Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malwarebytes keeps getting deleted

Started by bsvogel , May 17 2009 04:15 PM

  • Please log in to reply

#1
bsvogel
Posted 17 May 2009 - 04:15 PM

bsvogel

    New Member

  • Member
  • Pip
  • 2 posts
The virus i have is blocking me from accessing my dvd burner using the power2go program. It is also redirection any search engine results, and is deleting or not letting any antivirus or malware removal prog to install properly.

I believe it come from a movie i downloaded(star trek), off of isohunt, that said i need a new codec for windows media player to play it. I downloaded this( I think it was called quick timing) and have been having the above probs ever since.


I have tried the steps in the malware help section with no luck so far. After i ran and found trojans with malwarebytes i was asked to restart my comp to finish, when it rebooted malwarebytes was removed from my system. every other try to re install and run it doesnt bring up any infections yet comp is still infected, and the program gets deleted again.





here is the the otlistit

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:228245 Mo/Free:4054 Mo)
D:\ [Fixed] - NTFS - (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 05/17/2009|16:44

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Hpservice.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\WLANExt.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
---------- C:\Windows\system32\agrsmsvc.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
---------- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
---------- C:\Windows\SMINST\BLService.exe
---------- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\ThreatFire\TFService.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\IDT\WDM\sttray.exe
---------- C:\Program Files\HP\QuickPlay\QPService.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
---------- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
---------- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
---------- C:\Program Files\ThreatFire\TFTray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
---------- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
---------- C:\Windows\servicing\TrustedInstaller.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- \\?\C:\Windows\system32\wbem\WMIADAP.EXE
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\Brandon\Documents\LimeWire\Saved\Eminem - Crack Cocaine (Unreleased very rare studio out take).mp3
C:\Users\Brandon\Downloads\Brother Ali - The Undisputed Truth (2007) - Hip Hop [www.torrentazos.com]\AOE2\crack.zip
C:\Users\Brandon\Downloads\Eminem - Before The Relapse\[Pb] 24-Eminem - Crackers & Cheese (Very Rare 1993) - www.pbtone.com.mp3


1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/17/2009|16:45

----------------------\\ Scan completed at 16:45


Sun 05/17/2009|16:44

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Hpservice.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\WLANExt.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
---------- C:\Windows\system32\agrsmsvc.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
---------- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
---------- C:\Windows\SMINST\BLService.exe
---------- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\ThreatFire\TFService.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\IDT\WDM\sttray.exe
---------- C:\Program Files\HP\QuickPlay\QPService.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
---------- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
---------- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
---------- C:\Program Files\ThreatFire\TFTray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
---------- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
---------- C:\Windows\servicing\TrustedInstaller.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- \\?\C:\Windows\system32\wbem\WMIADAP.EXE
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\Brandon\Documents\LimeWire\Saved\Eminem - Crack Cocaine (Unreleased very rare studio out take).mp3
C:\Users\Brandon\Downloads\Brother Ali - The Undisputed Truth (2007) - Hip Hop [www.torrentazos.com]\AOE2\crack.zip
C:\Users\Brandon\Downloads\Eminem - Before The Relapse\[Pb] 24-Eminem - Crackers & Cheese (Very Rare 1993) - www.pbtone.com.mp3


1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/17/2009|16:45

----------------------\\ Scan completed at 16:45

and the 2nd one

OTListIt logfile created on: 5/17/2009 4:58:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Brandon\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 88.76% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.90 Gb Total Space | 115.82 Gb Free Space | 51.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON-PC
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe (IDT, Inc.)
PRC - C:\Windows\system32\Hpservice.exe (Hewlett-Packard Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\Brandon\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe (Andrea Electronics Corporation)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (AntiVirSchedulerService [Auto | Stopped]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Stopped]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4QLBEx [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpsrv [Auto | Running]) -- C:\Windows\system32\Hpservice.exe (Hewlett-Packard Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetTcpPortSharing [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (QPCapSvc [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
SRV - (QPSched [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()
SRV - (Recovery Service for Windows [Auto | Running]) -- C:\Windows\SMINST\BLService.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe (IDT, Inc.)
SRV - (ThreatFire [Auto | Running]) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Accelerometer [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (adp94xx [Boot | Running]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Boot | Running]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Boot | Running]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Boot | Running]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ahcix86s [Boot | Running]) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (aic78xx [Boot | Running]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Boot | Running]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Amddfltr [Boot | Running]) -- C:\Windows\system32\DRIVERS\Amddfltr.sys (Advanced Micro Devices)
DRV - (arc [Boot | Running]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Boot | Running]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\Windows\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\Windows\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Boot | Running]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Boot | Running]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (enecir [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (HpCISSs [Boot | Running]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (hpdskflt [Boot | Running]) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqRemHid [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Boot | Running]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Boot | Running]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Boot | Running]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (kl1 [System | Running]) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab)
DRV - (LSI_FC [Boot | Running]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Boot | Running]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Boot | Running]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Boot | Running]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Boot | Running]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Boot | Running]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Boot | Running]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [On_Demand | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvraid [Boot | Running]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Boot | Running]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Boot | Running]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\system32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Boot | Running]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (ssmdrv [System | Running]) -- C:\Windows\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\stwrt.sys (IDT, Inc.)
DRV - (StillCam [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (Symc8xx [Boot | Running]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Boot | Running]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Boot | Running]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TfFsMon [Boot | Running]) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon [On_Demand | Running]) -- C:\Windows\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfSysMon [Boot | Running]) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (uliahci [Boot | Running]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Boot | Running]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Boot | Running]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Boot | Running]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Boot | Running]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTCNXT3.SYS (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/17 16:25:04 | 00,000,000 | ---D | M]

[2009/03/11 02:14:26 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\mozilla\Extensions
[2009/03/10 15:43:19 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/11 02:14:26 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/03/10 15:43:19 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\mozilla\Firefox\Profiles\uc5k155c.default\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/22 21:20:45 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/14 17:51:08 | 00,000,433 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{835105c4-2c4a-11de-9576-001e688ff867}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{835105c4-2c4a-11de-9576-001e688ff867}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 16:57:40 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/17 16:57:39 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTListIt2.exe
[2009/05/17 16:44:26 | 00,267,612 | ---- | C] () -- C:\Users\Brandon\Desktop\Rooter.exe
[2009/05/17 16:42:51 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/17 16:21:30 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/05/17 16:21:30 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/05/17 16:21:29 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/05/17 16:21:29 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/05/17 16:21:29 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/05/17 16:21:29 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/05/17 16:21:27 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/05/17 16:21:26 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/05/17 16:15:40 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/05/17 16:15:36 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/05/17 16:15:34 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/05/17 16:15:27 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/05/17 16:15:23 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/05/15 19:15:33 | 00,000,000 | ---D | C] -- C:\Program Files\gohome
[2009/05/15 18:29:13 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/15 18:29:01 | 00,000,913 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/15 18:28:57 | 00,000,733 | ---- | C] () -- C:\Users\Brandon\Desktop\NTREGOPT.lnk
[2009/05/15 18:28:57 | 00,000,714 | ---- | C] () -- C:\Users\Brandon\Desktop\ERUNT.lnk
[2009/05/15 18:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/15 16:42:27 | 00,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/05/15 16:42:19 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/05/15 16:42:19 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/05/15 16:42:19 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/05/15 16:42:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/05/15 16:42:18 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/14 17:46:59 | 00,000,433 | RHS- | C] () -- C:\autorun.inf
[2009/02/05 00:21:19 | 00,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009/02/04 23:04:35 | 00,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/12/19 10:15:58 | 04,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/17 12:41:18 | 00,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/17 12:22:58 | 00,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 00,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/17 11:59:54 | 00,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/12/11 06:27:02 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/03/28 04:19:10 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/08 12:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/11/24 14:25:52 | 00,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[2004/10/03 12:50:54 | 00,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/17 16:57:44 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTListIt2.exe
[2009/05/17 16:44:55 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/17 16:44:55 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/17 16:44:55 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/17 16:44:27 | 00,267,612 | ---- | M] () -- C:\Users\Brandon\Desktop\Rooter.exe
[2009/05/17 16:39:24 | 00,000,338 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/05/17 16:39:00 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/17 16:39:00 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/17 16:38:49 | 00,307,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/17 16:38:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/17 16:38:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/16 20:50:05 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5076AD8E-4BAC-465F-A72C-3A985E506A95}.job
[2009/05/15 18:29:01 | 00,000,913 | ---- | M] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/15 18:28:57 | 00,000,733 | ---- | M] () -- C:\Users\Brandon\Desktop\NTREGOPT.lnk
[2009/05/15 18:28:57 | 00,000,714 | ---- | M] () -- C:\Users\Brandon\Desktop\ERUNT.lnk
[2009/05/15 16:42:27 | 00,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/05/14 17:51:08 | 00,000,433 | RHS- | M] () -- C:\autorun.inf
[2009/05/07 02:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Please help
  • 0

Advertisements

#2
bsvogel
Posted 17 May 2009 - 04:17 PM

bsvogel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Sorry i also forgot to add that i cant reboot in safe mode. It loads about half the files then just stays dormant. i also tried the restore and it was unable to complete.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP