Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot remove packed.generic.200 virus


  • Please log in to reply

#1
rebeccamomof2

rebeccamomof2

    New Member

  • Member
  • Pip
  • 3 posts
My nortons 360 keeps poping up with a virus found (packed.generic.200 Virus) but cannot fix it. Can someone please help me with this. I went through malware foreum rules and tried all of the downloads and nothing works. Also, I tried several times to download the Malwarebytes' Anti-Malware and it would freeze up at the end. I even tried renaming the setup file as instructed. Below is the Rooter Notepad #1 after I ran the scan:

Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 2 Stepping 9, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:58 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
¨
Scan : 18:57.29

Extras:
OTL Extras logfile created on: 6/17/2009 7:07:08 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\0N9U1QDK
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 92.39% Memory free
3.10 Gb Paging File | 2.53 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 58.81 Gb Free Space | 78.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 340.30 Mb Total Space | 339.82 Mb Free Space | 99.86% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"58535:TCP" = 58535:TCP:*:Enabled:Pando P2P TCP Listening Port
"58535:UDP" = 58535:UDP:*:Enabled:Pando P2P UDP Listening Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application
[2008/03/05 23:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 18:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{09A4A294-D32A-4746-92B0-2AE8185E6547}" = Socrates Media, LLC - Winning Business Plans
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B554158F-E72C-402C-98A6-9EDF215DB4DB}" = Messageware Plus Pack English Dictionary
"{B6389A55-D03D-4DB2-BC29-579C26C98C9D}" = SymNet
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C365ACC1-D32A-4552-A246-38DE4EF40DC6}" = Messageware Plus Pack Base Component
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D7D42538-D47D-4C9A-971B-39A3C78E09AC}" = SymNet
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Arthur's Wilderness Rescue" = Arthur's Wilderness Rescue
"Barbie Video Phone" = Barbie Video Phone
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photodex Presenter" = Photodex Presenter
"PhotoParade.exe" = PhotoParade Player
"PROSet" = Intel® PRO Network Adapters and Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Puppy Grows & Knows Your Name_is1" = Puppy Grows & Knows Your Name 1.0
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealOne Player
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2009 4:28:51 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/17/2009 4:28:51 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/17/2009 5:47:17 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2009 6:23:06 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2009 6:25:57 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2009 6:37:51 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2009 6:43:27 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2009 6:44:40 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2009 6:53:37 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2009 6:55:18 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application jasonmal-setup.tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/17/2009 4:55:11 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSPX SYMTDI Tcpip

Error - 6/17/2009 4:55:35 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/17/2009 4:55:45 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/17/2009 4:57:39 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 6/17/2009 4:57:49 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 6/17/2009 5:01:02 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.

Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.

Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Symantec Lic NetConnect service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/17/2009 5:03:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate Notice service terminated unexpectedly. It has done
this 1 time(s).


< End of report >


Path : C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe
User : Jason ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (868)
______ \??\C:\WINDOWS\system32\csrss.exe (916)
______ \??\C:\WINDOWS\system32\winlogon.exe (940)
______ C:\WINDOWS\system32\services.exe (988)
______ C:\WINDOWS\system32\lsass.exe (1000)
______ C:\WINDOWS\system32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1304)
______ C:\WINDOWS\System32\svchost.exe (1344)
______ C:\WINDOWS\System32\svchost.exe (1444)
______ C:\WINDOWS\System32\svchost.exe (1532)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1576)
______ C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (1668)
______ C:\WINDOWS\Explorer.EXE (1888)
______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (1900)
______ C:\Program Files\Internet Explorer\Iexplore.exe (1940)
______ C:\WINDOWS\system32\spoolsv.exe (300)
______ C:\WINDOWS\System32\svchost.exe (484)
______ C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (560)
______ C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (748)
______ C:\WINDOWS\System32\svchost.exe (860)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1688)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (1700)
______ C:\WINDOWS\System32\DSentry.exe (1652)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1784)
______ C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (1816)
______ C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe (1984)
______ C:\WINDOWS\system32\hkcmd.exe (2060)
______ C:\WINDOWS\system32\igfxpers.exe (2072)
______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (2104)
______ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (2156)
______ C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe (2180)
______ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (2212)
______ C:\WINDOWS\system32\ctfmon.exe (2224)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (2416)
______ C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (2616)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2828)
______ C:\WINDOWS\System32\alg.exe (3024)
______ C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (3200)
______ C:\Program Files\Internet Explorer\Iexplore.exe (3484)
______ C:\WINDOWS\system32\rundll32.exe (1252)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (1868)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (2972)
______ C:\Program Files\Internet Explorer\iexplore.exe (684)
______ C:\Program Files\Internet Explorer\iexplore.exe (2748)
______ C:\Program Files\Internet Explorer\iexplore.exe (4072)
______ C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe (4024)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:79957946880)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 18:57.32
¨
C:\Rooter$\Rooter_1.txt - (17/06/2009 | 18:57.32)

Here is Notepad #2 from rooter:
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 2 Stepping 9, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:58 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
¨
Scan : 18:57.29
Path : C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe
User : Jason ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (868)
______ \??\C:\WINDOWS\system32\csrss.exe (916)
______ \??\C:\WINDOWS\system32\winlogon.exe (940)
______ C:\WINDOWS\system32\services.exe (988)
______ C:\WINDOWS\system32\lsass.exe (1000)
______ C:\WINDOWS\system32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1304)
______ C:\WINDOWS\System32\svchost.exe (1344)
______ C:\WINDOWS\System32\svchost.exe (1444)
______ C:\WINDOWS\System32\svchost.exe (1532)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1576)
______ C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (1668)
______ C:\WINDOWS\Explorer.EXE (1888)
______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (1900)
______ C:\Program Files\Internet Explorer\Iexplore.exe (1940)
______ C:\WINDOWS\system32\spoolsv.exe (300)
______ C:\WINDOWS\System32\svchost.exe (484)
______ C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (560)
______ C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (748)
______ C:\WINDOWS\System32\svchost.exe (860)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1688)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (1700)
______ C:\WINDOWS\System32\DSentry.exe (1652)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1784)
______ C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (1816)
______ C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe (1984)
______ C:\WINDOWS\system32\hkcmd.exe (2060)
______ C:\WINDOWS\system32\igfxpers.exe (2072)
______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (2104)
______ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (2156)
______ C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe (2180)
______ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (2212)
______ C:\WINDOWS\system32\ctfmon.exe (2224)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (2416)
______ C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (2616)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2828)
______ C:\WINDOWS\System32\alg.exe (3024)
______ C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (3200)
______ C:\Program Files\Internet Explorer\Iexplore.exe (3484)
______ C:\WINDOWS\system32\rundll32.exe (1252)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (1868)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (2972)
______ C:\Program Files\Internet Explorer\iexplore.exe (684)
______ C:\Program Files\Internet Explorer\iexplore.exe (2748)
______ C:\Program Files\Internet Explorer\iexplore.exe (4072)
______ C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\F96ZKZNA\Rooter[1].exe (4024)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:79957946880)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 18:57.32
¨
C:\Rooter$\Rooter_1.txt - (17/06/2009 | 18:57.32)
¨
C:\Rooter$\Rooter_2.txt - (17/06/2009 | 18:57.45)


And below is the OTL log
OTL logfile created on: 6/17/2009 7:07:08 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\0N9U1QDK
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 92.39% Memory free
3.10 Gb Paging File | 2.53 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 58.81 Gb Free Space | 78.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 340.30 Mb Total Space | 339.82 Mb Free Space | 99.86% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/08/22 04:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/26 19:25:22 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2003/09/03 22:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/06 03:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2003/08/13 12:27:40 | 00,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\System32\DSentry.exe
PRC - [2004/03/12 20:01:24 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2001/03/23 16:57:52 | 00,995,328 | ---- | M] (Alcatel Bell) -- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
PRC - [2005/03/04 20:01:16 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
PRC - [2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/01/29 22:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/03/23 14:14:52 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2009/02/13 20:56:03 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe
PRC - [2008/10/07 11:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/03/06 20:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
PRC - [2007/03/02 17:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/17 19:07:03 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\0N9U1QDK\OTL[1].exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/08/22 04:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/09/05 12:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2003/03/03 15:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/10/26 19:25:22 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 16:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/03/23 16:58:34 | 00,042,688 | ---- | M] (Alcatel Bell) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
DRV - [2001/03/23 16:58:12 | 00,588,720 | ---- | M] (Alcatel Bell) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2004/10/15 13:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Running])
DRV - [2006/12/12 12:28:26 | 00,052,224 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Running])
DRV - [2006/09/03 10:53:54 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2008/07/30 18:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2007/08/08 20:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/07/31 05:21:00 | 00,084,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2003/06/20 04:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2003/03/04 14:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/02/25 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/17 14:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2009/02/25 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/02/04 12:35:19 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2009/02/19 05:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/02/19 05:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/07/29 22:11:24 | 00,016,772 | R--- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/07/30 04:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/05/06 11:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008/09/05 15:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2008/01/31 21:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2008/01/31 21:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2008/01/31 21:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2003/07/14 13:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2003/07/14 13:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009/02/19 12:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/09 07:34:08 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/09 18:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2006/06/28 23:28:09 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2009/02/19 12:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2003/08/06 03:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,083,284 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,098,068 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2003/08/06 03:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2003/04/15 12:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 12:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsout...ge=hb/index.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/30 23:21:17 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [Memorex Secure TD icon] C:\Documents and Settings\Jason\Application Data\Memorex\ChangeIcon.exe ()
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (Alcatel Bell)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: psiusa.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238465429468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com...indows-i586.cab (Java Plug-in 1.4.2_08)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8069.8239699074 (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_08)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/17 18:17:33 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/17 18:57:32 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/17 18:54:36 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 18:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/17 18:46:27 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\jasonmal-setup.exe
[2009/06/17 18:36:18 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 18:36:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/17 18:36:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2009/06/17 18:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/17 18:17:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/17 18:15:02 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\NTREGOPT.lnk
[2009/06/17 18:15:02 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\ERUNT.lnk
[2009/06/17 18:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/17 18:04:34 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\TFC.exe
[2009/06/17 17:20:21 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/06/17 17:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/17 17:07:20 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/06/17 10:09:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/06/11 16:26:14 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 16:26:14 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/11 09:05:20 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2009/06/03 06:36:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/03 06:35:26 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/03 06:32:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2008/05/03 12:03:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/12/24 16:18:58 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/12/24 16:18:58 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/12/24 16:16:12 | 00,000,810 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/12/24 16:16:12 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/12/24 16:14:42 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2007/12/24 16:14:40 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/12/24 16:13:01 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/09/14 15:24:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
[2004/04/12 18:25:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/11 09:32:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/03/31 21:11:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/03/24 19:11:13 | 00,002,059 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/24 07:36:51 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/03/23 23:17:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/03/23 22:46:48 | 00,005,600 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/03/23 22:40:11 | 00,000,828 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2004/03/12 20:11:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/12 19:58:39 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/12 19:55:19 | 00,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/12 19:40:42 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/12 19:27:54 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/14 00:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 10:59:58 | 00,000,503 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/04/04 16:04:08 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[2009/06/17 18:54:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 18:51:35 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/06/17 18:50:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/17 18:50:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Jason\Local Settings\DESKTOP.INI
[2009/06/17 18:50:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/06/17 18:17:33 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\NTREGOPT.lnk
[2009/06/17 18:17:33 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\ERUNT.lnk
[2009/06/17 18:04:34 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\TFC.exe
[2009/06/17 17:07:22 | 00,000,503 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/06/17 17:07:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/06/17 17:07:22 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/06/17 16:06:11 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Jason\My Documents\DESKTOP.INI
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 17:25:21 | 00,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 17:18:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/11 09:05:20 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP