Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

no infections found


  • Please log in to reply

#1
tntread

tntread

    New Member

  • Member
  • Pip
  • 1 posts
I am having difficulty trying to install adobe flash player. I thought it might be caused by malware or virus. I followed the procedures outlined in the "do this first" suggestion, ie I installed, ran and saved the following and have copied them for you below.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/04 11:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA74AB000 Size: 872448 File Visible: No Signed: -
Status: -

Name: nwfilter.sys
Image Path: nwfilter.sys
Address: 0xBA4BC000 Size: 15808 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA2272000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8b049b70

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde68f0

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x8b001910

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x8afe31f0

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde7c50

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde7530

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde7820

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde6de0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x8b0181c0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x8afe3268

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde6aa0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde5b00

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde6c70

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde70c0

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x8b049be8

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x8b049a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8afe4488

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde5f80

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8b049cd8

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x8afe3358

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8b049f30

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8b049d50

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x8afe32e0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8b049eb8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8b049c60

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde59b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde5e30

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8b049af8

==EOF==

OTL logfile created on: 10/4/2009 11:14:26 AM - Run 1
OTL by OldTimer - Version 3.0.18.2 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.73 Gb Available in Paging File | 93.28% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 74.24 Gb Free Space | 69.34% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 7.06 Gb Free Space | 18.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PTW2
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/08/04 02:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/02/14 12:00:00 | 00,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/06/17 05:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2008/10/22 05:25:30 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/31 15:19:40 | 00,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
PRC - [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/14 06:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2002/03/12 10:37:28 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NWTRAY.EXE
PRC - [2007/09/06 11:45:42 | 00,040,960 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\iprntctl.exe
PRC - [2007/09/06 11:45:54 | 00,045,056 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\iprntlgn.exe
PRC - [2004/11/24 17:09:40 | 00,266,240 | ---- | M] () -- C:\Program Files\Print Server\PTP\PSDiagnostic.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2006/09/20 08:35:26 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/10/30 16:59:34 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2008/05/27 17:19:42 | 00,032,768 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
PRC - [2008/05/26 04:28:04 | 00,704,512 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
PRC - [2008/08/09 16:04:58 | 05,418,864 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2006/06/20 22:36:22 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2007/03/22 16:49:58 | 00,304,696 | ---- | M] (Sybase, Inc.) -- C:\Program Files\SQL Anywhere 10\Sybase Central 5.0.0\win32\scjview.exe
PRC - [2007/03/22 16:50:26 | 00,304,696 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\SQL Anywhere 10\win32\dbisqlg.exe
PRC - [2008/08/26 09:48:09 | 02,019,624 | ---- | M] (Uniblue Software) -- C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
PRC - [2006/06/20 22:36:00 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2007/03/01 10:35:40 | 00,245,760 | ---- | M] () -- C:\Program Files\Bluetooth Mouse\MulMouse.exe
PRC - [2007/02/27 17:43:30 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 17:41:50 | 01,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/26 04:21:08 | 00,548,864 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\nsapp.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/14 06:42:38 | 00,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
PRC - [2008/08/09 14:42:02 | 00,181,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
PRC - [2009/10/04 11:11:25 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/04 02:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/02/14 12:00:00 | 00,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32 [Auto | Running])
SRV - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/18 09:17:56 | 00,036,864 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\cusrvc.exe -- (cusrvc [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 06:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/06/17 05:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/01/19 11:29:52 | 02,041,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (mcmscsvc [Disabled | Stopped])
SRV - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
SRV - [2004/08/10 02:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ [Auto | Running])
SRV - [2005/05/03 23:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/10/22 05:25:30 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2005/05/03 22:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped])
SRV - [2008/07/31 15:19:40 | 00,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe -- (WDFNet [Auto | Running])
SRV - [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\WFXSVC.EXE -- (wfxsvc [Disabled | Stopped])
SRV - File not found -- -- (WinVNC4 [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:00:23 | 00,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray] C:\Program Files\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\System32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] C:\WINDOWS\System32\dumprep.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\NWTRAY.EXE (Novell, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe ()
O4 - HKLM..\Run: [QuickBooksDB18] C:\Program Files\Intuit\QuickBooks Basic\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TypeRegChecker] C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [Webroot Desktop Firewall] C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com))
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [DBISQL10] C:\Program Files\SQL Anywhere 10\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SybaseCentral500] C:\Program Files\SQL Anywhere 10\Sybase Central 5.0.0\win32\scjview.exe (Sybase, Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Mouse.lnk = C:\Program Files\Bluetooth Mouse\MulMouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall32.cab (HPVirtualRooms32 Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...ows-i586-jc.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} http://www.portplus....es/MSSurVid.cab (SurroundVideoCtrl Object)
O16 - DPF: {A7B6FBFE-C894-4954-8377-D1CF19B4E07F} http://lws.dbcsmarts...ets/OcxLink.cab (Wapplink Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...128/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F3C7C5EE-8BBA-4B6E-8147-3B315A41B85B} http://lws.dbcsmarts...all/install.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Basic\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WfxSeh32.Dll (Symantec Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/04 10:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/04 10:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2009/10/04 10:11:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/04 10:14:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/04 11:11:21 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2009/10/04 11:02:43 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tom\Desktop\RootRepeal.exe
[2009/10/04 10:14:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/04 10:14:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/04 10:13:43 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom\Desktop\mbam-setup.exe
[2009/10/04 10:10:05 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tom\Desktop\erunt_setup.exe
[2009/10/04 10:08:20 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Tom\Desktop\SysRestorePoint.exe
[2009/10/04 09:57:40 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\TFC.exe

========== Files - Modified Within 14 Days ==========

[2009/10/04 11:15:00 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CCDD0B01-8238-4077-A14F-9A17B4D7A6AC}.job
[2009/10/04 11:11:25 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2009/10/04 11:03:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\settings.dat
[2009/10/04 11:02:49 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tom\Desktop\RootRepeal.exe
[2009/10/04 10:14:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 10:13:55 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom\Desktop\mbam-setup.exe
[2009/10/04 10:12:03 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\NTREGOPT.lnk
[2009/10/04 10:12:03 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
[2009/10/04 10:10:11 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tom\Desktop\erunt_setup.exe
[2009/10/04 10:08:20 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Tom\Desktop\SysRestorePoint.exe
[2009/10/04 10:00:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/04 10:00:27 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/04 09:59:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/04 09:59:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 09:59:24 | 32,192,71680 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/04 09:57:41 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\TFC.exe
[2009/10/04 04:29:00 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LC77CF802FC1846229CFAA9C981592A64.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L4072572A394B4A319843CB2443BEF175.job
[2009/10/04 00:38:04 | 00,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/10/03 13:08:23 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\spider.sav
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LA266B0840A684CB09A73AB6589ADF155.job
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L607310AC269C49609BBAE1AAE2B3448B.job
[2009/10/02 02:00:00 | 00,001,534 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[2009/09/30 18:25:17 | 00,607,840 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\cc_20090930_1824.reg

========== Files - No Company Name ==========
[2009/10/04 11:03:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\settings.dat
[2009/10/04 10:14:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 10:12:03 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\NTREGOPT.lnk
[2009/10/04 10:12:03 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
[2009/09/30 18:24:31 | 00,607,840 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\cc_20090930_1824.reg
[2009/02/25 21:23:40 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\PFP120JPR.{PB
[2009/02/25 21:23:40 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\PFP120JCM.{PB
[2008/12/24 13:34:19 | 00,876,102 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\fontlst2.opf
[2008/11/14 20:21:11 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/05/03 20:05:10 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\$_hpcst$.hpc
[2008/01/14 13:31:05 | 00,000,088 | -HS- | C] () -- C:\Documents and Settings\Tom\Application Data\ZPUQPMQDC8BKG5QST7A9QKXGJU
[2008/01/07 17:53:11 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\PUTTY.RND
[2007/07/27 09:57:02 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/07 20:20:10 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\dvd.bmk
[2006/06/14 20:27:34 | 00,112,024 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/14 20:11:00 | 01,574,790 | -H-- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db
[2006/06/14 20:11:00 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\fusioncache.dat
[2006/06/14 20:11:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Tom\Application Data\desktop.ini
[2005/08/16 02:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/04 10:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/17 21:27:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2008/01/14 11:46:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2008/04/22 14:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/01/14 08:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/08/31 04:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/03/29 14:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/10/20 14:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/08/16 18:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/04/09 03:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/07 17:18:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/01 17:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2008/07/02 21:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/24 13:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharp
[2008/12/24 13:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharpdesk
[2008/06/18 16:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/01/01 10:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2006/12/27 19:23:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/04 10:14:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tom\Application Data
[2008/07/03 16:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Canon
[2009/02/25 21:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Corel
[2006/06/28 09:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Corel Photo Album
[2008/02/04 15:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ICAClient
[2006/09/14 20:26:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Leadertech
[2009/08/29 19:22:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Tom\Application Data\Move Networks
[2009/01/27 19:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\NewSoft
[2008/07/02 21:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ScanSoft
[2006/06/14 21:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Share-to-Web Upload Folder
[2008/12/24 13:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Sharpdesk
[2009/05/17 21:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Uniblue
[2007/03/03 11:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Viewpoint
[2004/08/10 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/12/24 13:18:43 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Indexing Task - Tom - test.job
[2008/01/17 17:14:50 | 00,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2008/01/17 17:14:49 | 00,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/04/01 18:04:19 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/10/04 10:00:27 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/04 04:29:00 | 00,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/04 09:59:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/04 11:15:00 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CCDD0B01-8238-4077-A14F-9A17B4D7A6AC}.job
[2009/10/02 02:00:00 | 00,001,534 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L4072572A394B4A319843CB2443BEF175.job
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L607310AC269C49609BBAE1AAE2B3448B.job
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LA266B0840A684CB09A73AB6589ADF155.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LC77CF802FC1846229CFAA9C981592A64.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 06:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 06:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

what else can I do or send you to help correct this problem?
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP