Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

don't know what else to do. trojandownloader:win32/renos.io

Started by big otis , Jun 12 2009 09:37 PM

  • Please log in to reply

#1
big otis
Posted 12 June 2009 - 09:37 PM

big otis

    New Member

  • Member
  • Pip
  • 1 posts
i am lost. my computer will not connect to the internet using firefox or internet explorer. i have nortons , ad-aware and ccleaner. they will not run a scan. windows defender had a pop up saying trojandownloader:win32/renos.io i choose the oppition to remove the threat. still can't get online nortons or ad-aware or any other programs will run. the computer will freeze and shut down. on some of the shut downs a blue screen pops up and goes away to fast to read what it says. i can only get online in safe mode. i have read and tried to download some of the programs on this site but could not get them to work. i tried Fixledef.exe and SYSRestorePoint and Malwarebytes'Anti-Malware and could not get them to work. the Rooter Rootit Detector is only working in safe mode. i think i got OTListit to work. i guess we will see. please if you can help i would really like to try and keep pictures and other important flies. THANKS


OTL logfile created on: 6/12/2009 11:17:15 PM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\milkman\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.32 Mb Total Physical Memory | 457.61 Mb Available Physical Memory | 45.16% Memory free
2.23 Gb Paging File | 1.72 Gb Available in Paging File | 77.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.40 Gb Total Space | 36.16 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive D: | 9.64 Gb Total Space | 1.81 Gb Free Space | 18.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: milkman
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/01/19 00:33:39 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SYSTEM32\WISPTIS.EXE
PRC - [2008/01/19 00:33:23 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/10/14 21:31:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/01/19 00:33:39 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SYSTEM32\WISPTIS.EXE
PRC - [2008/01/19 00:33:23 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 00:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2009/03/02 19:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/06/12 21:05:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/12/12 10:01:58 | 00,196,608 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxsrvc.exe
PRC - [2009/06/12 22:21:03 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\milkman\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/12 12:07:28 | 00,718,880 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Stopped])
SRV - [2008/10/14 21:31:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Stopped])
SRV - [2008/01/05 04:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Stopped])
SRV - [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/08/10 00:18:41 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/01/05 04:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006/12/24 13:09:53 | 00,081,408 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2007/02/02 22:37:41 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/01/05 04:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/01/14 00:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2007/05/11 17:03:52 | 02,983,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2008/01/05 04:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2006/12/25 05:48:45 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Stopped])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\system32\PSIService.exe -- (ProtexisLicensing [Auto | Stopped])
SRV - [2008/01/28 11:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/06/07 22:55:16 | 01,096,584 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2008/01/23 16:41:19 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/01/05 01:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Stopped])
SRV - [2007/09/07 11:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\system32\Pen_Tablet.exe -- (TabletServicePen [Auto | Stopped])
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/08/04 18:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 00:36:49 | 00,108,032 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 02:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 00:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2005/09/07 14:29:44 | 00,044,288 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2005/09/07 14:32:58 | 00,024,960 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2006/11/02 02:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/10/31 15:15:24 | 00,165,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009/05/13 08:23:24 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Stopped])
DRV - [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/09 01:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Stopped])
DRV - [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/08 16:55:10 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Stopped])
DRV - [2006/11/08 16:54:02 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Stopped])
DRV - [2006/12/12 10:49:56 | 01,476,608 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2009/02/09 15:59:20 | 00,272,432 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ids-diskless\20090610.001\IDSvix86.sys -- (IDSvix86 [System | Stopped])
DRV - [2006/12/12 10:49:56 | 01,476,608 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Stopped])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 15:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2009/05/13 08:23:24 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090612.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/05/13 08:23:24 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090612.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2006/11/02 00:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) -- C:\Windows\system32\DRIVERS\NETw2v32.sys -- (NETw2v32 [On_Demand | Stopped])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 02:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Stopped])
DRV - [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Stopped])
DRV - [2007/12/01 00:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Stopped])
DRV - [2007/12/01 00:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/12/01 00:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Stopped])
DRV - [2007/02/28 17:57:28 | 00,323,584 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Stopped])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2008/10/03 14:14:08 | 00,012,848 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])
DRV - [2009/01/05 22:39:58 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,146,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped])
DRV - [2008/10/03 14:14:12 | 00,037,936 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,187,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Stopped])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 02:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/02/16 12:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\Windows\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2007/02/16 11:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\Windows\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 17:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\Windows\system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
DRV - [2006/11/08 16:53:48 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2006/08/04 18:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=W3615
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=W3615
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/12 21:05:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/12 21:05:08 | 00,000,000 | ---D | M]

[2008/09/06 14:30:50 | 00,000,000 | ---D | M] -- C:\Users\milkman\AppData\Roaming\mozilla\Extensions
[2008/09/06 14:30:50 | 00,000,000 | ---D | M] -- C:\Users\milkman\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/12 11:22:07 | 00,000,000 | ---D | M] -- C:\Users\milkman\AppData\Roaming\mozilla\Firefox\Profiles\pvvopetj.default\extensions
[2007/12/19 15:14:14 | 00,000,000 | ---D | M] -- C:\Users\milkman\AppData\Roaming\mozilla\Firefox\Profiles\pvvopetj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/02/15 21:09:47 | 00,002,386 | ---- | M] () -- C:\Users\milkman\AppData\Roaming\Mozilla\FireFox\Profiles\pvvopetj.default\searchplugins\siteadvisor.xml
[2009/06/12 11:22:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 21:05:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/17 16:13:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/10/12 09:15:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/30 12:56:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/09/06 14:30:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/06/12 21:04:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 21:04:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/30 12:14:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/30 12:14:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/30 12:14:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/30 12:14:14 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/30 12:14:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/30 12:14:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/30 12:14:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (dcads) - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\Windows\system32\nsd12C7.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (IEPlugin Class) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll (Systweak Inc)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup (BigFix Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] zHotkey.exe ()
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [GiGiSrv] C:\Windows\Twain_32\GiGiCam\GiGiSrv.exe ()
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ModPS2] ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray (Napster)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ShowWnd] ShowWnd.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Users\milkman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\milkman\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk = C:\Windows\system\w98eject.exe (Sigmatel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b1063670-c83e-11dd-855b-0019d12c8c09}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b1063670-c83e-11dd-855b-0019d12c8c09}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b1063670-c83e-11dd-855b-0019d12c8c09}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b1063670-c83e-11dd-855b-0019d12c8c09}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b1063670-c83e-11dd-855b-0019d12c8c09}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/12 22:27:44 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/06/12 22:20:58 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\milkman\Desktop\OTL.exe
[2009/06/12 22:16:31 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/12 22:14:17 | 00,128,933 | ---- | C] (Eric_71) -- C:\Users\milkman\Desktop\Rooter.exe
[2009/06/12 21:36:38 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009/06/12 21:22:12 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Users\milkman\Desktop\FixIEDef.exe
[2009/06/12 18:34:11 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 18:34:09 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/12 18:34:07 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/12 18:34:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/12 18:34:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/12 12:06:13 | 00,000,770 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2009/06/12 12:06:01 | 00,000,000 | ---D | C] -- C:\Users\milkman\Documents\a-squared Free
[2009/06/12 12:06:01 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/06/12 11:58:41 | 00,000,832 | ---- | C] () -- C:\Users\Public\Desktop\a-squared HiJackFree.lnk
[2009/06/12 11:58:41 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared HiJackFree
[2009/06/12 11:21:22 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/06/12 11:21:15 | 00,130,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/06/12 11:21:15 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/06/12 11:21:10 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/06/12 11:21:09 | 00,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/06/12 11:21:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/06/12 11:21:07 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/06/12 11:21:02 | 00,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2009/06/12 11:21:02 | 00,000,000 | ---D | C] -- C:\Users\milkman\AppData\Roaming\PC Tools
[2009/06/12 11:21:02 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/06/12 11:21:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/06/12 11:21:01 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2009/06/12 11:21:01 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STKIT432.DLL
[2009/06/12 11:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/12 11:10:05 | 17,132,5723 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/06/11 22:49:31 | 00,000,004 | ---- | C] () -- C:\WindowsRegDefrag.dat
[2009/06/11 22:45:36 | 00,004,205 | ---- | C] () -- C:\Users\milkman\Desktop\report.htm
[2009/06/11 12:14:45 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/06/11 11:31:43 | 00,000,266 | -H-- | C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/10 15:59:22 | 00,191,488 | ---- | C] () -- C:\Users\milkman\Desktop\primal grill recipes s.c. pulled pork shoulder.pdf
[2009/06/09 21:08:52 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/09 21:08:46 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/09 21:08:43 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/09 21:08:33 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/09 21:08:30 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/09 21:08:30 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/09 21:08:29 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/09 21:08:29 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/09 21:08:28 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/09 21:08:27 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/09 21:08:26 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/09 21:08:26 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/09 21:08:26 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/09 21:08:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/09 21:08:25 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/09 21:08:25 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/06/09 21:08:24 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/09 21:08:23 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/09 18:07:36 | 00,058,991 | ---- | C] () -- C:\Users\milkman\Desktop\Great Dane and Chihuahua small.jpg
[2009/05/31 10:09:23 | 00,000,000 | ---D | C] -- C:\Users\milkman\Desktop\for otis
[2009/05/30 18:55:58 | 00,000,000 | ---D | C] -- C:\Users\milkman\Desktop\tina's family
[2009/05/30 12:16:44 | 00,000,000 | ---D | C] -- C:\Users\milkman\Documents\My Scans
[2009/05/30 11:25:50 | 00,000,000 | ---D | C] -- C:\Users\milkman\AppData\Roaming\Printer Info Cache
[2009/05/30 11:25:47 | 00,000,000 | ---D | C] -- C:\Users\milkman\AppData\Roaming\Image Zone Express
[2009/05/30 11:21:25 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2009/05/30 11:19:08 | 00,000,000 | ---D | C] -- C:\Users\milkman\AppData\Roaming\HP
[2009/05/30 11:17:24 | 00,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2009/05/30 11:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/05/30 10:42:23 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/05/26 21:35:25 | 00,000,000 | ---D | C] -- C:\Users\milkman\Desktop\navigation_files
[2009/05/26 21:35:23 | 00,010,609 | ---- | C] () -- C:\Users\milkman\Desktop\navigation.htm
[2009/05/26 01:24:41 | 00,032,768 | ---- | C] () -- C:\Users\milkman\Desktop\Otis Lewis Miles.doc
[2009/05/15 11:56:44 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/05/15 11:47:25 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2008/10/04 09:30:27 | 00,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/10/04 09:30:27 | 00,000,008 | RHS- | C] () -- C:\Windows\System32\F8C6019B26.sys
[2008/08/09 13:33:37 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/27 23:30:13 | 00,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/03/11 15:11:08 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/03/11 06:31:48 | 00,568,850 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2007/03/11 06:31:47 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/03/11 06:31:45 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/03/11 06:31:42 | 00,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/03/11 06:31:42 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/02/24 11:01:55 | 00,000,067 | ---- | C] () -- C:\Windows\Amadis DVD Ripper.INI
[2006/12/25 05:49:43 | 00,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2006/12/25 05:49:43 | 00,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/12/24 13:38:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/12/24 13:38:37 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/12/12 11:13:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/12 10:02:50 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,204 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[4 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/06/12 22:21:03 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\milkman\Desktop\OTL.exe
[2009/06/12 22:14:20 | 00,128,933 | ---- | M] (Eric_71) -- C:\Users\milkman\Desktop\Rooter.exe
[2009/06/12 21:51:25 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 21:39:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/12 21:31:15 | 00,000,266 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/12 21:30:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/12 21:30:03 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/12 21:30:03 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/12 21:27:04 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Users\milkman\Desktop\FixIEDef.exe
[2009/06/12 19:20:46 | 17,132,5723 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/06/12 12:06:13 | 00,000,770 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2009/06/12 11:58:41 | 00,000,832 | ---- | M] () -- C:\Users\Public\Desktop\a-squared HiJackFree.lnk
[2009/06/12 11:21:09 | 00,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/06/12 11:21:02 | 00,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2009/06/12 08:35:10 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/06/11 22:50:38 | 37,748,736 | ---- | M] () -- C:\Windows\System32\ROE210.bac
[2009/06/11 22:50:38 | 19,922,944 | ---- | M] () -- C:\Windows\System32\ROE213.bac
[2009/06/11 22:50:38 | 00,262,144 | -HS- | M] () -- C:\Windows\System32\ROE228.bac
[2009/06/11 22:50:38 | 00,262,144 | ---- | M] () -- C:\Windows\System32\ROE21B.bac
[2009/06/11 22:50:38 | 00,262,144 | ---- | M] () -- C:\Windows\System32\ROE218.bac
[2009/06/11 22:50:38 | 00,262,144 | ---- | M] () -- C:\Windows\System32\ROE20B.bac
[2009/06/11 22:50:37 | 25,952,256 | ---- | M] () -- C:\Windows\System32\ROE220.bac
[2009/06/11 22:50:37 | 00,262,144 | -HS- | M] () -- C:\Windows\System32\ROE223.bac
[2009/06/11 22:50:28 | 04,456,448 | -H-- | M] () -- C:\Windows\System32\ROE230.bac
[2009/06/11 22:50:28 | 04,194,304 | -HS- | M] () -- C:\Windows\System32\ROE22B.bac
[2009/06/11 22:50:24 | 00,000,004 | ---- | M] () -- C:\WindowsRegDefrag.dat
[2009/06/11 22:46:52 | 00,004,205 | ---- | M] () -- C:\Users\milkman\Desktop\report.htm
[2009/06/11 15:16:07 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/11 15:16:07 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/11 15:16:07 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/10 15:59:24 | 00,191,488 | ---- | M] () -- C:\Users\milkman\Desktop\primal grill recipes s.c. pulled pork shoulder.pdf
[2009/06/10 09:09:01 | 00,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2009/06/10 03:17:49 | 01,647,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/10 03:14:21 | 00,000,484 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - milkman.job
[2009/06/09 18:07:50 | 00,058,991 | ---- | M] () -- C:\Users\milkman\Desktop\Great Dane and Chihuahua small.jpg
[2009/06/01 09:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/30 11:18:50 | 00,000,204 | ---- | M] () -- C:\Windows\win.ini
[2009/05/29 08:06:35 | 00,032,768 | ---- | M] () -- C:\Users\milkman\Desktop\Otis Lewis Miles.doc
[2009/05/26 21:35:39 | 00,010,609 | ---- | M] () -- C:\Users\milkman\Desktop\navigation.htm
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >













Rooter.exe (v1.0) by Eric_71
¨
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
32_bits - x86 Family 15 Model 6 Stepping 2, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:142749 Mo - Free:37021 Mo )
D:\ [Fixed-NTFS] .. ( Total:9875 Mo - Free:1850 Mo )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
¨
Scan : 23:23.15
Path : C:\Users\milkman\Desktop\Rooter.exe
User : milkman ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (328)
______ C:\Windows\system32\csrss.exe (396)
______ C:\Windows\system32\csrss.exe (432)
______ C:\Windows\system32\wininit.exe (440)
______ C:\Windows\system32\winlogon.exe (484)
______ C:\Windows\system32\services.exe (512)
______ C:\Windows\system32\lsass.exe (528)
______ C:\Windows\system32\lsm.exe (536)
______ C:\Windows\system32\svchost.exe (676)
______ C:\Windows\system32\svchost.exe (744)
______ C:\Windows\System32\svchost.exe (780)
______ C:\Windows\System32\svchost.exe (860)
______ C:\Windows\system32\svchost.exe (888)
______ C:\Windows\System32\svchost.exe (920)
______ C:\Windows\system32\svchost.exe (944)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\SYSTEM32\WISPTIS.EXE (1144)
______ C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (1152)
______ C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (1232)
______ C:\Windows\SYSTEM32\WISPTIS.EXE (1504)
______ C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (1512)
______ C:\Windows\Explorer.EXE (1524)
______ C:\Windows\system32\svchost.exe (1668)
______ C:\Windows\system32\svchost.exe (1780)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (1068)
______ C:\Windows\system32\wbem\unsecapp.exe (1776)
______ C:\Windows\system32\wbem\wmiprvse.exe (1216)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2028)
______ C:\Windows\system32\igfxsrvc.exe (2008)
______ C:\Users\milkman\Desktop\Rooter.exe (236)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:10355595264)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:10355627520 | Length:149683645440)
¨
----------------------\\ Scheduled Tasks
¨
C:\Windows\Tasks\AppleSoftwareUpdate.job
C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - milkman.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
C:\Users\milkman\Desktop\programs\programs for otis\programes\AVI DivX MPEG to DVD Converter & Burner Pro\AVI DivX MPEG to DVD Converter & Burner Pro\keygen.exe
C:\Users\milkman\Desktop\programs\programs for otis\programes\Nero.Premium.v7.570.and.Keygen\keygen.exe
==> Cracks & Keygens <==
¨
----------------------\\ Scan completed at 23:23.21
¨
C:\Rooter$\Rooter_3.txt - (12/06/2009 | 23:23.21).c
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP