Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 2 Stepping 9, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:58 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
¨
Scan : 18:57.29
Extras:
OTL Extras logfile created on: 6/17/2009 7:07:08 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\0N9U1QDK
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 92.39% Memory free
3.10 Gb Paging File | 2.53 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 58.81 Gb Free Space | 78.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 340.30 Mb Total Space | 339.82 Mb Free Space | 99.86% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FAMILY
Current User Name: Jason
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"58535:TCP" = 58535:TCP:*:Enabled:Pando P2P TCP Listening Port
"58535:UDP" = 58535:UDP:*:Enabled:Pando P2P UDP Listening Port
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application
[2008/03/05 23:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 18:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{09A4A294-D32A-4746-92B0-2AE8185E6547}" = Socrates Media, LLC - Winning Business Plans
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B554158F-E72C-402C-98A6-9EDF215DB4DB}" = Messageware Plus Pack English Dictionary
"{B6389A55-D03D-4DB2-BC29-579C26C98C9D}" = SymNet
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C365ACC1-D32A-4552-A246-38DE4EF40DC6}" = Messageware Plus Pack Base Component
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D7D42538-D47D-4C9A-971B-39A3C78E09AC}" = SymNet
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Arthur's Wilderness Rescue" = Arthur's Wilderness Rescue
"Barbie Video Phone" = Barbie Video Phone
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photodex Presenter" = Photodex Presenter
"PhotoParade.exe" = PhotoParade Player
"PROSet" = Intel® PRO Network Adapters and Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Puppy Grows & Knows Your Name_is1" = Puppy Grows & Knows Your Name 1.0
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealOne Player
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/17/2009 4:28:51 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 6/17/2009 4:28:51 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 6/17/2009 5:47:17 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/17/2009 6:23:06 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/17/2009 6:25:57 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/17/2009 6:37:51 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/17/2009 6:43:27 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/17/2009 6:44:40 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/17/2009 6:53:37 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/17/2009 6:55:18 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application jasonmal-setup.tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 6/17/2009 4:55:11 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSPX SYMTDI Tcpip
Error - 6/17/2009 4:55:35 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 6/17/2009 4:55:45 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 6/17/2009 4:57:39 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error - 6/17/2009 4:57:49 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error - 6/17/2009 5:01:02 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.
Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.
Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Symantec Lic NetConnect service service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate Notice service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
Path : C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe
User : Jason ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (868)
______ \??\C:\WINDOWS\system32\csrss.exe (916)
______ \??\C:\WINDOWS\system32\winlogon.exe (940)
______ C:\WINDOWS\system32\services.exe (988)
______ C:\WINDOWS\system32\lsass.exe (1000)
______ C:\WINDOWS\system32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1304)
______ C:\WINDOWS\System32\svchost.exe (1344)
______ C:\WINDOWS\System32\svchost.exe (1444)
______ C:\WINDOWS\System32\svchost.exe (1532)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1576)
______ C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (1668)
______ C:\WINDOWS\Explorer.EXE (1888)
______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (1900)
______ C:\Program Files\Internet Explorer\Iexplore.exe (1940)
______ C:\WINDOWS\system32\spoolsv.exe (300)
______ C:\WINDOWS\System32\svchost.exe (484)
______ C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (560)
______ C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (748)
______ C:\WINDOWS\System32\svchost.exe (860)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1688)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (1700)
______ C:\WINDOWS\System32\DSentry.exe (1652)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1784)
______ C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (1816)
______ C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe (1984)
______ C:\WINDOWS\system32\hkcmd.exe (2060)
______ C:\WINDOWS\system32\igfxpers.exe (2072)
______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (2104)
______ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (2156)
______ C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe (2180)
______ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (2212)
______ C:\WINDOWS\system32\ctfmon.exe (2224)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (2416)
______ C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (2616)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2828)
______ C:\WINDOWS\System32\alg.exe (3024)
______ C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (3200)
______ C:\Program Files\Internet Explorer\Iexplore.exe (3484)
______ C:\WINDOWS\system32\rundll32.exe (1252)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (1868)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (2972)
______ C:\Program Files\Internet Explorer\iexplore.exe (684)
______ C:\Program Files\Internet Explorer\iexplore.exe (2748)
______ C:\Program Files\Internet Explorer\iexplore.exe (4072)
______ C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe (4024)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:79957946880)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 18:57.32
¨
C:\Rooter$\Rooter_1.txt - (17/06/2009 | 18:57.32)
Here is Notepad #2 from rooter:
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 2 Stepping 9, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:58 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
¨
Scan : 18:57.29
Path : C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe
User : Jason ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (868)
______ \??\C:\WINDOWS\system32\csrss.exe (916)
______ \??\C:\WINDOWS\system32\winlogon.exe (940)
______ C:\WINDOWS\system32\services.exe (988)
______ C:\WINDOWS\system32\lsass.exe (1000)
______ C:\WINDOWS\system32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1304)
______ C:\WINDOWS\System32\svchost.exe (1344)
______ C:\WINDOWS\System32\svchost.exe (1444)
______ C:\WINDOWS\System32\svchost.exe (1532)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1576)
______ C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (1668)
______ C:\WINDOWS\Explorer.EXE (1888)
______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (1900)
______ C:\Program Files\Internet Explorer\Iexplore.exe (1940)
______ C:\WINDOWS\system32\spoolsv.exe (300)
______ C:\WINDOWS\System32\svchost.exe (484)
______ C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (560)
______ C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (748)
______ C:\WINDOWS\System32\svchost.exe (860)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1688)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (1700)
______ C:\WINDOWS\System32\DSentry.exe (1652)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1784)
______ C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (1816)
______ C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe (1984)
______ C:\WINDOWS\system32\hkcmd.exe (2060)
______ C:\WINDOWS\system32\igfxpers.exe (2072)
______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (2104)
______ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (2156)
______ C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe (2180)
______ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (2212)
______ C:\WINDOWS\system32\ctfmon.exe (2224)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (2416)
______ C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (2616)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2828)
______ C:\WINDOWS\System32\alg.exe (3024)
______ C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (3200)
______ C:\Program Files\Internet Explorer\Iexplore.exe (3484)
______ C:\WINDOWS\system32\rundll32.exe (1252)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (1868)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (2972)
______ C:\Program Files\Internet Explorer\iexplore.exe (684)
______ C:\Program Files\Internet Explorer\iexplore.exe (2748)
______ C:\Program Files\Internet Explorer\iexplore.exe (4072)
______ C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe (4024)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:79957946880)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 18:57.32
¨
C:\Rooter$\Rooter_1.txt - (17/06/2009 | 18:57.32)
¨
C:\Rooter$\Rooter_2.txt - (17/06/2009 | 18:57.45)
And below is the OTL log
OTL logfile created on: 6/17/2009 7:07:08 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\0N9U1QDK
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 92.39% Memory free
3.10 Gb Paging File | 2.53 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 58.81 Gb Free Space | 78.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 340.30 Mb Total Space | 339.82 Mb Free Space | 99.86% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FAMILY
Current User Name: Jason
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/08/22 04:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/26 19:25:22 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2003/09/03 22:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/06 03:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2003/08/13 12:27:40 | 00,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\System32\DSentry.exe
PRC - [2004/03/12 20:01:24 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2001/03/23 16:57:52 | 00,995,328 | ---- | M] (Alcatel Bell) -- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
PRC - [2005/03/04 20:01:16 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
PRC - [2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/01/29 22:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/03/23 14:14:52 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2009/02/13 20:56:03 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe
PRC - [2008/10/07 11:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/03/06 20:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
PRC - [2007/03/02 17:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/17 19:07:03 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\0N9U1QDK\OTL[1].exe
========== Win32 Services (SafeList) ==========
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/08/22 04:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/09/05 12:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2003/03/03 15:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/10/26 19:25:22 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2002/04/01 16:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/03/23 16:58:34 | 00,042,688 | ---- | M] (Alcatel Bell) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
DRV - [2001/03/23 16:58:12 | 00,588,720 | ---- | M] (Alcatel Bell) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2004/10/15 13:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Running])
DRV - [2006/12/12 12:28:26 | 00,052,224 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Running])
DRV - [2006/09/03 10:53:54 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2008/07/30 18:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2007/08/08 20:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/07/31 05:21:00 | 00,084,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2003/06/20 04:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2003/03/04 14:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/02/25 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/17 14:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2009/02/25 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/02/04 12:35:19 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2009/02/19 05:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/02/19 05:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/07/29 22:11:24 | 00,016,772 | R--- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/07/30 04:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/05/06 11:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008/09/05 15:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2008/01/31 21:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2008/01/31 21:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2008/01/31 21:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2003/07/14 13:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2003/07/14 13:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009/02/19 12:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/09 07:34:08 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/09 18:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2006/06/28 23:28:09 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2009/02/19 12:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2003/08/06 03:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,083,284 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,098,068 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2003/04/15 12:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 12:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsout...ge=hb/index.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/30 23:21:17 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [Memorex Secure TD icon] C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe ()
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (Alcatel Bell)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: psiusa.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238465429468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com...indows-i586.cab (Java Plug-in 1.4.2_08)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8069.8239699074 (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_08)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/17 18:17:33 | 00,000,000 | R--D | M]
========== Files/Folders - Created Within 30 Days ==========
[2009/06/17 18:57:32 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/17 18:54:36 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 18:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/17 18:46:27 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\jasonmal-setup.exe
[2009/06/17 18:36:18 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 18:36:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/17 18:36:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2009/06/17 18:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/17 18:17:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/17 18:15:02 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\NTREGOPT.lnk
[2009/06/17 18:15:02 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\ERUNT.lnk
[2009/06/17 18:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/17 18:04:34 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\TFC.exe
[2009/06/17 17:20:21 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/06/17 17:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/17 17:07:20 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/06/17 10:09:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/06/11 16:26:14 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 16:26:14 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/11 09:05:20 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2009/06/03 06:36:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/03 06:35:26 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/03 06:32:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2008/05/03 12:03:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/12/24 16:18:58 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/12/24 16:18:58 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/12/24 16:16:12 | 00,000,810 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/12/24 16:16:12 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/12/24 16:14:42 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2007/12/24 16:14:40 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/12/24 16:13:01 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/09/14 15:24:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
[2004/04/12 18:25:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/11 09:32:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/03/31 21:11:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/03/24 19:11:13 | 00,002,059 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/24 07:36:51 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/03/23 23:17:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/03/23 22:46:48 | 00,005,600 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/03/23 22:40:11 | 00,000,828 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2004/03/12 20:11:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/12 19:58:39 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/12 19:55:19 | 00,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/12 19:40:42 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/12 19:27:54 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/14 00:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 10:59:58 | 00,000,503 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/04/04 16:04:08 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
========== Files - Modified Within 30 Days ==========
[2009/06/17 18:54:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 18:51:35 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/06/17 18:50:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/17 18:50:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Jason\Local Settings\DESKTOP.INI
[2009/06/17 18:50:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/06/17 18:17:33 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\NTREGOPT.lnk
[2009/06/17 18:17:33 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\ERUNT.lnk
[2009/06/17 18:04:34 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\TFC.exe
[2009/06/17 17:07:22 | 00,000,503 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/06/17 17:07:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/06/17 17:07:22 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/06/17 16:06:11 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Jason\My Documents\DESKTOP.INI
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 17:25:21 | 00,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 17:18:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/11 09:05:20 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >