Edited by Moniero, 07 August 2009 - 09:07 PM.
Please HELP....BLUE SCREEN
Started by
Moniero
, Aug 07 2009 06:37 PM
#1
Posted 07 August 2009 - 06:37 PM
#2
Posted 07 August 2009 - 07:12 PM
Malwarebytes' Anti-Malware 1.36
Database version: 2067
Windows 5.1.2600 Service Pack 2
8/7/2009 8:02:22 PM
mbam-log-2009-08-07 (20-02-22).txt
Scan type: Quick Scan
Objects scanned: 80724
Time elapsed: 7 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL LOG
OTL logfile created on: 8/7/2009 8:06:52 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.04 Mb Total Physical Memory | 235.07 Mb Available Physical Memory | 23.18% Memory free
2.38 Gb Paging File | 1.76 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 41.93 Gb Free Space | 48.58% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.08 Gb Free Space | 45.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 952.19 Mb Total Space | 10.56 Mb Free Space | 1.11% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-E82B12DEB8
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2005/12/28 12:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/08/04 07:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
PRC - [2005/12/28 12:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2005/10/12 13:30:24 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2005/07/06 21:06:36 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe
PRC - [2005/08/10 12:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/16 17:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
PRC - [2004/08/04 07:00:00 | 00,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WISPTIS.EXE
PRC - [2002/08/29 05:41:28 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tabbtnu.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/12/16 02:59:47 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/28 12:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/12/16 18:51:39 | 00,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/08/04 07:00:00 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
PRC - [2004/08/04 07:00:00 | 00,271,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
PRC - [2008/12/16 02:43:13 | 00,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2004/11/05 10:47:00 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/05 10:47:00 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/12/16 02:43:13 | 00,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2005/10/12 13:30:42 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2008/12/16 02:43:13 | 00,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/01/20 15:34:26 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/01/12 04:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/03/23 15:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 15:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/03/23 15:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2005/12/28 12:55:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2004/11/03 16:03:00 | 00,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1229413987\EE\AOLHostManager.exe
PRC - [2005/12/28 12:56:16 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/08/11 23:02:44 | 00,053,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\oasclnt.exe
PRC - [2005/09/26 11:26:58 | 00,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/12/27 11:20:14 | 00,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2008/12/16 02:54:12 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/08/10 13:49:20 | 00,163,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/09/27 18:17:46 | 00,999,424 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/07/08 19:16:16 | 00,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2004/11/03 16:03:00 | 00,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1229413987\EE\AOLServiceHost.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/12/16 18:51:39 | 01,783,808 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2005/08/16 17:17:34 | 00,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2009/02/20 14:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/05/09 18:28:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/09 19:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2005/12/28 12:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/01/09 20:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/05 17:35:35 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/01 11:33:33 | 02,426,728 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\CToolbar.exe
PRC - [2009/08/07 20:05:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/12/28 12:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/07/21 07:38:00 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/10/12 13:30:24 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/07/06 21:06:36 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe -- (McDetect.exe [Auto | Running])
SRV - [2005/08/10 12:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [Auto | Running])
SRV - [2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Auto | Running])
SRV - [2005/07/01 20:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2005/08/16 17:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Auto | Running])
SRV - [2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/16 02:59:47 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2005/12/28 12:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/12/28 12:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/12/16 18:51:39 | 00,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
SRV - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2009/04/30 18:07:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 17:35:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 17:35:42 | 00,000,000 | ---D | M]
[2008/12/28 16:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/28 16:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/06 21:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions
[2009/03/22 20:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/07 18:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2009/04/03 20:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions\[email protected]
[2009/08/06 21:28:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 17:35:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/22 22:32:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/05 17:35:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 17:35:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/05 17:35:36 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/14 22:49:18 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 03:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (797 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (McAfee Anti-Phishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229413987\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Snippet] C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Crawler Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst20040510.cab (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} http://images.fotki....tkiUploader.cab (FotkiUploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\loginkey: DllName - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\TabBtnWL.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/22 05:32:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/06/22 05:32:12 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/08/07 16:11:36 | 00,024,068 | -H-- | M] () - F:\autorun.exe -- [ FAT ]
O32 - AutoRun File - [2009/08/07 17:02:26 | 00,000,155 | -H-- | M] () - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{08ff2b7d-cb78-11dd-8c24-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{08ff2b7d-cb78-11dd-8c24-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{786c68ac-cfbb-11dd-8c2d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{786c68ac-cfbb-11dd-8c2d-00038a000015}\Shell\Explore\command - "" = F:\autorun.exe -- [2009/08/07 16:11:36 | 00,024,068 | -H-- | M] ()
O33 - MountPoints2\{786c68ac-cfbb-11dd-8c2d-00038a000015}\Shell\Open\command - "" = F:\autorun.exe -- [2009/08/07 16:11:36 | 00,024,068 | -H-- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/08/07 20:05:58 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/07 19:34:00 | 00,000,201 | ---- | C] () -- C:\Boot.bak
[2009/08/07 19:33:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/07 19:33:46 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/08/07 19:31:44 | 00,217,088 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/07 19:31:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/07 19:31:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/07 19:31:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/07 19:31:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/07 19:31:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/07 19:31:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/07 19:31:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/07 19:31:28 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/07 19:29:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/07 19:29:35 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/08/07 19:18:23 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/08/07 19:17:53 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SDFix.exe
[2009/08/07 18:29:25 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/07 18:29:25 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/07 18:29:25 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/07 18:29:25 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/07 18:29:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/07 18:29:22 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/07 18:29:22 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/07 18:29:22 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/07 18:29:22 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/07 18:29:05 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/07 18:29:05 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/07 18:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/07 18:09:14 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/08/07 17:58:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/07 17:46:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/07 17:46:22 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/07 17:46:22 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/07 17:46:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/07 17:45:40 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/07 17:44:28 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint(2).exe
[2009/08/07 17:43:26 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/07 17:31:53 | 00,000,831 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/08/07 17:22:05 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/07 16:52:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/08/07 16:52:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR09.exe
[2009/08/06 22:41:48 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/06 22:41:48 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/01 20:03:31 | 01,929,164 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hallway Leading to Our Room.jpg
========== Files - Modified Within 14 Days ==========
[2009/08/07 20:05:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/07 19:34:00 | 00,000,270 | RHS- | M] () -- C:\boot.ini
[2009/08/07 19:32:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/07 19:31:41 | 00,112,832 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/08/07 19:23:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/07 19:23:31 | 10,633,74848 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/07 19:18:04 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SDFix.exe
[2009/08/07 18:29:25 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/07 18:29:22 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/07 18:09:14 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/08/07 18:03:18 | 00,000,714 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/07 18:00:04 | 00,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2009/08/07 17:46:22 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/07 17:46:22 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/07 17:45:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/07 17:44:29 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint(2).exe
[2009/08/07 17:43:26 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/07 17:32:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
[2009/08/07 17:32:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/08/07 17:31:53 | 00,000,831 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/08/07 17:22:06 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/07 10:24:57 | 00,217,088 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/06 22:41:48 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/06 22:41:48 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/01 20:03:36 | 01,929,164 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hallway Leading to Our Room.jpg
[2009/07/31 11:51:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== LOP Check ==========
[2009/05/09 20:23:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/16 02:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2008/12/16 02:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2009/05/03 16:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/12/16 19:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2008/12/16 02:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/03/20 00:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/12/16 02:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2008/12/16 02:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/07 17:32:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/04/27 19:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/16 02:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/03 16:09:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2009/05/25 17:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/04/04 23:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EBookSys
[2009/04/10 12:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/12/16 19:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intel
[2009/05/16 19:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2009/03/22 22:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2008/12/16 02:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/02/15 15:01:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2009/08/07 17:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
[2008/12/17 19:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2008/12/16 02:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/07 18:00:04 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Owner.job
[2009/08/07 19:32:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/07 20:17
Program Version: Version 1.3.3.0
Windows Version: Windows XP Tablet PC Edition SP2
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xAA3CC000 Size: 876544 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA97C9000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd6b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cda52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd14c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd64e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd08c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd0f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd76e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd72e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd8ae
==EOF==
Database version: 2067
Windows 5.1.2600 Service Pack 2
8/7/2009 8:02:22 PM
mbam-log-2009-08-07 (20-02-22).txt
Scan type: Quick Scan
Objects scanned: 80724
Time elapsed: 7 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL LOG
OTL logfile created on: 8/7/2009 8:06:52 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.04 Mb Total Physical Memory | 235.07 Mb Available Physical Memory | 23.18% Memory free
2.38 Gb Paging File | 1.76 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 41.93 Gb Free Space | 48.58% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.08 Gb Free Space | 45.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 952.19 Mb Total Space | 10.56 Mb Free Space | 1.11% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-E82B12DEB8
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2005/12/28 12:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/08/04 07:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
PRC - [2005/12/28 12:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2005/10/12 13:30:24 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2005/07/06 21:06:36 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe
PRC - [2005/08/10 12:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/16 17:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
PRC - [2004/08/04 07:00:00 | 00,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WISPTIS.EXE
PRC - [2002/08/29 05:41:28 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tabbtnu.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/12/16 02:59:47 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/28 12:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/12/16 18:51:39 | 00,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/08/04 07:00:00 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
PRC - [2004/08/04 07:00:00 | 00,271,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
PRC - [2008/12/16 02:43:13 | 00,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2004/11/05 10:47:00 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/05 10:47:00 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/12/16 02:43:13 | 00,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2005/10/12 13:30:42 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2008/12/16 02:43:13 | 00,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/01/20 15:34:26 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/01/12 04:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/03/23 15:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 15:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/03/23 15:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2005/12/28 12:55:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2004/11/03 16:03:00 | 00,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1229413987\EE\AOLHostManager.exe
PRC - [2005/12/28 12:56:16 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/08/11 23:02:44 | 00,053,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\oasclnt.exe
PRC - [2005/09/26 11:26:58 | 00,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/12/27 11:20:14 | 00,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2008/12/16 02:54:12 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/08/10 13:49:20 | 00,163,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/09/27 18:17:46 | 00,999,424 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/07/08 19:16:16 | 00,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2004/11/03 16:03:00 | 00,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1229413987\EE\AOLServiceHost.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/12/16 18:51:39 | 01,783,808 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2005/08/16 17:17:34 | 00,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2009/02/20 14:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/05/09 18:28:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/09 19:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2005/12/28 12:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/01/09 20:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/05 17:35:35 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/01 11:33:33 | 02,426,728 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\CToolbar.exe
PRC - [2009/08/07 20:05:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/12/28 12:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/07/21 07:38:00 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/10/12 13:30:24 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/07/06 21:06:36 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe -- (McDetect.exe [Auto | Running])
SRV - [2005/08/10 12:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [Auto | Running])
SRV - [2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Auto | Running])
SRV - [2005/07/01 20:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2005/08/16 17:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Auto | Running])
SRV - [2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/16 02:59:47 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2005/12/28 12:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/12/28 12:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/12/16 18:51:39 | 00,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
SRV - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2009/04/30 18:07:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 17:35:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 17:35:42 | 00,000,000 | ---D | M]
[2008/12/28 16:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/28 16:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/06 21:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions
[2009/03/22 20:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/07 18:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2009/04/03 20:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pe030i71.default\extensions\[email protected]
[2009/08/06 21:28:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 17:35:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/22 22:32:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/05 17:35:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 17:35:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/05 17:35:36 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/14 22:07:44 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/14 22:49:18 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 03:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (797 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (McAfee Anti-Phishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229413987\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Snippet] C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Crawler Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst20040510.cab (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} http://images.fotki....tkiUploader.cab (FotkiUploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\loginkey: DllName - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\TabBtnWL.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/22 05:32:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/06/22 05:32:12 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/08/07 16:11:36 | 00,024,068 | -H-- | M] () - F:\autorun.exe -- [ FAT ]
O32 - AutoRun File - [2009/08/07 17:02:26 | 00,000,155 | -H-- | M] () - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{08ff2b7d-cb78-11dd-8c24-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{08ff2b7d-cb78-11dd-8c24-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{786c68ac-cfbb-11dd-8c2d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{786c68ac-cfbb-11dd-8c2d-00038a000015}\Shell\Explore\command - "" = F:\autorun.exe -- [2009/08/07 16:11:36 | 00,024,068 | -H-- | M] ()
O33 - MountPoints2\{786c68ac-cfbb-11dd-8c2d-00038a000015}\Shell\Open\command - "" = F:\autorun.exe -- [2009/08/07 16:11:36 | 00,024,068 | -H-- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/08/07 20:05:58 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/07 19:34:00 | 00,000,201 | ---- | C] () -- C:\Boot.bak
[2009/08/07 19:33:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/07 19:33:46 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/08/07 19:31:44 | 00,217,088 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/07 19:31:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/07 19:31:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/07 19:31:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/07 19:31:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/07 19:31:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/07 19:31:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/07 19:31:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/07 19:31:28 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/07 19:29:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/07 19:29:35 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/08/07 19:18:23 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/08/07 19:17:53 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SDFix.exe
[2009/08/07 18:29:25 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/07 18:29:25 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/07 18:29:25 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/07 18:29:25 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/07 18:29:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/07 18:29:22 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/07 18:29:22 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/07 18:29:22 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/07 18:29:22 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/07 18:29:05 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/07 18:29:05 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/07 18:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/07 18:09:14 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/08/07 17:58:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/07 17:46:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/07 17:46:22 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/07 17:46:22 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/07 17:46:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/07 17:45:40 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/07 17:44:28 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint(2).exe
[2009/08/07 17:43:26 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/07 17:31:53 | 00,000,831 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/08/07 17:22:05 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/07 16:52:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/08/07 16:52:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR09.exe
[2009/08/06 22:41:48 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/06 22:41:48 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/01 20:03:31 | 01,929,164 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hallway Leading to Our Room.jpg
========== Files - Modified Within 14 Days ==========
[2009/08/07 20:05:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/07 19:34:00 | 00,000,270 | RHS- | M] () -- C:\boot.ini
[2009/08/07 19:32:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/07 19:31:41 | 00,112,832 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/08/07 19:23:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/07 19:23:31 | 10,633,74848 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/07 19:18:04 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SDFix.exe
[2009/08/07 18:29:25 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/07 18:29:22 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/07 18:09:14 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/08/07 18:03:18 | 00,000,714 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/07 18:00:04 | 00,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2009/08/07 17:46:22 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/07 17:46:22 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/07 17:45:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/07 17:44:29 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint(2).exe
[2009/08/07 17:43:26 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/07 17:32:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
[2009/08/07 17:32:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/08/07 17:31:53 | 00,000,831 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/08/07 17:22:06 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/07 10:24:57 | 00,217,088 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/06 22:41:48 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/06 22:41:48 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/01 20:03:36 | 01,929,164 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hallway Leading to Our Room.jpg
[2009/07/31 11:51:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== LOP Check ==========
[2009/05/09 20:23:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/16 02:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2008/12/16 02:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2009/05/03 16:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/12/16 19:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2008/12/16 02:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/03/20 00:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/12/16 02:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2008/12/16 02:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/07 17:32:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/04/27 19:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/16 02:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/03 16:09:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2009/05/25 17:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/04/04 23:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EBookSys
[2009/04/10 12:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/12/16 19:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intel
[2009/05/16 19:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2009/03/22 22:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2008/12/16 02:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/02/15 15:01:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2009/08/07 17:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
[2008/12/17 19:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2008/12/16 02:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/07 18:00:04 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Owner.job
[2009/08/07 19:32:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/07 20:17
Program Version: Version 1.3.3.0
Windows Version: Windows XP Tablet PC Edition SP2
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xAA3CC000 Size: 876544 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA97C9000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd6b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cda52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd14c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd64e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd08c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd0f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd76e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd72e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa4cd8ae
==EOF==
Edited by Moniero, 07 August 2009 - 07:21 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users