Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unable to run automatic updates due to errors in registry

Started by cinster , Jun 19 2009 12:53 AM

  • Please log in to reply

#1
cinster
Posted 19 June 2009 - 12:53 AM

cinster

    Member

  • Member
  • PipPip
  • 35 posts
Attempting to clean xp machine that was trying to get us to download and use antiviruspro. Here's what I have done so far:

1. download and run Malwarebytes Anti-Malware - earlier today ran and fixed about 150 errors - last run had just one file to be removed (see log file below)

2. removed McAfee and downloaded and installed AVG Free version - scanned system

3. tried to run windows update - get windows update error 0x80070002
- found a posting at http://groups.google...d78887b062cdf4c that mentioned the same error and to look in registry for spots where "%systemroo%" had been replaced with "%fystemroot%". Sure enough, my registry has those errors but the only way I can modify them is to boot in safe mode and change permissions. When I try to change permissions in regular mode it doesn't work and won't allow the changes. If I make the changes in safe mode and then reboot - registry entries are changed again! Also get error as soon as windows xp boots "Windows Internet Explorer Cannot find 'file:///"

4. Downloaded Rooter and log file is below

5. downloaded OTL and log file is below

6. Going crazy and looking for help to find out what to try next. Thanks in advance for help!

MALM logfile:
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

6/18/2009 10:21:32 PM
mbam-log-2009-06-18 (22-21-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 144205
Time elapsed: 18 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Rooter log:
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2
32_bits - x86 Family 15 Model 4 Stepping 1, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:182 Go - Free:168 Go )
D:\ [Fixed-FAT32] .. ( Total:4 Go - Free:1 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
¨
Scan : 23:42.15
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (616)
______ \??\C:\WINDOWS\system32\csrss.exe (692)
______ \??\C:\WINDOWS\system32\winlogon.exe (720)
______ C:\WINDOWS\system32\services.exe (768)
______ C:\WINDOWS\system32\lsass.exe (780)
______ C:\WINDOWS\system32\svchost.exe (944)
______ C:\WINDOWS\system32\svchost.exe (1044)
______ C:\WINDOWS\System32\svchost.exe (1172)
______ C:\WINDOWS\system32\svchost.exe (1296)
______ C:\WINDOWS\system32\svchost.exe (1412)
______ C:\WINDOWS\system32\spoolsv.exe (1640)
______ C:\WINDOWS\Explorer.EXE (1900)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (208)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (248)
______ C:\Program Files\Digital Media Reader\shwiconem.exe (332)
______ C:\Program Files\Java\jre6\bin\jqs.exe (436)
______ C:\WINDOWS\system32\igfxtray.exe (464)
______ C:\WINDOWS\system32\hkcmd.exe (472)
______ C:\WINDOWS\zHotkey.exe (480)
______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (512)
______ C:\WINDOWS\SOUNDMAN.EXE (492)
______ C:\WINDOWS\ALCWZRD.EXE (544)
______ C:\Program Files\Java\jre6\bin\jusched.exe (588)
______ C:\Program Files\iTunes\iTunesHelper.exe (660)
______ C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (672)
______ C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe (852)
______ C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (996)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (1004)
______ C:\Program Files\Messenger\msmsgs.exe (1328)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1344)
______ C:\WINDOWS\system32\ctfmon.exe (1396)
______ C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe (1508)
______ C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe (1540)
______ C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (1604)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (1756)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1776)
______ C:\Program Files\iPod\bin\iPodService.exe (3080)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3712)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (2700)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:4597931520 | Length:195440878080)
\Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:4597899264)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\ISP signup reminder 2.job
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 23:42.35
¨
C:\Rooter$\Rooter_3.txt - (18/06/2009 | 23:42.35)



OTL:

OTL logfile created on: 6/18/2009 11:44:45 PM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.77 Mb Total Physical Memory | 174.32 Mb Available Physical Memory | 34.74% Memory free
1.20 Gb Paging File | 0.78 Gb Available in Paging File | 65.33% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.02 Gb Total Space | 168.50 Gb Free Space | 92.57% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.68 Gb Free Space | 39.27% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 698.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUNDRYROOM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\zHotkey.exe ()
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe (TalkAndWrite)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe (SupportSoft, Inc.)
PRC - C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (sprtsvc_ddoctorv2 [Auto | Running]) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (avgldx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgmfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgtdix [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/22 09:13:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/18 20:10:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/18 20:10:11 | 00,000,000 | ---D | M]

[2009/06/18 21:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/06/18 21:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/18 21:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wdn71vk9.default\extensions
[2009/06/18 20:10:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/18 20:10:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/02 20:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/02 20:00:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/02 16:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 16:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 16:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 16:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 16:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 16:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 16:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] zHotkey.exe ()
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [ShowWnd] ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run (TalkAndWrite)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: dcomcfg.exe = dcomcfg.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\lsp.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.micros...b?1245386745984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-03.su...ows-i586-jc.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/18 23:42:52 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/18 23:44:35 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/18 23:42:06 | 00,170,711 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/18 23:21:35 | 52,621,3120 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/18 23:14:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/18 21:43:48 | 00,000,102 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rename.bat
[2009/06/18 21:43:11 | 00,000,102 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\rename.bat
[2009/06/18 21:33:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/18 21:33:27 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/18 21:33:26 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/18 21:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/18 21:33:02 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/06/18 21:31:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/18 21:31:32 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/18 21:31:32 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/18 21:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/18 21:30:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/18 21:29:20 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/06/18 21:26:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/06/18 20:10:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/18 20:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/06/18 16:16:48 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/18 16:06:23 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/18 16:06:23 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/18 16:06:23 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/18 16:06:18 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/18 16:06:16 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/18 16:06:07 | 37,240,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/18 16:06:07 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/18 16:06:07 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/18 16:06:07 | 00,083,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/18 16:06:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/18 16:06:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/06/18 16:05:52 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/18 16:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/18 16:05:22 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AVG license.doc
[2009/06/18 13:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/06/18 13:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/18 13:10:06 | 00,000,000 | ---D | C] -- C:\Program Files\driver
[2009/06/14 12:14:53 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\lsp.dll
[2009/06/14 11:43:23 | 00,100,684 | ---- | C] () -- C:\WINDOWS\System32\drivers\61e4fb24.sys
[2009/06/14 11:42:58 | 00,109,193 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gifnoc.xtx
[2009/06/14 11:42:42 | 00,000,002 | ---- | C] () -- C:\12074134860
[2009/06/05 07:56:03 | 00,000,074 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ask Comcast.url
[2009/06/05 07:56:03 | 00,000,054 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Comcast Help.url
[2009/06/05 07:56:02 | 00,000,218 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Comcast Security.url
[2009/06/05 07:55:59 | 00,000,212 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Comcast Email.url
[2009/06/05 07:55:59 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Comcast Account Login.url
[2009/02/25 19:10:25 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/28 17:21:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/04/20 12:11:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\emfxp.dll
[2006/06/16 07:24:04 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/08/10 13:41:37 | 00,000,079 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2005/06/06 20:52:10 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/10 19:11:40 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/05/10 19:11:40 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/05/10 19:11:40 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/05/06 19:16:11 | 00,000,093 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/04/29 20:40:03 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/04/29 20:39:09 | 00,000,931 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/04/27 21:55:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/04/27 21:53:20 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2005/04/24 22:03:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/14 18:37:59 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/02/14 18:37:59 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2005/02/14 18:30:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/02/14 18:30:53 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/14 18:16:23 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/27 03:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 00,001,202 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 00,000,461 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 09:12:21 | 00,000,628 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 09:12:17 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/06/18 23:46:08 | 00,100,684 | ---- | M] () -- C:\WINDOWS\System32\drivers\61e4fb24.sys
[2009/06/18 23:44:36 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/18 23:42:07 | 00,170,711 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/18 23:22:17 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/06/18 23:22:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/18 23:21:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/18 23:21:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/06/18 23:21:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/18 23:21:35 | 52,621,3120 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/18 21:43:48 | 00,000,102 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rename.bat
[2009/06/18 21:43:28 | 00,000,102 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\rename.bat
[2009/06/18 21:37:07 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/18 21:33:09 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/06/18 21:31:32 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/18 21:31:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/18 21:30:55 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/18 21:29:21 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/06/18 20:10:13 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/18 17:54:33 | 37,240,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/18 17:54:12 | 00,083,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/18 16:06:23 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/18 16:06:23 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/18 16:06:23 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/18 16:06:18 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/18 16:06:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/18 16:06:07 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/18 16:06:07 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/18 16:05:23 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AVG license.doc
[2009/06/18 16:05:05 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2009/06/18 12:09:11 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/14 12:14:53 | 00,183,296 | ---- | M] () -- C:\WINDOWS\System32\lsp.dll
[2009/06/14 11:43:06 | 00,000,002 | ---- | M] () -- C:\12074134860
[2009/06/14 11:42:59 | 00,109,193 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gifnoc.xtx
[2009/06/14 10:06:46 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/06/13 14:05:42 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/05 07:56:03 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Comcast Security.url
[2009/06/05 07:56:03 | 00,000,074 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ask Comcast.url
[2009/06/05 07:56:03 | 00,000,054 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Comcast Help.url
[2009/06/05 07:56:02 | 00,000,212 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Comcast Email.url
[2009/06/05 07:55:59 | 00,000,081 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Comcast Account Login.url
[2009/05/23 08:43:02 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
< End of report >





OTL
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP