Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit in Registry [Solved]

Started by Thelostlink , Apr 25 2009 11:12 PM

  • This topic is locked This topic is locked

#1
Thelostlink
Posted 25 April 2009 - 11:12 PM

Thelostlink

    Member

  • Member
  • PipPip
  • 82 posts
Hello, today I did a scan with Webroot Spysweeper and it told me I had the following

System monitor: potentially rootkit-masked registry

When I finished the scan, It told me that it had successfully quarantined the item, but on occasion, these items come back, clearly having not been quarantined. So I am asking here, what else can I do to be sure that this malware truly is off my system?

edit: Yes, even though Spysweeper said that it had quarantined the rootkit, while doing another scan it tells me that it has found it again. Any help to deal with this problem would be much appreciated.

Edited by Thelostlink, 26 April 2009 - 12:24 PM.

  • 0

Advertisements

#2
Essexboy
Posted 29 April 2009 - 02:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry for the delay. Lets see what you have first

Download Rooter.exe to your desktop
  • Doubleclick it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%(usually C:)\Rooter.txt. Copy and paste it with your OTLI log.

THEN

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
Thelostlink
Posted 29 April 2009 - 04:41 PM

Thelostlink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Rooter Log:

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:53497 Mo/Free:2395 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 04/29/2009|18:28

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
---------- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\PROGRA~1\Yahoo!\browser\ycommon.exe
---------- C:\Program Files\NetWaiting\netWaiting.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\DNA\btdna.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/29/2009|18:28

----------------------\\ Scan completed at 18:28



OtList Log:


OTListIt logfile created on: 4/29/2009 6:33:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.04 Mb Total Physical Memory | 359.17 Mb Available Physical Memory | 40.17% Memory free
2.12 Gb Paging File | 1.42 Gb Available in Paging File | 67.34% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.24 Gb Total Space | 34.34 Gb Free Space | 65.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBCAT
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE ()
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\NetWaiting\netWaiting.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Documents and Settings\Rob\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [On_Demand | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ssfs0bbc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSIDRV [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSKBFD [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/06 22:45:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 14:02:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 14:02:27 | 00,000,000 | ---D | M]

[2008/09/08 19:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Extensions
[2008/09/08 19:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/26 01:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions
[2008/12/11 23:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/07 17:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/07 17:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/01/09 21:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/12/22 22:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/09 21:48:04 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\FireFox\Profiles\kssvrrqa.default\searchplugins\aim-search.xml
[2009/04/26 01:11:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/11/06 23:49:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/22 14:02:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 22:47:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2007/11/06 23:49:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/04/22 14:02:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 14:02:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/07 22:58:55 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/07 22:58:55 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/07 22:58:55 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 01:06:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/07 22:58:55 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/07 22:58:55 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/07 22:58:55 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303137 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" (Lavasoft)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe" (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon (CANON INC.)
O4 - HKLM..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" (Dell Inc)
O4 - HKLM..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXSUPMON] "C:\WINDOWS\system32\LXSUPMON.EXE" RUN (Lexmark International Inc.)
O4 - HKLM..\Run: [MSConfig] "C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" /auto (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] "stsystra.exe" (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray (Webroot Software, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
O4 - HKLM..\Run: [YBrowser] "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" (Yahoo! Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe" ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 7576 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: 2 range(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: blogger.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/29 18:32:00 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTListIt2.exe
[2009/04/29 18:27:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/29 18:27:10 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Rooter.exe
[2009/04/24 11:58:08 | 00,012,225 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Hotei-Osho.docx
[2009/04/24 11:57:54 | 00,012,467 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Japanese Santa.docx
[2009/04/22 19:18:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/20 14:46:45 | 01,227,579 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Physics Photo Album Project.pptx
[2009/04/20 14:02:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\Windows Search
[2009/04/19 17:08:30 | 03,183,616 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\USMC2.doc
[2009/04/17 23:06:53 | 00,003,652 | ---- | C] () -- C:\Resetlog.text
[2009/04/17 18:04:07 | 00,000,246 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Test.zip
[2009/04/17 17:33:58 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\GooredFix.exe
[2009/04/16 18:51:15 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/04/15 01:17:17 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/14 16:50:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 16:50:14 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 16:50:14 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 16:50:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 16:50:14 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/14 16:50:13 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 16:50:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 16:50:13 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 16:50:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 16:50:11 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 16:44:50 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 16:44:49 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/14 16:44:48 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 00:08:33 | 00,011,189 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\college letter.docx
[2009/04/13 01:20:48 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/12 22:39:01 | 00,001,675 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Webroot AntiVirus.lnk
[2009/04/12 22:37:27 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/07 15:31:50 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/02 14:30:04 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/04/02 14:29:56 | 00,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/03/31 22:55:28 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/31 20:04:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/03/02 17:32:44 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/02 17:32:41 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/09 01:25:43 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/08/19 20:40:51 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/07/13 19:44:57 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/01/04 22:39:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/07 00:20:29 | 00,010,956 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/04/01 11:00:14 | 00,000,483 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2007/01/20 19:18:36 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/20 19:18:36 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\025D29A96E.sys
[2007/01/12 16:08:56 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[2006/12/28 11:16:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/28 11:07:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/28 11:00:34 | 00,004,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/28 10:23:56 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/28 10:23:52 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/28 10:23:28 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/10 10:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/29 18:32:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTListIt2.exe
[2009/04/29 18:27:12 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Rooter.exe
[2009/04/28 15:01:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/26 00:31:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 00:30:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 00:30:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/26 00:30:50 | 93,753,7536 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/26 00:28:13 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/26 00:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/25 00:35:34 | 00,106,907 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Shadow Walk Story.docx
[2009/04/24 12:36:20 | 00,012,225 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Hotei-Osho.docx
[2009/04/24 11:57:55 | 00,012,467 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Japanese Santa.docx
[2009/04/22 19:19:42 | 00,000,512 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/22 19:19:42 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/22 19:19:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 23:44:29 | 01,227,579 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Physics Photo Album Project.pptx
[2009/04/21 19:27:14 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/04/20 22:43:44 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/20 15:36:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/19 17:09:32 | 03,183,616 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\USMC2.doc
[2009/04/17 23:06:53 | 00,003,652 | ---- | M] () -- C:\Resetlog.text
[2009/04/17 18:04:51 | 00,000,240 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Test.bat
[2009/04/17 18:04:12 | 00,000,246 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Test.zip
[2009/04/17 17:33:59 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\GooredFix.exe
[2009/04/17 15:01:37 | 00,424,038 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 15:01:37 | 00,069,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 15:01:36 | 00,501,198 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 17:17:35 | 00,303,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/15 01:19:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 00:08:34 | 00,011,189 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\college letter.docx
[2009/04/12 22:39:01 | 00,001,675 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Webroot AntiVirus.lnk
[2009/04/12 22:37:37 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 13:32:34 | 01,563,008 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 01:01:47 | 00,035,515 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Blue Ice House.rtf
[2009/04/02 14:30:12 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2009/04/02 14:30:10 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2009/04/02 14:30:08 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2009/04/02 14:30:04 | 00,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/04/02 14:29:56 | 00,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/03/31 23:41:31 | 00,004,162 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== LOP Check ==========

[2009/04/22 19:05:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/28 19:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/22 22:39:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/05/11 09:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/01/09 18:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/01/09 21:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/12/18 17:50:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/10/02 20:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/10/02 20:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/08/19 20:33:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/20 00:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2006/12/28 10:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2007/12/20 20:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/04/07 20:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/04/28 15:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2006/12/28 11:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2006/12/28 11:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/22 22:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/20 18:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/22 23:02:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/15 01:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/03/20 22:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/08/11 19:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/08/19 20:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/12/28 11:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/03/25 13:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/22 18:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/09 21:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/31 20:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2007/01/06 10:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/01/20 22:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/07/13 19:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/07/13 19:54:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/20 14:02:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rob\Application Data
[2008/12/23 19:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Adobe
[2007/05/29 23:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AdobeUM
[2007/07/03 00:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Aim
[2008/01/04 22:39:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AOL
[2008/12/26 11:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Apple Computer
[2006/12/28 10:53:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ATI
[2008/08/13 19:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Corel
[2007/05/02 15:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\CyberLink
[2009/04/29 18:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DNA
[2007/01/03 21:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Google
[2006/12/28 11:08:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rob\Application Data\Gtek
[2007/02/23 03:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Help
[2004/08/11 19:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Identities
[2006/12/28 11:04:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\InstallShield
[2008/12/18 16:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Leadertech
[2007/11/02 18:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Macromedia
[2009/03/20 18:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Malwarebytes
[2008/12/22 22:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Media Player Classic
[2009/03/22 21:47:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Rob\Application Data\Microsoft
[2008/09/08 19:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla
[2009/01/09 21:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\QQ Games
[2008/03/02 17:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Real
[2008/12/18 16:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Sonic
[2007/03/06 13:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Sun
[2007/11/25 14:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Talkback
[2007/12/11 00:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Template
[2009/01/09 21:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Tencent
[2008/06/19 21:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\U3
[2007/12/19 23:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Viewpoint
[2009/01/17 16:16:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Webroot
[2009/03/22 21:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Desktop Search
[2009/04/20 14:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Search
[2008/12/28 18:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Yahoo!
[2009/04/20 22:43:44 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/04/20 15:36:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/28 15:01:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/04/26 00:30:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A15F65E0
< End of report >



Extras Log:

OTListIt logfile created on: 4/29/2009 6:33:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.04 Mb Total Physical Memory | 359.17 Mb Available Physical Memory | 40.17% Memory free
2.12 Gb Paging File | 1.42 Gb Available in Paging File | 67.34% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.24 Gb Total Space | 34.34 Gb Free Space | 65.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBCAT
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE ()
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\NetWaiting\netWaiting.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Documents and Settings\Rob\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [On_Demand | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ssfs0bbc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSIDRV [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSKBFD [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/06 22:45:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 14:02:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 14:02:27 | 00,000,000 | ---D | M]

[2008/09/08 19:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Extensions
[2008/09/08 19:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/26 01:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions
[2008/12/11 23:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/07 17:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/07 17:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/01/09 21:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/12/22 22:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\mozilla\Firefox\Profiles\kssvrrqa.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/09 21:48:04 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\FireFox\Profiles\kssvrrqa.default\searchplugins\aim-search.xml
[2009/04/26 01:11:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/11/06 23:49:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/22 14:02:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 22:47:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2007/11/06 23:49:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/04/22 14:02:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 14:02:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/07 22:58:55 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/07 22:58:55 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/07 22:58:55 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 01:06:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/07 22:58:55 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/07 22:58:55 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/07 22:58:55 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303137 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" (Lavasoft)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe" (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon (CANON INC.)
O4 - HKLM..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" (Dell Inc)
O4 - HKLM..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXSUPMON] "C:\WINDOWS\system32\LXSUPMON.EXE" RUN (Lexmark International Inc.)
O4 - HKLM..\Run: [MSConfig] "C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" /auto (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] "stsystra.exe" (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray (Webroot Software, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
O4 - HKLM..\Run: [YBrowser] "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" (Yahoo! Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe" ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 7576 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: 2 range(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: blogger.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/29 18:32:00 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTListIt2.exe
[2009/04/29 18:27:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/29 18:27:10 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Rooter.exe
[2009/04/24 11:58:08 | 00,012,225 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Hotei-Osho.docx
[2009/04/24 11:57:54 | 00,012,467 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Japanese Santa.docx
[2009/04/22 19:18:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/20 14:46:45 | 01,227,579 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Physics Photo Album Project.pptx
[2009/04/20 14:02:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\Windows Search
[2009/04/19 17:08:30 | 03,183,616 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\USMC2.doc
[2009/04/17 23:06:53 | 00,003,652 | ---- | C] () -- C:\Resetlog.text
[2009/04/17 18:04:07 | 00,000,246 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Test.zip
[2009/04/17 17:33:58 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\GooredFix.exe
[2009/04/16 18:51:15 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/04/15 01:17:17 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/14 16:50:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 16:50:14 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 16:50:14 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 16:50:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 16:50:14 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/14 16:50:13 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 16:50:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 16:50:13 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 16:50:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 16:50:11 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 16:44:50 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 16:44:49 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/14 16:44:48 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 00:08:33 | 00,011,189 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\college letter.docx
[2009/04/13 01:20:48 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/12 22:39:01 | 00,001,675 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Webroot AntiVirus.lnk
[2009/04/12 22:37:27 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/07 15:31:50 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/02 14:30:04 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/04/02 14:29:56 | 00,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/03/31 22:55:28 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/31 20:04:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/03/02 17:32:44 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/02 17:32:41 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/09 01:25:43 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/08/19 20:40:51 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/07/13 19:44:57 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/01/04 22:39:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/07 00:20:29 | 00,010,956 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/04/01 11:00:14 | 00,000,483 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2007/01/20 19:18:36 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/20 19:18:36 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\025D29A96E.sys
[2007/01/12 16:08:56 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[2006/12/28 11:16:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/28 11:07:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/28 11:00:34 | 00,004,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/28 10:23:56 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/28 10:23:52 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/28 10:23:28 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/10 10:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/29 18:32:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTListIt2.exe
[2009/04/29 18:27:12 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Rooter.exe
[2009/04/28 15:01:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/26 00:31:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 00:30:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 00:30:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/26 00:30:50 | 93,753,7536 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/26 00:28:13 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/26 00:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/25 00:35:34 | 00,106,907 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Shadow Walk Story.docx
[2009/04/24 12:36:20 | 00,012,225 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Hotei-Osho.docx
[2009/04/24 11:57:55 | 00,012,467 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Japanese Santa.docx
[2009/04/22 19:19:42 | 00,000,512 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/22 19:19:42 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/22 19:19:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 23:44:29 | 01,227,579 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Physics Photo Album Project.pptx
[2009/04/21 19:27:14 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/04/20 22:43:44 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/20 15:36:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/19 17:09:32 | 03,183,616 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\USMC2.doc
[2009/04/17 23:06:53 | 00,003,652 | ---- | M] () -- C:\Resetlog.text
[2009/04/17 18:04:51 | 00,000,240 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Test.bat
[2009/04/17 18:04:12 | 00,000,246 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Test.zip
[2009/04/17 17:33:59 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\GooredFix.exe
[2009/04/17 15:01:37 | 00,424,038 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 15:01:37 | 00,069,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 15:01:36 | 00,501,198 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 17:17:35 | 00,303,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/15 01:19:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 00:08:34 | 00,011,189 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\college letter.docx
[2009/04/12 22:39:01 | 00,001,675 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Webroot AntiVirus.lnk
[2009/04/12 22:37:37 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 13:32:34 | 01,563,008 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 01:01:47 | 00,035,515 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Blue Ice House.rtf
[2009/04/02 14:30:12 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2009/04/02 14:30:10 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2009/04/02 14:30:08 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2009/04/02 14:30:04 | 00,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/04/02 14:29:56 | 00,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/03/31 23:41:31 | 00,004,162 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== LOP Check ==========

[2009/04/22 19:05:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/28 19:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/22 22:39:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/05/11 09:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/01/09 18:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/01/09 21:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/12/18 17:50:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/10/02 20:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/10/02 20:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/08/19 20:33:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/20 00:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2006/12/28 10:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2007/12/20 20:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/04/07 20:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/04/28 15:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2006/12/28 11:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2006/12/28 11:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/22 22:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/20 18:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/22 23:02:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/15 01:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/03/20 22:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/08/11 19:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/08/19 20:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/12/28 11:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/03/25 13:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/22 18:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/09 21:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/31 20:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2007/01/06 10:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/01/20 22:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/07/13 19:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/07/13 19:54:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/20 14:02:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rob\Application Data
[2008/12/23 19:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Adobe
[2007/05/29 23:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AdobeUM
[2007/07/03 00:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Aim
[2008/01/04 22:39:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AOL
[2008/12/26 11:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Apple Computer
[2006/12/28 10:53:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ATI
[2008/08/13 19:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Corel
[2007/05/02 15:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\CyberLink
[2009/04/29 18:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DNA
[2007/01/03 21:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Google
[2006/12/28 11:08:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rob\Application Data\Gtek
[2007/02/23 03:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Help
[2004/08/11 19:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Identities
[2006/12/28 11:04:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\InstallShield
[2008/12/18 16:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Leadertech
[2007/11/02 18:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Macromedia
[2009/03/20 18:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Malwarebytes
[2008/12/22 22:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Media Player Classic
[2009/03/22 21:47:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Rob\Application Data\Microsoft
[2008/09/08 19:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla
[2009/01/09 21:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\QQ Games
[2008/03/02 17:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Real
[2008/12/18 16:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Sonic
[2007/03/06 13:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Sun
[2007/11/25 14:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Talkback
[2007/12/11 00:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Template
[2009/01/09 21:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Tencent
[2008/06/19 21:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\U3
[2007/12/19 23:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Viewpoint
[2009/01/17 16:16:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Webroot
[2009/03/22 21:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Desktop Search
[2009/04/20 14:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Search
[2008/12/28 18:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Yahoo!
[2009/04/20 22:43:44 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/04/20 15:36:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/28 15:01:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/04/26 00:30:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A15F65E0
< End of report >
  • 0

#4
Essexboy
Posted 30 April 2009 - 01:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing apparent there lets look deeper, what is the file that webroot reports ?

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
Thelostlink
Posted 30 April 2009 - 04:12 PM

Thelostlink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I believe this is the name of the file Webroot is talking about:

HKU\S-1-5-21-2855035583-3105725080-3941657150-1007\Software\YAHOO\Common\Saved || 459802|32869 (ID = 0)


RootRepeal [I do not believe this is too long to paste here]:

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/30 17:21
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDB48000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A9A000 Size: 8192 File Visible: No
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7AC2000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA6E5000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x853cfe40

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf75c287e

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x85333490

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x85333418

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x85333238

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x85366150

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x853e4e90

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x853cfeb8

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x853cfd50

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8534e210

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x853cffa8

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x853ae2e8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x85333328

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x85333148

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf75c2bfe

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x853332b0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x853cff30

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x853333a0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x853331c0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x853cfdc8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x84d3aeb0 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x84d4d7f8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x84d4ca40 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x84cfcd18 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x84d07d18 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84ce6d18 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84ce6ca0 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x84ce6c28 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x84ce68a8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84ce6830 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84ce67b8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84ce5e10 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84ce5d98 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84ce5d20 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84ce4fa8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84ce4f30 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84ce4eb8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84d06530 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x84d064b8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x84d06440 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84d05fa8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84d05f30 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x84d05eb8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84d05b38 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x84d05ac0 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84d05a48 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84ce48a8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x84ce4830 Size: -
  • 0

#6
Essexboy
Posted 30 April 2009 - 04:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is just a registry key with no file attached ????? lets see if this finds anything

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#7
Thelostlink
Posted 30 April 2009 - 05:11 PM

Thelostlink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
malware bytes log:


Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 3

4/30/2009 7:09:19 PM
mbam-log-2009-04-30 (19-09-19).txt

Scan type: Quick Scan
Objects scanned: 95744
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Essexboy
Posted 01 May 2009 - 11:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Wierd that it is only webroot reporting it - do you use YAHOO ? Apart from this are you experiencing any other problems ?
  • 0

#9
Thelostlink
Posted 01 May 2009 - 11:59 AM

Thelostlink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Just for e-mail. I don't have any Yahoo instant messenger or anything like that.
  • 0

#10
Essexboy
Posted 01 May 2009 - 12:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets use another tool to get to the bottom of this

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

Advertisements

#11
Thelostlink
Posted 01 May 2009 - 12:57 PM

Thelostlink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Webroot blocked access to Avz after I clicked 'execute selected scripts'. It automatically quarantined it and called it "Troj/Rootkit-FP". I assume that I should find a way to shut down auto-quarantine on it, and let it go through?
  • 0

#12
Essexboy
Posted 01 May 2009 - 01:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please there should be a way to stop on access protection I will look for that now if you do not know it - by the way that is a false positive :)
  • 0

#13
Thelostlink
Posted 01 May 2009 - 03:03 PM

Thelostlink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Both files are too large for the attachments, or so I am being told. :)
  • 0

#14
Essexboy
Posted 02 May 2009 - 04:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Upload them to Mediafire and post the sharing link
  • 0

#15
Thelostlink
Posted 02 May 2009 - 11:46 AM

Thelostlink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
http://www.mediafire...fo_syscheck.htm


http://www.mediafire...nfo_syscure.htm

Hopefully this works :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP