Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"application" has encountered a problem and needs to close.


  • Please log in to reply

#1
TW11

TW11

    New Member

  • Member
  • Pip
  • 2 posts
I keep getting this popup with any application that tries to access the internet. I have gone through the Malware Guide steps but keep getting the error. Attached screen print of errors.

MBAM, RootRepeal, OTL logs are listed below. Any help would be appreciated. Thanks,TW

Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 2

10/17/2009 05:37:08 PM
mbam-log-2009-10-17 (17-37-08).txt

Scan type: Quick Scan
Objects scanned: 115122
Time elapsed: 1 hour(s), 57 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{050c8642-c1a9-480b-95a1-55fecb2b8c9a} (Spyware.Banker) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\SYSTEM32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/17 23:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF79B1000 Size: 4384 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB1E27000 Size: 138368 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7647000 Size: 42368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF74C0000 Size: 95360 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xBA99C000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB1D3C000 Size: 326528 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF775F000 Size: 21760 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xB1E92000 Size: 353920 File Visible: - Signed: -
Status: -

Name: BCMSM.sys
Image Path: C:\WINDOWS\System32\DRIVERS\BCMSM.sys
Address: 0xBA255000 Size: 1101696 File Visible: - Signed: -
Status: -

Name: bcmwl5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\bcmwl5.sys
Address: 0xBA362000 Size: 265728 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79BD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB0B89000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xBAF0F000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7667000 Size: 61440 File Visible: - Signed: -
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF748C000 Size: 82496 File Visible: - Signed: -
Status: -

Name: drvnddm.sys
Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xBAF8F000 Size: 38208 File Visible: - Signed: -
Status: -

Name: dsunidrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\dsunidrv.sys
Address: 0xF798F000 Size: 5376 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1742000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C9000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xBA108000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A66000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xBA20E000 Size: 145408 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB175A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF77D7000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA461000 Size: 34944 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7817000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF74A1000 Size: 124800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79BB000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EC000 Size: 131968 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA451000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF774F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7917000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB09A0000 Size: 263040 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF79B9000 Size: 8192 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xBAF3F000 Size: 52736 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA32000 Size: 483328 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA04000 Size: 188416 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E2000 Size: 139264 File Visible: - Signed: -
Status: -

Name: ialmkchw.sys
Image Path: C:\WINDOWS\system32\drivers\ialmkchw.sys
Address: 0xB2030000 Size: 78752 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
Address: 0xBA3DA000 Size: 90848 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ialmsbw.sys
Image Path: C:\WINDOWS\system32\drivers\ialmsbw.sys
Address: 0xB2014000 Size: 113504 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xBAF1F000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xBAF4F000 Size: 36096 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB1E71000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB1F41000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF77DF000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB06BA000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xBA232000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7475000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79BF000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF77CF000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7807000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF7927000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB120B000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB1D8C000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF773F000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF76A7000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBAFF8000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF742D000 Size: 107904 File Visible: - Signed: -
Status: -

Name: MxlW2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\MxlW2k.SYS
Address: 0xF77E7000 Size: 25600 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7448000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7943000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB16CE000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xBA131000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76C7000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF7577000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB1E49000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7747000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574592 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7AA1000 Size: 2944 File Visible: - Signed: -
Status: -

Name: omci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\omci.sys
Address: 0xF780F000 Size: 17152 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xBA1FA000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF798D000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xBA148000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xBA120000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF77F7000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7717000 Size: 16544 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBAFBB000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF7677000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF7687000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF7697000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF77FF000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB1DFB000 Size: 176512 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79C1000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBAEFF000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0BA9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF793B000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xBAF2F000 Size: 64896 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xBA16C000 Size: 580992 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB1029000 Size: 333184 File Visible: - Signed: -
Status: -

Name: sscdbhk5.sys
Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xF79AF000 Size: 5568 File Visible: - Signed: -
Status: -

Name: ssrtln.sys
Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xF772F000 Size: 23168 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79B3000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB0D31000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB1EE9000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF77EF000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF76B7000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tfsnboio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xF7787000 Size: 25632 File Visible: - Signed: -
Status: -

Name: tfsncofs.sys
Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xBAF7F000 Size: 34784 File Visible: - Signed: -
Status: -

Name: tfsndrct.sys
Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xB1827000 Size: 4064 File Visible: - Signed: -
Status: -

Name: tfsndres.sys
Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xB1829000 Size: 2176 File Visible: - Signed: -
Status: -

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xB168D000 Size: 83232 File Visible: - Signed: -
Status: -

Name: tfsnopio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xB172A000 Size: 14176 File Visible: - Signed: -
Status: -

Name: tfsnpool.sys
Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xF79D1000 Size: 6304 File Visible: - Signed: -
Status: -

Name: tfsnudf.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xB1675000 Size: 98016 File Visible: - Signed: -
Status: -

Name: tfsnudfa.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xB165C000 Size: 100320 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xBA0C4000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79B5000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF77C7000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF76E7000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xBA3A3000 Size: 143360 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xF7767000 Size: 26496 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF77BF000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7737000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xBA3C6000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF7587000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF777F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB0C66000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF790F000 Size: 12032 File Visible: - Signed: -
Status: -



OTL logfile created on: 10/17/2009 11:14:13 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = c:\documents and settings\da bell\desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 58.16% Memory free
2.08 Gb Paging File | 1.63 Gb Available in Paging File | 78.31% Paging File free
Paging file location(s): C:\pagefile.sys 1000 4009 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 19.32 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.75 Gb Total Space | 3.34 Gb Free Space | 89.09% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DH3FVT31
Current User Name: DA Bell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/16 23:19:56 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\program files\avg\avg9\avgchsvx.exe
PRC - [2009/10/16 23:19:55 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\program files\avg\avg9\avgcsrvx.exe
PRC - [2009/10/16 23:19:55 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\program files\avg\avg9\avgnsx.exe
PRC - [2009/10/16 23:19:55 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\program files\avg\avg9\avgrsx.exe
PRC - [2009/10/16 23:19:51 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/16 23:19:51 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/16 23:19:50 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/14 23:53:12 | 00,521,216 | ---- | M] (OldTimer Tools) -- c:\documents and settings\da bell\desktop\otl.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/09/11 17:19:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/08/05 13:19:41 | 00,455,336 | ---- | M] () -- c:\program files\lexmark x5400 series\lxdvmon.exe
PRC - [2008/08/05 13:19:40 | 00,025,256 | ---- | M] () -- c:\program files\lexmark x5400 series\lxdvamon.exe
PRC - [2008/07/24 08:33:53 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdvcoms.exe
PRC - [2006/10/25 19:58:18 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- c:\program files\quicktime\qttask.exe
PRC - [2005/09/07 18:45:16 | 00,118,784 | ---- | M] (Nikon Corporation) -- c:\program files\nikon\pictureproject\nkbmonitor.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/08/04 00:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- c:\program files\messenger\msmsgs.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/04 00:56:50 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
PRC - [2003/08/26 20:47:34 | 00,204,800 | ---- | M] (CyberLink Corp.) -- c:\program files\dell\media experience\pcmservice.exe
PRC - [2003/05/02 19:44:48 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/05/02 19:42:06 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009/10/16 23:19:51 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc [Auto | Running])
SRV - [2009/10/16 23:19:50 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd [Auto | Running])
SRV - [2009/03/23 22:43:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/09/11 17:19:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/07/24 08:33:53 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdvcoms.exe -- (lxdv_device [Auto | Running])
SRV - [2008/07/24 08:33:43 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdvserv.exe -- (lxdvCATSCustConnectService [Auto | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/05/02 19:44:48 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mdwfp.com/
IE - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\S-1-5-21-209688824-3513551667-2994062986-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (249881 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (REALBAR) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program Files\Common Files\Real\Toolbar\RealBar.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (REALBAR) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program Files\Common Files\Real\Toolbar\RealBar.dll (Visicom Media)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (REALBAR) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program Files\Common Files\Real\Toolbar\RealBar.dll (Visicom Media)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..\Toolbar\WebBrowser: (REALBAR) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program Files\Common Files\Real\Toolbar\RealBar.dll (Visicom Media)
O3 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] c:\program files\malwarebytes' anti-malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\DA Bell\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: storageguardsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 88 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 88 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-209688824-3513551667-2994062986-1011\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255697568921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1255697556437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7985.8308912037 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.132.23 205.152.150.23
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (karinadat) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\tuvvutr: DllName - tuvvutr.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\mllmn) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/10/16 23:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/16 23:19:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/15 23:38:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/15 23:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DA Bell\Application Data\Malwarebytes
[2009/10/16 23:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/15 23:36:45 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/15 23:38:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/17 19:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/10/17 23:07:01 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DA Bell\Desktop\OTL.exe
[2009/10/17 22:40:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/17 20:05:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/17 20:05:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/17 20:03:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/17 20:03:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/10/17 19:39:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2009/10/17 10:29:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DA Bell\My Documents\Geeks2go
[2009/10/16 23:20:47 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/16 23:20:30 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/16 23:20:22 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/16 23:20:21 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/16 23:20:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/16 23:19:55 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/16 23:19:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/10/15 23:38:30 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/15 23:38:28 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/15 23:37:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/26 10:54:23 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDVhcp.dll
[2008/12/26 10:54:23 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvinpa.dll
[2008/12/26 10:54:23 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdviesc.dll
[2008/12/26 10:54:22 | 01,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvserv.dll
[2008/12/26 10:54:22 | 00,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvusb1.dll
[2008/12/26 10:54:22 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvprox.dll
[2008/12/26 10:54:21 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvpmui.dll
[2008/12/26 10:54:21 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvlmpm.dll
[2008/12/26 10:54:19 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvhbn3.dll
[2008/12/26 10:54:18 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcomc.dll
[2008/12/26 10:54:18 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcomm.dll

========== Files - Modified Within 14 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/10/17 23:04:56 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\DA Bell\Desktop\settings.dat
[2009/10/17 22:38:54 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/17 22:38:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/17 22:37:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/17 22:37:37 | 13,401,33376 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/17 22:17:30 | 00,473,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/17 22:17:30 | 00,402,406 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/17 22:17:30 | 00,063,016 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/17 22:16:39 | 00,006,394 | ---- | M] () -- C:\WINDOWS\System32\krncode.dat
[2009/10/17 22:16:38 | 00,022,925 | ---- | M] () -- C:\WINDOWS\System32\wincode.dat
[2009/10/17 22:16:38 | 00,001,575 | ---- | M] () -- C:\WINDOWS\System32\pwrcode.dat
[2009/10/17 22:16:27 | 00,046,280 | ---- | M] () -- C:\WINDOWS\System32\shifld2.old
[2009/10/17 22:10:21 | 00,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/17 20:09:28 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/17 19:40:12 | 00,024,439 | ---- | M] () -- C:\Documents and Settings\DA Bell\My Documents\How-to-update-your-computer-with-the-JPEG-processing.docx
[2009/10/17 13:56:38 | 43,179,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/17 11:47:06 | 00,002,023 | ---- | M] () -- C:\WINDOWS\System32\ShellFolder
[2009/10/17 11:20:34 | 00,116,224 | ---- | M] () -- C:\Documents and Settings\DA Bell\My Documents\error codes2.doc
[2009/10/17 11:19:26 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\DA Bell\Desktop\Word.lnk
[2009/10/16 23:21:22 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/16 23:20:30 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/16 23:20:30 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/16 23:20:22 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/16 23:20:21 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/16 23:20:21 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/16 23:20:13 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/16 23:20:13 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/16 23:19:55 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/16 23:03:24 | 00,000,054 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[2009/10/16 19:09:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/16 18:57:44 | 05,366,916 | -H-- | M] () -- C:\Documents and Settings\DA Bell\Local Settings\Application Data\IconCache.db
[2009/10/15 23:37:10 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\DA Bell\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/15 23:36:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\DA Bell\Desktop\NTREGOPT.lnk
[2009/10/15 23:36:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\DA Bell\Desktop\ERUNT.lnk
[2009/10/15 00:14:55 | 00,004,779 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/14 23:53:12 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DA Bell\Desktop\OTL.exe
[2009/10/14 23:06:21 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/14 19:28:48 | 00,108,032 | ---- | M] () -- C:\Documents and Settings\DA Bell\My Documents\error codes.doc
[2009/10/13 17:30:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/13 10:52:08 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\user.cfg
[2009/10/10 11:35:11 | 03,830,027 | ---- | M] () -- C:\Documents and Settings\DA Bell\My Documents\jacob.pdf
[2009/10/08 06:55:22 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\DA Bell\My Documents\This is a reminder.doc
[2009/10/07 19:35:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/07 19:35:02 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/05 15:16:05 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\DA Bell\Desktop\Spybot - Search & Destroy.lnk
[2009/10/04 11:26:08 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\DA Bell\My Documents\Special notes.doc
[2009/10/04 07:15:07 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\DA Bell\My Documents\October 1, 2009.doc

========== Files - No Company Name ==========
[2009/10/17 23:02:30 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\DA Bell\Desktop\settings.dat
[2009/10/17 19:40:12 | 00,024,439 | ---- | C] () -- C:\Documents and Settings\DA Bell\My Documents\How-to-update-your-computer-with-the-JPEG-processing.docx
[2009/10/17 11:47:06 | 00,002,023 | ---- | C] () -- C:\WINDOWS\System32\ShellFolder
[2009/10/17 11:20:34 | 00,116,224 | ---- | C] () -- C:\Documents and Settings\DA Bell\My Documents\error codes2.doc
[2009/10/16 23:20:30 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/16 23:20:21 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/16 23:20:13 | 43,179,769 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/16 23:20:13 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/16 23:20:13 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/16 23:20:13 | 00,033,037 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/16 23:03:18 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2009/10/16 08:00:39 | 01,193,414 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/10/15 23:38:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 23:37:10 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\DA Bell\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/15 23:36:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\DA Bell\Desktop\NTREGOPT.lnk
[2009/10/15 23:36:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\DA Bell\Desktop\ERUNT.lnk
[2009/10/15 00:16:49 | 13,401,33376 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/14 19:28:48 | 00,108,032 | ---- | C] () -- C:\Documents and Settings\DA Bell\My Documents\error codes.doc
[2009/10/10 11:35:11 | 03,830,027 | ---- | C] () -- C:\Documents and Settings\DA Bell\My Documents\jacob.pdf
[2009/10/07 19:35:02 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/07 19:35:02 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/04 09:35:14 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\DA Bell\My Documents\This is a reminder.doc
[2009/10/04 08:55:48 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\DA Bell\My Documents\Special notes.doc
[2009/10/04 07:15:06 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\DA Bell\My Documents\October 1, 2009.doc
[2008/12/26 11:02:07 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdvvs.dll
[2008/12/26 11:02:01 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdvcoin.dll
[2008/12/26 11:01:15 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdvdrs.dll
[2008/12/26 11:01:15 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdvcaps.dll
[2008/12/26 11:01:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdvcnv4.dll
[2008/12/26 10:54:41 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdvrwrd.ini
[2008/12/26 10:54:24 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDVinst.dll
[2008/12/26 10:54:19 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdvgrd.dll
[2008/11/01 18:04:33 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\DA Bell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 16:47:59 | 00,039,624 | ---- | C] () -- C:\Documents and Settings\DA Bell\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/11 11:15:16 | 01,191,731 | -HS- | C] () -- C:\WINDOWS\System32\axfloihm.ini
[2008/09/10 17:22:49 | 00,860,155 | -HS- | C] () -- C:\WINDOWS\System32\nmllm.ini
[2008/09/10 16:41:23 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/10 15:47:49 | 01,192,885 | -HS- | C] () -- C:\WINDOWS\System32\dwgmjlrx.ini
[2008/09/10 14:35:31 | 00,853,457 | -HS- | C] () -- C:\WINDOWS\System32\jjjlm.ini
[2008/09/07 17:03:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\DA Bell\Application Data\DESKTOP.INI
[2008/09/07 17:03:02 | 00,038,848 | ---- | C] () -- C:\Documents and Settings\DA Bell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/07 17:03:01 | 05,366,916 | -H-- | C] () -- C:\Documents and Settings\DA Bell\Local Settings\Application Data\IconCache.db
[2008/03/13 20:43:38 | 00,850,040 | -HS- | C] () -- C:\WINDOWS\System32\stutv.ini
[2007/01/06 15:57:06 | 00,000,050 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/06 15:50:06 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/06 15:45:25 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPM2005.ini
[2007/01/06 15:36:30 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/01/11 21:32:42 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/08/14 15:20:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/18 22:40:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/07/17 21:58:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2004/06/15 16:11:39 | 00,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/06/15 16:11:38 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2003/12/27 23:20:11 | 00,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/12/27 01:02:40 | 00,006,362 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/12/25 23:41:04 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/12/25 19:04:11 | 00,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2003/12/25 18:50:08 | 00,000,723 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2003/11/23 11:17:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/23 11:06:51 | 00,004,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/23 11:02:13 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/23 10:45:09 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/23 10:31:58 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 23:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/04/22 16:37:50 | 00,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI
[2002/09/03 09:59:58 | 00,000,758 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 09:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/08/29 06:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/10/16 23:20:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/17 22:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/17 22:12:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/09/24 21:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/01/06 15:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2003/12/26 19:48:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2005/06/06 19:32:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2003/11/23 11:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/09/24 21:09:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/01/06 15:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2003/12/26 00:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/16 07:41:10 | 00,000,000 | R--D | M] -- C:\Documents and Settings\DA Bell\Application Data
[2009/08/06 19:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DA Bell\Application Data\Lexmark Productivity Studio
[2008/09/09 08:59:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DA Bell\Application Data\MSN6
[2008/12/06 15:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DA Bell\Application Data\Nikon
[2008/09/07 17:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DA Bell\Application Data\Viewpoint
[2009/05/18 23:23:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2003/07/24 12:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2003/11/23 10:29:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2005/06/12 21:31:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tony\Application Data
[2004/02/01 23:47:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Corel
[2004/01/02 23:28:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\eGames
[2007/08/09 15:49:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Viewpoint
[2009/10/13 17:30:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/17 22:38:54 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/17 22:38:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 18:46:32 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/09/29 13:51:50 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[4 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[4 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Files - Unicode (All) ==========
[2008/09/11 15:17:04 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2008/05/09 15:55:05 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2008/05/09 15:55:05 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2008/04/19 21:22:35 | 00,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Μicrosoft
< End of report >

Attached Files


Edited by TW11, 18 October 2009 - 11:29 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP