11:49:29 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 11:49:24 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk

[2009/08/02 11:49:24 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk

[2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/08/02 11:39:05 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe

[2009/08/02 11:36:54 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe

[2009/08/02 11:36:45 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe

[2009/08/02 11:36:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe

[2009/08/02 11:36:40 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe

[2009/08/02 11:29:39 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc

[2009/08/02 09:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Yahoo!

[2009/08/02 09:34:37 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/02 09:34:03 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk

[2009/08/02 09:33:41 | 00,001,560 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/08/01 20:51:00 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/08/01 20:51:00 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/08/01 20:51:00 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2009/08/01 19:18:27 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys

[2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys

[2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys

[2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS

[2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS

[2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys

[2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/07/31 23:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Panda Security

[2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys

[2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl

[2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll

[2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll

[2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys

[2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll

[2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL

[2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll

[2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll

[2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Panda Security

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys

[2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys

[2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security

[2009/07/31 22:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes

[2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/31 22:25:18 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools

[2009/07/31 21:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\CCleaner backup

[2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads

[2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/07/29 05:25:10 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/07/29 05:25:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys

[2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys

[2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys

[2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/27 14:19:43 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat

[2009/07/27 14:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\14899704

[2009/07/27 14:09:38 | 00,024,130 | ---- | C] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat

[2009/07/27 14:09:37 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys

[2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/07/24 12:21:45 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat

[2009/07/24 12:11:38 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat

[2009/07/24 12:11:35 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys

[2009/07/20 13:45:24 | 00,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

[2009/07/20 13:44:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\BWKDLogs

[2009/07/11 13:33:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Genetec Software

[2009/07/05 22:51:25 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[2009/07/05 07:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT

[2009/03/05 07:51:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/12/20 20:19:31 | 00,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008/08/24 11:51:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/08/21 22:04:45 | 00,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll

[2008/08/21 22:04:45 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll

[2008/08/03 21:17:01 | 00,000,188 | ---- | C] () -- C:\WINDOWS\ViewNX.INI

[2008/07/08 14:40:14 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/06/01 10:06:22 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2008/04/19 07:40:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/19 07:05:47 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/04/19 07:05:46 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/04/19 07:05:46 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008/04/19 07:05:45 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/04/19 07:05:45 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008/04/19 07:04:20 | 00,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/02 12:01:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat

[2009/08/02 11:55:48 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck

[2009/08/02 11:55:48 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg

[2009/08/02 11:55:48 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck

[2009/08/02 11:55:48 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg

[2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck

[2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg

[2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck

[2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg

[2009/08/02 11:55:37 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/02 11:55:37 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/02 11:54:44 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck

[2009/08/02 11:54:44 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg

[2009/08/02 11:54:41 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck

[2009/08/02 11:54:41 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt

[2009/08/02 11:54:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/08/02 11:54:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/02 11:54:18 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/02 11:49:29 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 11:49:24 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk

[2009/08/02 11:49:24 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk

[2009/08/02 11:41:00 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck

[2009/08/02 11:41:00 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt

[2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe

[2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe

[2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe

[2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe

[2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc

[2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/02 09:34:37 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/02 09:34:03 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk

[2009/08/02 09:33:41 | 00,001,560 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk

[2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/08/01 20:50:48 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/08/01 20:50:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls

[2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/07/31 23:35:49 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe

[2009/07/29 18:16:04 | 00,065,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys

[2009/07/29 17:09:58 | 00,024,130 | ---- | M] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat

[2009/07/29 17:09:58 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat

[2009/07/29 09:54:12 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2009/07/29 05:26:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/27 02:37:41 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat

[2009/07/27 02:37:41 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat

[2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/07/25 10:30:59 | 00,067,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys

[2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2009/07/20 13:45:24 | 00,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

[2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/07/05 22:55:36 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[2009/07/05 22:09:35 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2009/07/05 07:33:38 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk

[2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll

[2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2009/07/03 13:09:28 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll

[2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll

[2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll

[2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2009/07/03 13:09:23 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll

[2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll

[2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

========== LOP Check ==========

[2009/08/01 08:55:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver

[2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704

[2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar

[2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo

[2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data

[2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead

[2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink

[2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security

[2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux

[2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template

[2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver

[2009/08/01 09:05:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CyberLink

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver

[2009/08/01 09:03:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\CyberLink

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver

[2009/07/28 17:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data

[2009/08/01 20:23:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\monica\Application Data

[2008/12/23 22:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Ahead

[2008/08/21 22:08:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ArcSoft

[2009/01/06 20:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\CyberLink

[2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Foxit

[2008/08/03 20:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Nikon

[2008/11/28 13:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Skinux

[2008/06/02 07:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Template

[2009/07/06 09:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\U3

[2008/07/31 13:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\You've Got Pictures Screensaver

[2004/08/10 13:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data

[2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

[2009/08/02 11:54:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >

[2009/08/02 12:07:50 | 00,000,000 | ---D | M] -- C:

[2009/08/02 10:18:31 | 00,000,000 | -H-D | M] -- C:\Config.Msi

[2009/07/28 21:17:15 | 00,000,000 | ---D | M] -- C:\dell

[2009/07/31 22:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings

[2008/04/09 18:40:08 | 00,000,000 | ---D | M] -- C:\drivers

[2008/06/03 08:43:46 | 00,000,000 | ---D | M] -- C:\i386

[2008/04/19 07:35:44 | 00,000,000 | ---D | M] -- C:\My Music

[2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files

[2009/07/31 22:15:31 | 00,000,000 | -HSD | M] -- C:\RECYCLER

[2009/08/02 12:00:00 | 00,000,000 | ---D | M] -- C:\Rooter$

[2008/06/18 14:22:45 | 00,000,000 | ---D | M] -- C:\swsetup

[2009/08/02 11:51:00 | 00,000,000 | -HSD | M] -- C:\System Volume Information

[2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\temp

[2009/08/02 11:55:49 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >

[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/06/01 09:47:33 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2008/04/19 07:07:40 | 00,006,925 | RH-- | M] () -- C:\dell.sdr

[2009/08/02 11:54:18 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys

[2003/12/08 13:15:56 | 00,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll

[2008/06/01 10:09:46 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1

[2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\IO.SYS

[2008/04/19 07:36:33 | 00,001,211 | -H-- | M] () -- C:\IPH.PH

[2009/08/01 20:54:08 | 00,000,792 | ---- | M] () -- C:\JavaRa.log

[2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/04 05:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/19 19:10:04 | 00,250,048 | RHS- | M] () -- C:\ntldr

[2009/08/02 11:54:17 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys

[2009/08/02 12:02:36 | 00,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-02-36).txt

[2008/04/19 07:36:40 | 00,000,071 | ---- | M] () -- C:\SystemInfo.ini

[2008/06/15 16:01:41 | 00,002,553 | ---- | M] () -- C:\_Sid.txt

< %PROGRAMFILES%\*. >

[2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files

[2009/07/31 21:26:18 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe

[2009/08/01 21:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update

[2009/08/01 20:23:59 | 00,000,000 | ---D | M] -- C:\Program Files\AskBarDis

[2008/12/21 10:18:19 | 00,000,000 | ---D | M] -- C:\Program Files\AskSearch

[2009/07/30 20:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner

[2009/07/31 23:33:02 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

[2004/08/10 13:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2009/07/05 07:29:39 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT

[2009/01/06 20:20:28 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink

[2008/12/20 20:24:19 | 00,000,000 | ---D | M] -- C:\Program Files\Dell

[2008/04/19 07:30:25 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center

[2009/08/02 11:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT

[2008/06/11 09:19:10 | 00,000,000 | ---D | M] -- C:\Program Files\Fisher-Price

[2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Program Files\Foxit Software

[2009/07/27 20:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\Google

[2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard

[2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hp

[2009/07/31 23:34:19 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2009/07/29 05:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2009/08/01 20:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\Java

[2009/07/31 21:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools

[2009/07/20 13:44:53 | 00,000,000 | ---D | M] -- C:\Program Files\Kodak

[2008/08/21 18:31:11 | 00,000,000 | ---D | M] -- C:\Program Files\Linksys EasyLink Advisor

[2009/07/31 22:36:32 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/09/19 19:17:13 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger

[2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2009/03/05 07:46:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2009/06/11 03:02:52 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2008/04/19 07:25:26 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool

[2008/09/19 19:14:04 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2009/08/02 09:56:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2009/03/29 10:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2004/08/10 13:01:16 | 00,000,000 | ---D | M] -- C:\Program Files\MSN

[2004/08/10 13:01:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2008/06/03 07:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2008/04/19 07:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0

[2008/11/24 21:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\Nero

[2008/09/19 19:12:25 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2008/08/03 20:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\Nikon

[2009/08/01 21:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\NOS

[2004/08/10 13:01:34 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services

[2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Program Files\Panda Security

[2008/08/21 22:04:29 | 00,000,000 | ---D | M] -- C:\Program Files\Philips

[2009/06/03 20:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\PhoTags Express

[2009/08/01 21:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2009/03/29 10:11:15 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2009/03/14 11:47:19 | 00,000,000 | R--D | M] -- C:\Program Files\Skype

[2009/08/01 20:01:17 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster

[2008/09/27 07:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\The Rosetta Stone

[2008/07/08 19:31:09 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite

[2008/07/08 19:33:41 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2

[2004/08/10 13:08:30 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2008/10/26 09:45:34 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN

[2008/10/26 18:42:23 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital

[2008/10/26 18:40:56 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies

[2008/10/12 09:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2

[2008/10/13 03:07:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2004/08/10 13:02:52 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2004/08/10 13:04:18 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

[2009/07/30 20:32:11 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %systemroot%\*.exe >

[2008/04/06 21:25:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE

[2008/04/06 21:25:28 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE

[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe

[1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2008/04/06 21:25:36 | 02,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe

[2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

[2008/04/13 20:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe

[2008/04/06 21:25:38 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

[2008/04/06 21:25:40 | 09,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE

[2008/04/06 21:25:40 | 01,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe

[2006/08/02 10:29:04 | 00,077,824 | ---- | M] () -- C:\WINDOWS\setpwr32.exe

[2008/04/06 21:25:42 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe

[2008/04/13 20:12:35 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe

[2008/04/06 21:25:42 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2004/08/04 05:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE

[2004/08/04 05:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe

[2004/08/04 05:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe

[2007/03/20 22:22:04 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroBackItUp.exe

[2007/06/27 20:05:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroMediaHome.exe

[2007/02/28 17:41:02 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroShowTime.exe

[2007/06/26 15:12:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroVision.exe

[2007/04/23 17:42:50 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNRecode.exe

[2004/08/04 05:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe

[2008/04/13 20:12:39 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe

< %systemroot%\system32\drivers\*.exe >

[2005/08/25 19:41:44 | 00,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe

[2005/08/25 19:41:58 | 00,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe

< %systemroot%\system32\drivers\*.dat >

[2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\system32\drivers\APPFCONT.DAT

< %systemroot%\system\*.exe >

< %PROGRAMFILES%\*.* >

< %APPDATA%\*.* >

[2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Bill\Application Data\desktop.ini

[2008/11/05 14:04:20 | 00,000,116 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\wklnhst.dat

< set /c >

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Bill\Application Data

CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=DCK7T3G1

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Bill

LOGONSERVER=\\DCK7T3G1

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Panda Security\Panda Antivirus Pro 2009\;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 127 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=7f02

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Bill\LOCALS~1\Temp

TMP=C:\DOCUME~1\Bill\LOCALS~1\Temp

USERDOMAIN=DCK7T3G1

USERNAME=Bill

USERPROFILE=C:\Documents and Settings\Bill

windir=C:\WINDOWS

__COMPAT_LAYER=EnableNXShowUI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation

< End of report >

-------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 8/2/2009 12:07:58 PM - Run 1

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 75.48% Memory free

3.79 Gb Paging File | 3.43 Gb Available in Paging File | 90.60% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 116.87 Gb Free Space | 78.46% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCK7T3G1

Current User Name: Bill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access

"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- File not found

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- File not found

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- File not found

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found

"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found

"C:\Program Files\Common Files\AOL\1208604908\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1208604908\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()

"C:\WINDOWS\fonts\services.exe" = C:\WINDOWS\fonts\services.exe:*:Enabled:services.exe -- File not found

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant

"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera

"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2EEE18E7-5C87-4506-A7E4-A42A6191B03E}" = Panda Antivirus Pro 2009

"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy

"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security

"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext

"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour

"{5E564EB5-6BE3-4084-BEC0-627D637BBE8C}" = Easy-Link internet launch pad

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}" = Philips VLounge

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects

"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help

"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc

"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director

"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer

"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare

"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition

"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2009

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm

"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations

"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Ask Toolbar_is1" = Foxit Toolbar

"CCleaner" = CCleaner (remove only)

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem

"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1044)

"ERUNT_is1" = ERUNT 1.1j

"Foxit Reader" = Foxit Reader

"HP Photo & Imaging" = HP Image Zone 4.2

"ie8" = Windows Internet Explorer 8

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"jv16 PowerTools_is1" = jv16 PowerTools 1.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"PhoTagsExpress" = PhoTags Express

"Picasa 3" = Picasa 3

"SpywareBlaster_is1" = SpywareBlaster 4.2

"TomTom HOME" = TomTom HOME

"VLC media player" = VLC media player 0.9.2

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/31/2009 5:46:07 PM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1001

Description = Fault bucket 00536409.

Error - 8/1/2009 6:52:26 AM | Computer Name = DCK7T3G1 | Source = Sentinel | ID = 251722432

Description = Unexpected failure scanning file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DON'S

DOWNLOADS\AP09.EXE. If the problem persists, please contact with support.

Error - 8/1/2009 6:52:26 AM | Computer Name = DCK7T3G1 | Source = Sentinel | ID = 251722432

Description = Unexpected failure scanning file C:\WINDOWS\SYSTEM32\NOTEPAD.EXE. If

the problem persists, please contact with support.

Error - 8/1/2009 7:14:43 PM | Computer Name = DCK7T3G1 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 8/1/2009 7:15:07 PM | Computer Name = DCK7T3G1 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 8/1/2009 8:50:34 PM | Computer Name = DCK7T3G1 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 8/2/2009 9:31:20 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1000

Description = Faulting application TPSrv.exe, version 9.0.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x00000000.

Error - 8/2/2009 9:39:35 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1004

Description = Faulting application TPSrv.exe, version 9.0.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x00000000.

Error - 8/2/2009 11:47:56 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1000

Description = Faulting application the_comedian.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/2/2009 11:57:29 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1000

Description = Faulting application easyshare.exe, version 7.0.25.114, faulting module

unknown, version 0.0.0.0, fault address 0x00a404aa.

[ System Events ]

Error - 7/31/2009 10:15:38 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 7/31/2009 10:15:38 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 7/31/2009 10:17:21 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/31/2009 10:18:50 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/31/2009 10:21:39 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/31/2009 10:24:35 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/31/2009 10:46:15 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7034

Description = The sopidkc Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 8/1/2009 6:44:45 AM | Computer Name = DCK7T3G1 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 001EC9755754 has been denied by the DHCP server 192.168.254.254 (The DHCP

Server sent a DHCPNACK message).

Error - 8/2/2009 9:31:48 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7034

Description = The Panda TPSrv service terminated unexpectedly. It has done this

1 time(s).

Error - 8/2/2009 9:40:44 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7022

Description = The Panda On-Access Anti-Malware Service service hung on starting.

< End of report >

Monica's account

Malwarebytes' Anti-Malware 1.39

Database version: 2506

Windows 5.1.2600 Service Pack 3

8/1/2009 6:18:52 PM

mbam-log-2009-08-01 (18-18-52).txt

Scan type: Quick Scan

Objects scanned: 109898

Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------------------------------------------------------------------------

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP Home Edition (5.1.2600) Service Pack 3

[32_bits] - x86 Family 15 Model 127 Stepping 2, AuthenticAMD

.

[wscsvc] (Security Center) RUNNING (state:4)

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Disabled !

.

Internet Explorer 8.0.6001.18702

Mozilla Firefox 3.5.1 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:148 Go - Free:116 Go )

D:\ [CD_Rom]

.

Scan : 12:29.42

Path : C:\Documents and Settings\monica\Desktop\Rooter.exe

User : monica ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (916)

______ \??\C:\WINDOWS\system32\csrss.exe (1020)

______ \??\C:\WINDOWS\system32\winlogon.exe (1044)

______ C:\WINDOWS\system32\services.exe (1088)

______ C:\WINDOWS\system32\lsass.exe (1100)

______ C:\WINDOWS\system32\svchost.exe (1264)

______ C:\WINDOWS\system32\svchost.exe (1324)

______ C:\WINDOWS\system32\svchost.exe (1444)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (1472)

______ C:\WINDOWS\system32\svchost.exe (1552)

______ C:\WINDOWS\system32\svchost.exe (876)

______ C:\WINDOWS\system32\spoolsv.exe (284)

______ C:\WINDOWS\system32\svchost.exe (764)

______ C:\WINDOWS\system32\svchost.exe (1456)

______ C:\Program Files\Java\jre6\bin\jqs.exe (1980)

______ C:\WINDOWS\system32\nvsvc32.exe (440)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (1104)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (1780)

______ C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (296)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (124)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (1880)

______ C:\Program Files\CyberLink\Shared files\RichVideo.exe (308)

______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (1700)

______ C:\WINDOWS\system32\svchost.exe (392)

______ C:\WINDOWS\system32\fxssvc.exe (1672)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (108)

______ C:\WINDOWS\Explorer.EXE (988)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (492)

______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (3204)

______ C:\WINDOWS\RTHDCPL.EXE (3996)

______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3196)

______ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (3212)

______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (3872)

______ C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (152)

______ C:\WINDOWS\System32\drivers\PhiBtn.exe (1224)

______ C:\WINDOWS\system32\RUNDLL32.EXE (2208)

______ C:\Program Files\Java\jre6\bin\jusched.exe (2584)

______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (2472)

______ C:\WINDOWS\system32\ctfmon.exe (3432)

______ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe (692)

______ C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (3624)

______ C:\WINDOWS\system32\wuauclt.exe (3272)

______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (2596)

______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3408)

______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2916)

______ C:\WINDOWS\System32\alg.exe (4004)

______ C:\WINDOWS\system32\wscntfy.exe (2232)

______ C:\Documents and Settings\monica\Desktop\Rooter.exe (2164)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)

\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:159948794880)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\EasyShare Registration Task.job

C:\WINDOWS\Tasks\SA.DAT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 12:29.51

.

C:\Rooter$\Rooter_2.txt - (02/08/2009 | 12:29.51)

------------------------------------------------------------------

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/02 12:30

Program Version: Version 1.3.3.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: av5flt.sys

Image Path: C:\WINDOWS\system32\drivers\av5flt.sys

Address: 0xB4B12000 Size: 92544 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB6215000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA5D6000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PavSRK.sys

Image Path: C:\WINDOWS\system32\PavSRK.sys

Address: 0xBA470000 Size: 32768 File Visible: No Signed: -

Status: -

Name: PavTPK.sys

Image Path: C:\WINDOWS\system32\PavTPK.sys

Address: 0xB6296000 Size: 49152 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB57BA000 Size: 49152 File Visible: No Signed: -

Status: -

SSDT

-------------------

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb5748a30

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb5747e50

Hidden Services

-------------------

Service Name: vsfocedsyafrmm

Image Path: C:\WINDOWS\system32\drivers\vsfocexpnfvaql.sys

Service Name: vsfocetymovrod

Image Path: C:\WINDOWS\system32\drivers\vsfoceulqjnogt.sys

==EOF==

------------------------------------------------------------------------

OTL logfile created on: 8/2/2009 12:32:49 PM - Run 2

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\monica\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 75.07% Memory free

3.79 Gb Paging File | 3.43 Gb Available in Paging File | 90.54% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 116.84 Gb Free Space | 78.44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCK7T3G1

Current User Name: monica

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\monica\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (APPFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\APPFLT.SYS (Panda Security, S.L.)

DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AvFlt [On_Demand | Running]) -- File not found

DRV - (camvid40 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\camdrv41.sys (Philips Consumer Electronics)

DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (ComFiltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys ()

DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (DSAFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\DSAFLT.SYS (Panda Security, S.L.)

DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (FNETMON [system | Running]) -- C:\WINDOWS\System32\Drivers\fnetmon.SYS (Panda Security, S.L.)

DRV - (GoProto [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\goprot51.sys (Gteko Ltd.)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (IDSFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\IDSFLT.SYS (Panda Security, S.L.)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (NETFLTDI [system | Running]) -- C:\WINDOWS\System32\Drivers\NETFLTDI.SYS (Panda Security, S.L.)

DRV - (NETIMFLT01060034 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\neti1634.sys (Panda Security, S.L.)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)

DRV - (pavboot [boot | Running]) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.)

DRV - (PAVDRV [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\pavdrv51.sys (Panda Security, S.L.)

DRV - (PavProc [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\PavProc.sys (Panda Security, S.L.)

DRV - (PavSRK.sys [On_Demand | Running]) -- File not found

DRV - (PavTPK.sys [On_Demand | Running]) -- File not found

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (ShldDrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys (Panda Security, S.L.)

DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (WNMFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS (Panda Security, S.L.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\S-1-5-21-1216478575-1639340339-3823283540-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M]

[2008/10/26 09:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Extensions

[2008/10/26 09:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/01 21:08:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Firefox\Profiles\wb83bw4w.default\extensions

[2009/07/29 09:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Firefox\Profiles\wb83bw4w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

O4 - HKLM..\Run: [HP Component Manager] c:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\System32\drivers\Tray900.exe (Philips)

O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()

O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class)

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found

O33 - MountPoints2\{bcbfec60-69ce-11de-8855-001ec9755754}\Shell - "" = AutoRun

O33 - MountPoints2\{bcbfec60-69ce-11de-8855-001ec9755754}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{bcbfec60-69ce-11de-8855-001ec9755754}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

NetSvcs: msncache - Service key not found. File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: PskSvcRetail - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/08/02 12:30:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\settings.dat

[2009/08/02 12:20:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 12:20:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\NTREGOPT.lnk

[2009/08/02 12:20:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\ERUNT.lnk

[2009/08/02 12:16:14 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\BestTechie OTL.doc

[2009/08/02 12:14:41 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\monica\Desktop\RootRepeal.exe

[2009/08/02 12:14:09 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\TFC.exe

[2009/08/02 12:14:09 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\monica\Desktop\Rooter.exe

[2009/08/02 12:14:08 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\The_Comedian.exe

[2009/08/02 12:14:08 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe

[2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 21:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\Apple

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/08/01 20:58:05 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/01 20:51:00 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/08/01 20:51:00 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/08/01 20:51:00 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\Foxit

[2009/08/01 20:00:43 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\SpywareBlaster.lnk

[2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2009/08/01 19:18:27 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/08/01 18:14:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\Malwarebytes

[2009/08/01 09:47:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\Panda Security

[2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys

[2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys

[2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys

[2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS

[2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS

[2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys

[2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys

[2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl

[2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll

[2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll

[2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys

[2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll

[2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL

[2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll

[2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll

[2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys

[2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys

[2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security

[2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/31 22:25:18 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools

[2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads

[2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\Yahoo!

[2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2009/07/30 20:32:05 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\CCleaner.lnk

[2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/07/30 20:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\My Documents\Downloads

[2009/07/29 05:25:10 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/07/29 05:25:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/07/28 21:16:02 | 00,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\monica\My Documents\R92578.EXE

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys

[2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys

[2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys

[2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/27 14:19:43 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat

[2009/07/27 14:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\14899704

[2009/07/27 14:09:38 | 00,024,130 | ---- | C] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat

[2009/07/27 14:09:37 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys

[2009/07/26 19:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\2000-01 (Jan)

[2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/07/24 12:21:45 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat

[2009/07/24 12:11:38 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat

[2009/07/24 12:11:35 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys

[2009/07/20 13:45:24 | 00,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

[2009/07/20 13:44:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\BWKDLogs

[2009/07/05 22:51:25 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[2009/07/05 21:48:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\U3

[2009/07/05 21:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\My Documents\Adobe Photoshop 7.0_for PC_with serial

[2009/07/05 07:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\Dell

[2009/07/05 07:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT

[2009/03/05 07:51:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/12/20 20:19:31 | 00,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008/08/24 11:51:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/08/21 22:04:45 | 00,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll

[2008/08/21 22:04:45 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll

[2008/08/03 21:17:01 | 00,000,188 | ---- | C] () -- C:\WINDOWS\ViewNX.INI

[2008/07/08 14:40:14 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/06/01 10:06:22 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2008/04/19 07:40:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/19 07:05:47 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/04/19 07:05:46 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/04/19 07:05:46 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008/04/19 07:05:45 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/04/19 07:05:45 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008/04/19 07:04:20 | 00,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/02 12:30:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\settings.dat

[2009/08/02 12:27:11 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck

[2009/08/02 12:27:11 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg

[2009/08/02 12:27:10 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck

[2009/08/02 12:27:10 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg

[2009/08/02 12:27:10 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck

[2009/08/02 12:27:10 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg

[2009/08/02 12:27:09 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck

[2009/08/02 12:27:09 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg

[2009/08/02 12:27:08 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/02 12:27:08 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/02 12:27:08 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck

[2009/08/02 12:27:08 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt

[2009/08/02 12:26:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck

[2009/08/02 12:26:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg

[2009/08/02 12:26:20 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck

[2009/08/02 12:26:20 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt

[2009/08/02 12:26:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/08/02 12:25:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/02 12:25:57 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/02 12:20:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 12:20:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\NTREGOPT.lnk

[2009/08/02 12:20:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\ERUNT.lnk

[2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe

[2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\monica\Desktop\Rooter.exe

[2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\TFC.exe

[2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\The_Comedian.exe

[2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\BestTechie OTL.doc

[2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 20:58:05 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/08/01 20:50:48 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/08/01 20:50:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 20:00:43 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\SpywareBlaster.lnk

[2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls

[2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/07/31 23:35:49 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/07/30 20:32:05 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\CCleaner.lnk

[2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\monica\Desktop\RootRepeal.exe

[2009/07/29 18:16:04 | 00,065,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys

[2009/07/29 17:09:58 | 00,024,130 | ---- | M] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat

[2009/07/29 17:09:58 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat

[2009/07/29 09:54:12 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2009/07/29 05:26:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/28 21:16:09 | 00,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\monica\My Documents\R92578.EXE

[2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/27 02:37:41 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat

[2009/07/27 02:37:41 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat

[2009/07/26 10:27:18 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/07/25 10:30:59 | 00,067,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys

[2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2009/07/20 13:45:24 | 00,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

[2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/07/05 22:55:36 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[2009/07/05 22:09:35 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2009/07/05 07:33:38 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk

[2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll

[2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2009/07/03 13:09:28 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll

[2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll

[2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll

[2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2009/07/03 13:09:23 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll

[2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll

[2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

========== LOP Check ==========

[2009/08/01 08:55:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver

[2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704

[2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar

[2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo

[2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data

[2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead

[2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink

[2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security

[2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux

[2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template

[2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver

[2009/08/01 09:05:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CyberLink

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver

[2009/08/01 09:03:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\CyberLink

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver

[2009/07/28 17:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data

[2009/08/01 20:23:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\monica\Application Data

[2008/12/23 22:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Ahead

[2008/08/21 22:08:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ArcSoft

[2009/01/06 20:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\CyberLink

[2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Foxit

[2008/08/03 20:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Nikon

[2008/11/28 13:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Skinux

[2008/06/02 07:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Template

[2009/07/06 09:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\U3

[2008/07/31 13:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\You've Got Pictures Screensaver

[2004/08/10 13:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data

[2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

[2009/08/02 12:26:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >

[2009/08/02 12:32:22 | 00,000,000 | ---D | M] -- C:

[2009/08/02 10:18:31 | 00,000,000 | -H-D | M] -- C:\Config.Msi

[2009/07/28 21:17:15 | 00,000,000 | ---D | M] -- C:\dell

[2009/07/31 22:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings

[2008/04/09 18:40:08 | 00,000,000 | ---D | M] -- C:\drivers

[2008/06/03 08:43:46 | 00,000,000 | ---D | M] -- C:\i386

[2008/04/19 07:35:44 | 00,000,000 | ---D | M] -- C:\My Music

[2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files

[2009/07/31 22:15:31 | 00,000,000 | -HSD | M] -- C:\RECYCLER

[2009/08/02 12:29:51 | 00,000,000 | ---D | M] -- C:\Rooter$

[2008/06/18 14:22:45 | 00,000,000 | ---D | M] -- C:\swsetup

[2009/08/02 11:51:00 | 00,000,000 | -HSD | M] -- C:\System Volume Information

[2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\temp

[2009/08/02 12:27:24 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >

[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/06/01 09:47:33 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2008/04/19 07:07:40 | 00,006,925 | RH-- | M] () -- C:\dell.sdr

[2009/08/02 12:25:57 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys

[2003/12/08 13:15:56 | 00,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll

[2008/06/01 10:09:46 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1

[2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\IO.SYS

[2008/04/19 07:36:33 | 00,001,211 | -H-- | M] () -- C:\IPH.PH

[2009/08/01 20:54:08 | 00,000,792 | ---- | M] () -- C:\JavaRa.log

[2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/04 05:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/19 19:10:04 | 00,250,048 | RHS- | M] () -- C:\ntldr

[2009/08/02 12:25:56 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys

[2009/08/02 12:02:36 | 00,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-02-36).txt

[2009/08/02 12:31:01 | 00,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-31-01).txt

[2008/04/19 07:36:40 | 00,000,071 | ---- | M] () -- C:\SystemInfo.ini

[2008/06/15 16:01:41 | 00,002,553 | ---- | M] () -- C:\_Sid.txt

< %PROGRAMFILES%\*. >

[2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files

[2009/07/31 21:26:18 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe

[2009/08/01 21:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update

[2009/08/01 20:23:59 | 00,000,000 | ---D | M] -- C:\Program Files\AskBarDis

[2008/12/21 10:18:19 | 00,000,000 | ---D | M] -- C:\Program Files\AskSearch

[2009/07/30 20:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner

[2009/07/31 23:33:02 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

[2004/08/10 13:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2009/07/05 07:29:39 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT

[2009/01/06 20:20:28 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink

[2008/12/20 20:24:19 | 00,000,000 | ---D | M] -- C:\Program Files\Dell

[2008/04/19 07:30:25 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center

[2009/08/02 12:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT

[2008/06/11 09:19:10 | 00,000,000 | ---D | M] -- C:\Program Files\Fisher-Price

[2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Program Files\Foxit Software

[2009/07/27 20:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\Google

[2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard

[2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hp

[2009/07/31 23:34:19 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2009/07/29 05:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2009/08/01 20:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\Java

[2009/07/31 21:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools

[2009/07/20 13:44:53 | 00,000,000 | ---D | M] -- C:\Program Files\Kodak

[2008/08/21 18:31:11 | 00,000,000 | ---D | M] -- C:\Program Files\Linksys EasyLink Advisor

[2009/07/31 22:36:32 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/09/19 19:17:13 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger

[2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2009/03/05 07:46:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2009/06/11 03:02:52 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2008/04/19 07:25:26 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool

[2008/09/19 19:14:04 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2009/08/02 09:56:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2009/03/29 10:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2004/08/10 13:01:16 | 00,000,000 | ---D | M] -- C:\Program Files\MSN

[2004/08/10 13:01:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2008/06/03 07:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2008/04/19 07:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0

[2008/11/24 21:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\Nero

[2008/09/19 19:12:25 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2008/08/03 20:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\Nikon

[2009/08/01 21:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\NOS

[2004/08/10 13:01:34 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services

[2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Program Files\Panda Security

[2008/08/21 22:04:29 | 00,000,000 | ---D | M] -- C:\Program Files\Philips

[2009/06/03 20:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\PhoTags Express

[2009/08/01 21:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2009/03/29 10:11:15 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2009/03/14 11:47:19 | 00,000,000 | R--D | M] -- C:\Program Files\Skype

[2009/08/01 20:01:17 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster

[2008/09/27 07:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\The Rosetta Stone

[2008/07/08 19:31:09 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite

[2008/07/08 19:33:41 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2

[2004/08/10 13:08:30 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2008/10/26 09:45:34 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN

[2008/10/26 18:42:23 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital

[2008/10/26 18:40:56 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies

[2008/10/12 09:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2

[2008/10/13 03:07:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2004/08/10 13:02:52 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2004/08/10 13:04:18 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

[2009/07/30 20:32:11 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %systemroot%\*.exe >

[2008/04/06 21:25:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE

[2008/04/06 21:25:28 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE

[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe

[1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2008/04/06 21:25:36 | 02,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe

[2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

[2008/04/13 20:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe

[2008/04/06 21:25:38 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

[2008/04/06 21:25:40 | 09,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE

[2008/04/06 21:25:40 | 01,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe

[2006/08/02 10:29:04 | 00,077,824 | ---- | M] () -- C:\WINDOWS\setpwr32.exe

[2008/04/06 21:25:42 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe

[2008/04/13 20:12:35 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe

[2008/04/06 21:25:42 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2004/08/04 05:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE

[2004/08/04 05:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe

[2004/08/04 05:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe

[2007/03/20 22:22:04 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroBackItUp.exe

[2007/06/27 20:05:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroMediaHome.exe

[2007/02/28 17:41:02 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroShowTime.exe

[2007/06/26 15:12:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroVision.exe

[2007/04/23 17:42:50 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNRecode.exe

[2004/08/04 05:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe

[2008/04/13 20:12:39 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe

< %systemroot%\system32\drivers\*.exe >

[2005/08/25 19:41:44 | 00,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe

[2005/08/25 19:41:58 | 00,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe

< %systemroot%\system32\drivers\*.dat >

[2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\system32\drivers\APPFCONT.DAT

< %systemroot%\system\*.exe >

< %PROGRAMFILES%\*.* >

< %APPDATA%\*.* >

[2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\monica\Application Data\desktop.ini

[2008/08/03 20:13:54 | 00,000,268 | RH-- | M] () -- C:\Documents and Settings\monica\Application Data\Templates

[2008/08/03 20:21:43 | 00,000,268 | RH-- | M] () -- C:\Documents and Settings\monica\Application Data\Themes

[2008/06/02 07:53:59 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\wklnhst.dat

< set /c >

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\monica\Application Data

CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=DCK7T3G1

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\monica

LOGONSERVER=\\DCK7T3G1

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Panda Security\Panda Antivirus Pro 2009\;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 127 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=7f02

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\monica\LOCALS~1\Temp

TMP=C:\DOCUME~1\monica\LOCALS~1\Temp

USERDOMAIN=DCK7T3G1

USERNAME=monica

USERPROFILE=C:\Documents and Settings\monica

windir=C:\WINDOWS

__COMPAT_LAYER=EnableNXShowUI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation

< End of report >

-------------------------------------------------------------------------------------

No Extra.txt created

Link to post
Share on other sites

As suggested here is the ComboFix log.

ComboFix 09-08-04.02 - Bill 08/04/2009 18:20.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1352 [GMT -4:00]

Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe

AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Panda Personal Firewall 2009 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Bill\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk

c:\documents and settings\All Users\Desktop\PhoTags Express .lnk

c:\documents and settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk

c:\documents and settings\Bill\Local Settings\Temp\IadHide5.dll

c:\documents and settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk

c:\documents and settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk

c:\documents and settings\monica\Favorites\Digestive Wellness for Children How ... - Google Books.url

c:\documents and settings\monica\Favorites\The Gluten-free Gourmet Makes ... - Google Books.url

c:\program files\AskSearch\bin\DefaultSearch.dll

c:\windows\Fonts\mlog

c:\windows\Install.txt

c:\windows\Installer\1e1c3a13.msi

c:\windows\Installer\9098845.msi

c:\windows\system32\drivers\vsfoceulqjnogt.sys

c:\windows\system32\drivers\vsfocexpnfvaql.sys

c:\windows\system32\Install.txt

c:\windows\system32\vsfocehjiydjso.dat

c:\windows\system32\vsfocektukqpdb.dat

c:\windows\system32\vsfoceraigpioj.dat

c:\windows\system32\vsfocetyijetjc.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_IAS

-------\Legacy_MSNCACHE

-------\Legacy_SOPIDKC

-------\Service_vsfocedsyafrmm

-------\Service_vsfocetymovrod

((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))

.

2009-08-02 16:00 . 2009-08-02 16:29 -------- d-----w- C:\Rooter$

2009-08-02 15:49 . 2009-08-02 16:20 -------- d-----w- c:\program files\ERUNT

2009-08-02 13:36 . 2009-08-02 13:36 -------- d-----w- c:\documents and settings\Bill\Application Data\Yahoo!

2009-08-02 01:20 . 2009-08-02 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-08-02 01:20 . 2009-08-02 01:31 -------- d-----w- c:\program files\NOS

2009-08-02 01:13 . 2009-08-02 01:14 -------- d-----w- c:\program files\QuickTime

2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\documents and settings\monica\Local Settings\Application Data\Apple

2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\program files\Apple Software Update

2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-08-02 00:51 . 2009-08-02 00:50 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-08-02 00:50 . 2009-08-02 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-08-02 00:50 . 2009-08-02 00:50 152576 ----a-w- c:\documents and settings\monica\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-08-02 00:23 . 2009-08-02 00:23 -------- d-----w- c:\program files\Foxit Software

2009-08-02 00:23 . 2009-08-02 00:23 -------- d-----w- c:\documents and settings\monica\Application Data\Foxit

2009-08-02 00:00 . 2009-08-02 00:01 -------- d-----w- c:\program files\SpywareBlaster

2009-08-01 23:15 . 2009-08-02 14:18 -------- dc----w- c:\windows\system32\DRVSTORE

2009-08-01 23:14 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-01 22:14 . 2009-08-01 22:14 -------- d-----w- c:\documents and settings\monica\Application Data\Malwarebytes

2009-08-01 13:47 . 2009-08-01 13:47 -------- d-----w- c:\documents and settings\monica\Local Settings\Application Data\Panda Security

2009-08-01 11:15 . 2009-08-04 22:07 239860 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2009-08-01 11:15 . 2008-06-18 20:06 46720 ----a-w- c:\windows\system32\drivers\wnmflt.sys

2009-08-01 11:15 . 2008-06-18 20:06 193792 ----a-w- c:\windows\system32\drivers\idsflt.sys

2009-08-01 11:15 . 2008-06-18 20:06 52992 ----a-w- c:\windows\system32\drivers\dsaflt.sys

2009-08-01 11:15 . 2008-07-11 18:58 158848 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS

2009-08-01 11:15 . 2008-06-25 19:42 73728 ----a-w- c:\windows\system32\drivers\APPFLT.SYS

2009-08-01 11:15 . 2008-03-28 15:25 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys

2009-08-01 03:35 . 2009-08-02 13:31 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys

2009-08-01 03:35 . 2009-08-01 03:35 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Panda Security

2009-08-01 03:33 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-08-01 03:33 . 2009-08-01 03:33 -------- d-----w- c:\program files\Common Files\Panda Security

2009-08-01 03:33 . 2008-03-04 19:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys

2009-08-01 03:33 . 2008-02-07 16:03 179640 ----a-w- c:\windows\system32\drivers\PavProc.sys

2009-08-01 02:36 . 2009-08-01 02:36 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes

2009-08-01 02:36 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-01 02:36 . 2009-08-01 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-01 02:36 . 2009-08-01 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-01 02:36 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-01 01:49 . 2009-08-01 01:49 -------- d-----w- c:\program files\jv16 PowerTools

2009-07-31 00:32 . 2009-08-02 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-07-31 00:32 . 2009-07-31 00:32 -------- d-----w- c:\documents and settings\monica\Application Data\Yahoo!

2009-07-31 00:32 . 2009-07-31 00:32 -------- d-----w- c:\program files\Yahoo!

2009-07-31 00:32 . 2009-07-31 00:32 -------- d-----w- c:\program files\CCleaner

2009-07-29 09:25 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2009-07-29 09:25 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-07-28 21:25 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2009-07-28 21:25 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2009-07-28 21:22 . 2009-07-28 21:22 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys

2009-07-28 21:22 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys

2009-07-28 21:22 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys

2009-07-28 21:22 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys

2009-07-28 21:17 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-07-27 18:33 . 2009-07-27 18:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-07-27 18:10 . 2009-07-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\14899704

2009-07-26 13:39 . 2009-08-01 13:02 17828326 ----a-w- c:\documents and settings\All Users\Application Data\vlc-1.0.0-win32.exe

2009-07-25 06:21 . 2009-07-25 06:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-07-20 17:44 . 2009-07-20 17:44 -------- d-----w- c:\windows\system32\BWKDLogs

2009-07-20 17:44 . 2009-07-20 17:44 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe

2009-07-20 17:43 . 2009-07-20 17:43 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_14b2ea7\EasyShrx.Dll

2009-07-20 17:43 . 2008-11-28 13:50 2258312 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_14b2ea7\Setup.exe

2009-07-20 17:43 . 2009-07-20 17:43 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll

2009-07-06 13:42 . 2006-05-24 17:36 110592 ----a-w- c:\documents and settings\monica\Application Data\U3\temp\cleanup.exe

2009-07-06 01:48 . 2009-07-06 13:42 -------- d-----w- c:\documents and settings\monica\Application Data\U3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-04 22:30 . 2008-08-19 09:33 -------- d-----w- c:\documents and settings\Bill\Application Data\Skype

2009-08-04 22:27 . 2008-08-21 22:30 -------- d-----w- c:\program files\Linksys EasyLink Advisor

2009-08-04 22:26 . 2009-08-01 11:15 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-08-04 22:26 . 2009-08-01 11:15 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG

2009-08-04 22:07 . 2009-08-01 11:15 239860 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-08-02 18:14 . 2008-08-19 22:30 -------- d-----w- c:\documents and settings\monica\Application Data\Skype

2009-08-02 00:54 . 2008-04-19 11:23 -------- d-----w- c:\program files\Java

2009-08-02 00:23 . 2008-12-21 14:18 -------- d-----w- c:\program files\AskBarDis

2009-08-01 12:58 . 2009-01-07 00:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe

2009-08-01 03:34 . 2009-08-01 03:34 249 ----a-w- c:\windows\system32\PavCPL.dat

2009-08-01 03:34 . 2009-08-01 03:34 -------- d-----w- c:\program files\Panda Security

2009-08-01 03:34 . 2009-08-01 03:34 -------- d-----w- c:\documents and settings\Bill\Application Data\Panda Security

2009-08-01 03:34 . 2009-08-01 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security

2009-08-01 03:34 . 2008-04-19 11:25 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-01 02:22 . 2009-08-01 02:14 42096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-30 11:52 . 2008-10-26 22:59 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo

2009-07-28 00:54 . 2008-04-19 11:28 -------- d-----w- c:\program files\Google

2009-07-20 17:44 . 2008-11-28 13:52 -------- d-----w- c:\program files\Kodak

2009-07-06 02:50 . 2008-04-19 11:28 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-05 11:29 . 2009-07-05 11:29 -------- d-----w- c:\program files\CONEXANT

2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-11 07:02 . 2008-04-19 11:30 -------- d-----w- c:\program files\Microsoft Works

2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-05-07 15:32 . 2004-08-10 16:51 345600 ----a-w- c:\windows\system32\localspl.dll

2009-07-15 20:30 . 2009-07-28 21:14 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-07 24095528]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-08-29 487424]

"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]

"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]

"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]

"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-07 16859648]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-07 1626112]

c:\documents and settings\monica\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

c:\documents and settings\Bill\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-5 113664]

HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]

KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2009-6-3 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 20:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1700:TCP"= 1700:TCP:MioNet Remote Drive Access

"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [7/31/2009 11:33 PM 28544]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [8/1/2009 7:15 AM 73728]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [8/1/2009 7:15 AM 52992]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [8/1/2009 7:15 AM 22072]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [8/1/2009 7:15 AM 193792]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [8/1/2009 7:15 AM 158848]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [7/31/2009 11:33 PM 41144]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [8/1/2009 7:15 AM 46720]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [7/31/2009 11:33 PM 179640]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [7/31/2009 11:34 PM 28928]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [7/31/2009 11:34 PM 197888]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [8/21/2008 10:04 PM 1240576]

S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [7/31/2009 11:35 PM 13880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-OE - c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.auctionsinternational.com/

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: rbrooks.com\project

DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxps://project.rbrooks.com/ProjectServer/objects/pjclient.cab

DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxps://project.rbrooks.com/ProjectServer/objects/1033/pjcintl.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\789pe03b.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-04 18:27

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)

c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(2924)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe

c:\program files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe

c:\program files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXE

c:\program files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

c:\windows\system32\fxssvc.exe

c:\program files\Panda Security\Panda Antivirus Pro 2009\FIREWALL\PSHost.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\Hp\Digital Imaging\bin\hpqgalry.exe

.

**************************************************************************

.

Completion time: 2009-08-04 18:31 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-04 22:31

Pre-Run: 125,244,215,296 bytes free

Post-Run: 125,124,231,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

381 --- E O F --- 2009-07-29 20:58

Link to post
Share on other sites

sorry I've been away, busy week

who suggested combofix ?

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O33 - MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
    O33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
    NetSvcs: msncache - Service key not found. File not found
    [2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704


    :Services

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\fonts\services.exe"=-
    :Files

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again, paste NetSvcs under Custom Scan and click the Quick Scan button. Post the log it produces in your next reply.

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\WINDOWS\system32\svchost.exe

    [*]Click on the Upload button

    [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

Link to post
Share on other sites

Rock, Jeff and Matt suggested ComboFix. Here's the new logs.

All processes killed

Error: Unable to interpret <OTL> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found> in the current context!

Error: Unable to interpret <NetSvcs: msncache - Service key not found. File not found> in the current context!

Error: Unable to interpret <[2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704> in the current context!

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\fonts\services.exe not found.

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bill

->Temp folder emptied: 614608 bytes

File delete failed. C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 8422626 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 32152879 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32969 bytes

User: monica

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

File delete failed. C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_0 scheduled to be deleted on reboot.

Windows Temp folder emptied: 10518528 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.34 mb

OTL by OldTimer - Version 3.0.10.4 log created on 08052009_091803

Files\Folders moved on Reboot...

C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_0 moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 8/5/2009 9:27:41 AM - Run 3

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 74.75% Memory free

3.79 Gb Paging File | 3.42 Gb Available in Paging File | 90.39% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 116.55 Gb Free Space | 78.24% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCK7T3G1

Current User Name: Bill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

PRC - C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe (Panda Security, S.L.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.auctionsinternational.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M]

[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions

[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008/07/08 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\[email protected]

[2009/08/02 09:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions

[2009/07/29 05:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/12/25 19:02:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\FireFox\Profiles\789pe03b.default\searchplugins\ask.xml

[2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.)

O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: rbrooks.com ([project] https in Trusted sites)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class)

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/05 09:18:03 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/08/05 09:17:13 | 00,000,108 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url

[2009/08/05 09:08:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/08/04 18:31:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/08/04 18:16:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/08/04 18:16:55 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/08/04 18:16:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/08/04 18:16:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/08/04 18:16:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/08/04 18:16:55 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/08/04 18:16:55 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/08/04 18:16:55 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/08/04 18:16:37 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/08/04 18:16:34 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/08/04 18:16:10 | 03,155,496 | R--- | C] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe

[2009/08/02 12:01:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat

[2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/08/02 11:49:29 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 11:49:24 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk

[2009/08/02 11:49:24 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk

[2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/08/02 11:39:05 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe

[2009/08/02 11:36:54 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe

[2009/08/02 11:36:45 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe

[2009/08/02 11:36:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe

[2009/08/02 11:36:40 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe

[2009/08/02 11:29:39 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc

[2009/08/02 09:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Yahoo!

[2009/08/02 09:34:37 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/02 09:34:03 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk

[2009/08/02 09:33:41 | 00,001,560 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/08/01 07:15:38 | 00,239,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/01 07:15:38 | 00,239,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys

[2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys

[2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys

[2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS

[2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS

[2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys

[2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/07/31 23:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Panda Security

[2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys

[2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl

[2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll

[2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll

[2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys

[2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll

[2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL

[2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll

[2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll

[2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Panda Security

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys

[2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys

[2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security

[2009/07/31 22:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes

[2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/31 22:25:18 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools

[2009/07/31 21:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\CCleaner backup

[2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads

[2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys

[2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys

[2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys

[2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/27 14:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\14899704

[2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

========== Files - Modified Within 14 Days ==========

[2009/08/05 09:23:33 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck

[2009/08/05 09:23:33 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg

[2009/08/05 09:23:32 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/05 09:23:32 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/05 09:23:32 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck

[2009/08/05 09:23:32 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg

[2009/08/05 09:23:32 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck

[2009/08/05 09:23:32 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt

[2009/08/05 09:23:32 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck

[2009/08/05 09:23:32 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg

[2009/08/05 09:23:32 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck

[2009/08/05 09:23:32 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg

[2009/08/05 09:23:23 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck

[2009/08/05 09:23:23 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt

[2009/08/05 09:23:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck

[2009/08/05 09:23:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg

[2009/08/05 09:22:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/08/05 09:22:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/05 09:22:40 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/05 09:17:13 | 00,000,108 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url

[2009/08/05 09:12:30 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/08/05 09:12:28 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/08/05 09:12:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/08/04 18:26:38 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/08/04 18:14:03 | 03,155,496 | R--- | M] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe

[2009/08/04 18:07:09 | 00,239,860 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/04 18:07:09 | 00,239,860 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/04 18:01:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/08/02 12:01:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat

[2009/08/02 11:49:29 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 11:49:24 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk

[2009/08/02 11:49:24 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk

[2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe

[2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe

[2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe

[2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe

[2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc

[2009/08/02 09:34:37 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/02 09:34:03 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk

[2009/08/02 09:33:41 | 00,001,560 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk

[2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls

[2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe

[2009/07/29 09:54:12 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== LOP Check ==========

[2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704

[2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar

[2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo

[2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data

[2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead

[2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink

[2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security

[2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux

[2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template

[2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/08/05 09:22:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation

< End of report >

VirSCAN.org Scanned Report :

Scanned time : 2009/08/05 09:58:50 (EDT)

Scanner results: All Scanners reported not find malware!

File Name : svchost.exe

File Size : 14336 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18

SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667

Online report : http://virscan.org/report/e7b3f20fa50548c8...69d131e8f8.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.3 20090803230129 2009-08-03 0.35 -

AhnLab V3 2009.08.03.08 2009.08.03 2009-08-03 0.77 -

AntiVir 8.2.0.240 7.1.5.75 2009-08-05 0.14 -

Antiy 2.0.18 20090804.2672262 2009-08-04 0.23 -

Arcavir 2009 200908050752 2009-08-05 0.03 -

Authentium 5.1.1 200908042144 2009-08-04 1.37 -

AVAST! 4.7.4 090805-0 2009-08-05 0.00 -

AVG 8.5.288 270.13.44/2283 2009-08-05 0.35 -

BitDefender 7.81008.3833772 7.27008 2009-08-05 3.45 -

CA (VET) 9.0.0.143 31.6.6658 2009-08-05 12.35 -

ClamAV 0.95.2 9655 2009-08-05 0.01 -

Comodo 3.10 1874 2009-08-05 0.78 -

CP Secure 1.1.0.715 2009.08.05 2009-08-05 11.81 -

Dr.Web 4.44.0.9170 2009.08.05 2009-08-05 5.06 -

F-Prot 4.4.4.56 20090804 2009-08-04 1.31 -

F-Secure 7.02.73807 2009.07.29.10 2009-07-29 0.04 -

Fortinet 2.81-3.120 10.681 2009-08-05 0.90 -

GData 19.6884/19.427 20090805 2009-08-05 6.35 -

ViRobot 20090730 2009.07.30 2009-07-30 0.59 -

Ikarus T3.1.01.64 2009.08.05.73162 2009-08-05 3.19 -

JiangMin 11.0.800 2009.08.05 2009-08-05 8.36 -

Kaspersky 5.5.10 2009.08.05 2009-08-05 0.06 -

KingSoft 2009.2.5.15 2009.8.5.18 2009-08-05 0.61 -

McAfee 5.3.00 5698 2009-08-04 3.00 -

Microsoft 1.4903 2009.08.05 2009-08-05 7.58 -

Norman 6.01.09 6.01.00 2009-08-04 4.01 -

Panda 9.05.01 2009.08.04 2009-08-04 2.77 -

Trend Micro 8.700-1004 6.344.05 2009-08-05 0.03 -

Quick Heal 10.00 2009.08.05 2009-08-05 1.06 -

Rising 20.0 21.41.24.00 2009-08-05 0.80 -

Sophos 2.89.1 4.44 2009-08-05 2.85 -

Sunbelt 5313 5313 2009-08-04 1.32 -

Symantec 1.3.0.24 20090804.003 2009-08-04 0.05 -

nProtect 20090805.02 4971415 2009-08-05 7.29 -

The Hacker 6.3.4.3 v00375 2009-07-31 0.75 -

VBA32 3.12.10.9 20090804.1427 2009-08-04 1.81 -

VirusBuster 4.5.11.10 10.111.3/1829987 2009-08-04 2.23 -

Link to post
Share on other sites

can you try the OTL step again, seems you may have made a mistake

Make sure to copy everything from :OTL and down

then do this

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Link to post
Share on other sites

When I ran OTL the first time with the items in the Code box upon rebooting the Windows is starting screen came up then went black. I let it sit but nothing happened. I had to shut the PC off then restart it to get back to the desktop.

This time no problem with OTL, but upon reboot after running TFC the same thing occured. This time I had to boot into Safe Mode. In Safe Mode my mouse wouldn't work so I used the keyboard to reboot. I tried several times to get to the desktop in normal mode but only got a black screen. I ended up having to use Last known good configuration to get back to the desktop.

Here are the logs, but I suspect something is amiss that the PC doesn't want to boot normally. I won't be back on until after 5PM EST. I will run the Kaspersky scan then and post the log.

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5de488a-a3ae-11dd-8801-001ec9755754}\ not found.

File E:\wd_windows_tools\WDSetup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8817e38-43e1-11dd-87dc-001ec9755754}\ not found.

File E:\InstallTomTomHOME.exe not found.

Unable to remove msncache from NetSvcs value.

C:\Documents and Settings\All Users\Application Data\14899704 moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\fonts\services.exe not found.

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bill

->Temp folder emptied: 620812 bytes

File delete failed. C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 9826987 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

User: monica

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

File delete failed. C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_1 scheduled to be deleted on reboot.

Windows Temp folder emptied: 10627107 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.13 mb

OTL by OldTimer - Version 3.0.10.4 log created on 08052009_122946

Files\Folders moved on Reboot...

C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_1 moved successfully.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.40

Database version: 2564

Windows 5.1.2600 Service Pack 3

8/5/2009 1:01:22 PM

mbam-log-2009-08-05 (13-01-22).txt

Scan type: Quick Scan

Objects scanned: 110776

Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Whem I got back home and started the PC it went to the black screen after the Windows is starting screen. I had to turn off the PC and restart it then select Last known good configuration again to get to the desktop. After that I ran chkdsk. It booted to Windows once it completed. Kaspersky shows no malware. I am going to see if the PC boots normal after shutting it down.

It still doesn't want to boot into normal mode easily. I checked Event Viewer in Safe Mode and the following problem was listed several times. Now I need to troubleshoot why this is occuring.

Event Type: Error

Event Source: Service Control Manager

Event Category: None

Event ID: 7026

Date: 8/5/2009

Time: 9:03:13 PM

User: N/A

Computer: DCK7T3G1

Description:

The following boot-start or system-start driver(s) failed to load:

AFD

APPFLT

DSAFLT

Fips

FNETMON

IDSFLT

IPSec

MRxSmb

NetBIOS

NetBT

NETFLTDI

pavboot

Processor

RasAcd

Rdbss

ShldDrv

Tcpip

WNMFLT

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I ran sfc /scannow then restarted the PC. It actually booted to the desktop. Hopefully in the morning it will do the same.

Link to post
Share on other sites

Successfully booted straight to the desktop this morning. The malware must have corrupted one of the Windows Protected Files and the sfc /scannow repaired it.

Here is the NetSvcs scan.

OTL logfile created on: 8/6/2009 8:15:51 AM - Run 4

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.47% Memory free

3.79 Gb Paging File | 3.37 Gb Available in Paging File | 89.04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 115.89 Gb Free Space | 77.80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCK7T3G1

Current User Name: Bill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

PRC - C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe (Panda Security, S.L.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.)

PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)

PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe (Panda Security, S.L.)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)

SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)

SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)

SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)

SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)

SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()

SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.auctionsinternational.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M]

[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions

[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008/07/08 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\[email protected]

[2009/08/02 09:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions

[2009/07/29 05:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/12/25 19:02:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\FireFox\Profiles\789pe03b.default\searchplugins\ask.xml

[2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)

O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\System32\drivers\Tray900.exe (Philips)

O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/05 11:29:34 | 00,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: rbrooks.com ([project] https in Trusted sites)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class)

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/05 22:17:14 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll

[2009/08/05 22:17:11 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe

[2009/08/05 22:17:03 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2009/08/05 22:16:59 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

[2009/08/05 22:09:23 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

[2009/08/05 22:09:20 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

[2009/08/05 22:09:20 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2009/08/05 22:09:20 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2009/08/05 22:09:18 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

[2009/08/05 22:09:18 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

[2009/08/05 22:08:19 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax

[2009/08/05 22:08:15 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll

[2009/08/05 22:08:12 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2009/08/05 22:08:11 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2009/08/05 22:07:22 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

[2009/08/05 22:06:48 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

[2009/08/05 22:06:45 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys

[2009/08/05 22:06:43 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys

[2009/08/05 22:06:05 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys

[2009/08/05 22:05:26 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys

[2009/08/05 22:04:53 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2009/08/05 22:04:30 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys

[2009/08/05 22:04:12 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys

[2009/08/05 22:04:09 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys

[2009/08/05 22:04:07 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys

[2009/08/05 22:04:06 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys

[2009/08/05 22:03:56 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys

[2009/08/05 22:03:46 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2009/08/05 22:03:42 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2009/08/05 22:03:09 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys

[2009/08/05 22:03:05 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys

[2009/08/05 22:02:51 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2009/08/05 22:01:26 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll

[2009/08/05 22:01:24 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll

[2009/08/05 22:01:20 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll

[2009/08/05 22:01:18 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll

[2009/08/05 22:01:16 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll

[2009/08/05 22:01:12 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll

[2009/08/05 22:01:09 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll

[2009/08/05 22:00:59 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2009/08/05 22:00:58 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys

[2009/08/05 22:00:56 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys

[2009/08/05 22:00:54 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys

[2009/08/05 22:00:44 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys

[2009/08/05 22:00:40 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys

[2009/08/05 22:00:38 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys

[2009/08/05 22:00:36 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys

[2009/08/05 22:00:34 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys

[2009/08/05 22:00:32 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys

[2009/08/05 22:00:31 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys

[2009/08/05 22:00:17 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys

[2009/08/05 22:00:13 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys

[2009/08/05 22:00:12 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys

[2009/08/05 21:59:01 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys

[2009/08/05 21:58:55 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys

[2009/08/05 21:58:52 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll

[2009/08/05 21:58:51 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll

[2009/08/05 21:58:50 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll

[2009/08/05 21:58:24 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys

[2009/08/05 21:58:01 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll

[2009/08/05 21:57:55 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll

[2009/08/05 21:57:54 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys

[2009/08/05 21:57:32 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys

[2009/08/05 21:57:31 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys

[2009/08/05 21:57:29 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2009/08/05 21:57:22 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2009/08/05 21:57:22 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2009/08/05 21:57:22 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2009/08/05 21:57:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2009/08/05 21:57:21 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2009/08/05 21:57:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2009/08/05 21:57:20 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2009/08/05 21:57:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2009/08/05 21:57:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2009/08/05 21:57:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2009/08/05 21:57:19 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2009/08/05 21:57:19 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2009/08/05 21:57:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2009/08/05 21:57:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2009/08/05 21:57:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2009/08/05 21:57:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2009/08/05 21:57:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2009/08/05 21:57:13 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2009/08/05 21:57:13 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2009/08/05 21:57:13 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2009/08/05 21:57:12 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2009/08/05 21:57:12 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2009/08/05 21:57:12 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2009/08/05 21:57:12 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2009/08/05 21:57:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2009/08/05 21:57:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2009/08/05 21:57:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2009/08/05 21:57:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2009/08/05 21:57:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2009/08/05 21:57:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2009/08/05 21:57:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2009/08/05 21:57:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2009/08/05 21:57:07 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2009/08/05 21:57:07 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2009/08/05 21:57:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2009/08/05 21:57:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2009/08/05 21:57:06 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2009/08/05 21:57:06 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2009/08/05 21:57:04 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys

[2009/08/05 21:56:52 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2009/08/05 21:56:51 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2009/08/05 21:56:50 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys

[2009/08/05 21:56:46 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys

[2009/08/05 21:56:45 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys

[2009/08/05 21:56:45 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys

[2009/08/05 21:56:44 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll

[2009/08/05 21:56:44 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll

[2009/08/05 21:56:40 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys

[2009/08/05 21:56:40 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys

[2009/08/05 21:56:39 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys

[2009/08/05 21:56:39 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys

[2009/08/05 21:56:38 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys

[2009/08/05 21:56:38 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys

[2009/08/05 21:56:37 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys

[2009/08/05 21:56:37 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys

[2009/08/05 21:56:36 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys

[2009/08/05 21:56:31 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys

[2009/08/05 21:56:29 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys

[2009/08/05 21:56:23 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys

[2009/08/05 21:55:24 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys

[2009/08/05 21:55:24 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys

[2009/08/05 21:55:24 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys

[2009/08/05 21:55:23 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys

[2009/08/05 21:55:23 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys

[2009/08/05 21:55:21 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll

[2009/08/05 21:55:20 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys

[2009/08/05 21:55:19 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll

[2009/08/05 21:08:20 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys

[2009/08/05 11:22:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

[2009/08/05 10:18:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\My Received Files

[2009/08/05 09:18:03 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/08/05 09:17:13 | 00,000,108 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url

[2009/08/05 09:08:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/08/04 18:31:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/08/04 18:16:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/08/04 18:16:55 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/08/04 18:16:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/08/04 18:16:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/08/04 18:16:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/08/04 18:16:55 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/08/04 18:16:55 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/08/04 18:16:55 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/08/04 18:16:37 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/08/04 18:16:34 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/08/04 18:16:10 | 03,155,496 | R--- | C] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe

[2009/08/02 12:01:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat

[2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/08/02 11:49:29 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 11:49:24 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk

[2009/08/02 11:49:24 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk

[2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/08/02 11:39:05 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe

[2009/08/02 11:36:54 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe

[2009/08/02 11:36:45 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe

[2009/08/02 11:36:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe

[2009/08/02 11:36:40 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe

[2009/08/02 11:29:39 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc

[2009/08/02 09:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Yahoo!

[2009/08/02 09:34:37 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/02 09:34:03 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk

[2009/08/02 09:33:41 | 00,001,560 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/08/01 07:15:38 | 00,244,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/01 07:15:38 | 00,244,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys

[2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys

[2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys

[2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS

[2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS

[2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys

[2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/07/31 23:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Panda Security

[2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys

[2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl

[2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll

[2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll

[2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys

[2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll

[2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL

[2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll

[2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll

[2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Panda Security

[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys

[2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys

[2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security

[2009/07/31 22:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes

[2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools

[2009/07/31 21:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\CCleaner backup

[2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads

[2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys

[2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys

[2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys

[2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

========== Files - Modified Within 14 Days ==========

[2009/08/06 08:11:02 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck

[2009/08/06 08:11:02 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg

[2009/08/06 08:11:01 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

[2009/08/06 08:11:01 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG

[2009/08/06 08:11:01 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck

[2009/08/06 08:11:01 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg

[2009/08/06 08:11:01 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck

[2009/08/06 08:11:01 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt

[2009/08/06 08:11:01 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck

[2009/08/06 08:11:01 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg

[2009/08/06 08:11:01 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck

[2009/08/06 08:11:01 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg

[2009/08/06 08:10:59 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck

[2009/08/06 08:10:59 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg

[2009/08/06 08:10:59 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck

[2009/08/06 08:10:59 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt

[2009/08/06 08:09:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/08/06 08:09:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/06 08:09:34 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/05 12:34:48 | 00,244,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck

[2009/08/05 12:34:48 | 00,244,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT

[2009/08/05 11:47:11 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/08/05 10:06:49 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/08/05 10:06:49 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/08/05 10:06:49 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/08/05 09:17:13 | 00,000,108 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url

[2009/08/04 18:26:38 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/08/04 18:14:03 | 03,155,496 | R--- | M] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe

[2009/08/04 18:01:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/08/02 12:01:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat

[2009/08/02 11:49:29 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/02 11:49:24 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk

[2009/08/02 11:49:24 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk

[2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe

[2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe

[2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe

[2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe

[2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc

[2009/08/02 09:34:37 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk

[2009/08/02 09:34:03 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk

[2009/08/02 09:33:41 | 00,001,560 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk

[2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck

[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls

[2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat

[2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe

[2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys

[2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== LOP Check ==========

[2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar

[2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo

[2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data

[2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead

[2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft

[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink

[2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon

[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security

[2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux

[2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template

[2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom

[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver

[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/08/06 08:09:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation

< End of report >

Link to post
Share on other sites

final step

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Cleanup.png

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

    [*]Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.