[JSntgRvr]

Lets run GMER but renamed. Remove your current copy.

Just in case Catchme (GMER's file) still in memory, open a command prompt. Start -> Run, type CMD and click OK. At the prompt copy and paste the following and press Enter after each line:

Net Stop Catchme
Exit

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

[Advertisements]

Deleted GMER and all log files, emptied recycle bin (just in case), ran stop in cmd as directed, redownloaded, unzipped to C:, unhooked internet, opened GMER, was not prompted to scan so went ahead as directed, chose rootkit, checked all but the one directed not to check and then clicked scan.

Scan seems to have stopped but no log was saved. Clicked start to try to search for the file in case it was just autosaved without being shown on desktop and the whole pc froze. Uncertain if this is due to infection or simply my machine's need for RAM (its a known issue as I am running on 512).

Rebooting and trying again without reconnecting to internet. Am posting from my husband's machine at present.

[serpntene]

Deleted GMER and all log files, emptied recycle bin (just in case), ran stop in cmd as directed, redownloaded, unzipped to C:, unhooked internet, opened GMER, was not prompted to scan so went ahead as directed, chose rootkit, checked all but the one directed not to check and then clicked scan.

Scan seems to have stopped but no log was saved. Clicked start to try to search for the file in case it was just autosaved without being shown on desktop and the whole pc froze. Uncertain if this is due to infection or simply my machine's need for RAM (its a known issue as I am running on 512).

Rebooting and trying again without reconnecting to internet. Am posting from my husband's machine at present.

[JSntgRvr]

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

[serpntene]

Downloading smit now. Four attempts at saving GMER log have all resulted in the pc freezing completely so, now moving on.

[serpntene]

SmitFraudFix v2.424

Scan done at 14:05:06.85, Mon 02/01/2010
Run from C:\Documents and Settings\Rebecca Cooper\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rebecca Cooper


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\REBECC~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rebecca Cooper\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\REBECC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 93.188.162.14
DNS Server Search Order: 93.188.166.53

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3AB791B3-C287-41A3-97A2-9590EC30B539}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3AB791B3-C287-41A3-97A2-9590EC30B539}: NameServer=93.188.162.14,93.188.166.53
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3AB791B3-C287-41A3-97A2-9590EC30B539}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3AB791B3-C287-41A3-97A2-9590EC30B539}: NameServer=93.188.162.14,93.188.166.53
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3AB791B3-C287-41A3-97A2-9590EC30B539}: DhcpNameServer=74.128.19.102 74.128.17.114
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3AB791B3-C287-41A3-97A2-9590EC30B539}: NameServer=93.188.162.14,93.188.166.53
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=74.128.19.102 74.128.17.114


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[JSntgRvr]

• Run GMER.
• No need to scan. Just wait until the initial scan if finished (allow some time until finished).
• Once done click on the Rootkit tab, then on the[Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the contents of that report in your next reply.

[serpntene]

Opened gmer from c: as this is where we saved it when we reinstalled under alternate filename. Blank log, pc freeze. Rebooted. Clock changed to military time. Moved gmer to desktop, double clicked to run it, got the warning that changes were made to the pc. Chose to run full scan.

Can still stop it if this was the wrong choice.

[JSntgRvr]

I would like to see the computer settings from an external source. That means, booting the computer with a boot CD and run a scan in that environment.

You will need a flash drive to save information, so we can see the progress of our actions.

Here is what you need to do.

Two programs to download

First Copy this information in a flash drive.

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 270.3 MB in size so it may take some time to download.
• When downloaded double click and this will then open ISOBurner to burn the file to CD
• Boot the Non working computer using the boot CD you just created.
• In order to do so, the computer must be set to boot from the CD first
  Note : For information click here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start. Change the following settings
  
  • Change Drivers to All
  • Change Registry to All
  • Under the Custom Scan box paste this in
    
    
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive.
• Please post the contents of the C:\OTL.txt file in your reply.

[serpntene]

OTL logfile created on: 2/6/2010 11:44:06 PM - Run
OTLPE by OldTimer - Version 3.1.28.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 190.00 Mb Available Physical Memory | 50.00% Memory free
326.00 Mb Paging File | 202.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 89.88 Gb Free Space | 80.41% Space Free | Partition Type: NTFS
Drive D: | 492.38 Mb Total Space | 383.12 Mb Free Space | 77.81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/16 18:16:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/06 23:20:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/08 06:00:43 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/11 05:57:09 | 000,333,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2008/11/11 16:21:52 | 004,946,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 03:47:45 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/15 06:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UCharger.sys -- (UCharger)
DRV - [2006/09/28 18:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 17:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2004/08/04 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/04 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 12:13:08 | 000,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\Administrator.RCOOPER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Rebecca_Cooper_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Rebecca_Cooper_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Rebecca_Cooper_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\Rebecca_Cooper_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Rebecca_Cooper_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Rebecca_Cooper_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 21:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/13 07:46:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 18:46:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/29 18:39:56 | 000,000,000 | ---D | M]

[2010/02/06 19:33:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/06 18:46:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/12 20:19:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/01/06 18:46:07 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/06 18:46:07 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/07/25 04:23:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/01/06 18:46:11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/07/01 23:21:55 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/02/27 13:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/12/02 19:59:15 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/02 19:59:15 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/02 19:59:15 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/02 19:59:15 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/02 19:59:15 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/02 19:59:15 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/02 19:59:15 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/01/30 18:19:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Rebecca_Cooper_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Rebecca_Cooper_ON_C\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Rebecca_Cooper_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Rebecca_Cooper_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Rebecca_Cooper_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Rebecca_Cooper_ON_C..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rebecca_Cooper_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Rebecca_Cooper_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKU\Rebecca_Cooper_ON_C\..Trusted Domains: 6 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://games.bigfish...eb.1.0.0.15.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfish...Web.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} http://www.arcadetow...net.1.0.0.4.cab (CPlayFirsttastyplanetControl Object)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8ADC4409-4FBF-4224-B73F-2392C721BCB4} http://games.bigfish...amesControl.cab (GenimoWebGames Control)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://games.bigfish...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/29 22:13:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/06 23:20:49 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/06 23:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2010/02/01 14:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebecca Cooper\Desktop\SmitfraudFix
[2010/01/31 19:37:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/31 19:32:47 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/31 19:32:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/01/31 19:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/31 12:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebecca Cooper\Desktop\GooredFix Backups
[2010/01/30 23:30:02 | 000,632,320 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rebecca Cooper\Desktop\OTS.exe
[2010/01/30 22:51:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/01/30 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebecca Cooper\Desktop\avenger
[2010/01/30 17:02:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/30 17:00:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/30 17:00:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/30 17:00:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/30 17:00:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/30 17:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/30 16:59:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/30 16:47:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/01/30 13:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebecca Cooper\Desktop\tdsskiller
[2010/01/30 12:15:34 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rebecca Cooper\Desktop\OTL.exe
[2010/01/29 19:37:03 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rebecca Cooper\Desktop\TFC.exe
[2010/01/26 18:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebecca Cooper\Local Settings\Application Data\Yahoo!
[2010/01/25 21:51:13 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/22 14:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebecca Cooper\Desktop\irishTexting
[2010/01/21 18:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avenue Flo
[2010/01/16 11:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebecca Cooper\Local Settings\Application Data\Deployment
[2010/01/13 08:44:14 | 000,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Rebecca Cooper\Desktop\TDSSKiller.exe
[2010/01/12 14:15:26 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2007/06/01 04:37:48 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2010/02/06 23:34:48 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/02/06 23:34:48 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/02/06 23:34:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/06 23:34:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/06 23:34:28 | 002,621,440 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\ntuser.dat
[2010/02/06 23:34:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rebecca Cooper\ntuser.ini
[2010/02/06 23:30:55 | 290,234,368 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\OTLPE.iso
[2010/02/06 23:20:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/06 17:27:11 | 000,001,058 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Get More Games at PlayFirst.com.lnk
[2010/02/06 17:27:11 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Plantasia.lnk
[2010/02/06 00:00:42 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC79BCE9-184A-4DA4-9F19-ABE785C004AC}.job
[2010/02/04 18:24:19 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 18:24:14 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/01 16:12:57 | 401,068,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 14:05:11 | 000,001,846 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/01 14:03:43 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\SmitfraudFix.exe
[2010/01/31 20:34:39 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\t43e63xy.exe
[2010/01/30 23:30:05 | 000,632,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rebecca Cooper\Desktop\OTS.exe
[2010/01/30 22:48:31 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\avenger.exe
[2010/01/30 22:48:08 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\avenger.zip
[2010/01/30 22:00:44 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\SystemLook.exe
[2010/01/30 19:35:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/30 18:19:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/30 17:03:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/30 16:57:11 | 003,840,721 | R--- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\ComboFix.exe
[2010/01/30 13:55:37 | 000,176,392 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Rebecca Cooper\Desktop\TDSSKiller.exe
[2010/01/30 12:15:37 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rebecca Cooper\Desktop\OTL.exe
[2010/01/29 22:01:05 | 000,002,610 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Attach.zip
[2010/01/29 21:59:16 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\dds.scr
[2010/01/29 21:53:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\defogger_reenable
[2010/01/29 21:52:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Defogger.exe
[2010/01/29 20:13:00 | 401,096,704 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/29 19:37:04 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rebecca Cooper\Desktop\TFC.exe
[2010/01/25 21:51:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/25 21:51:03 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/25 21:51:03 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/25 21:49:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/01/19 23:58:06 | 000,001,255 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\JonaieResume.rtf
[2010/01/13 18:15:36 | 000,013,446 | ---- | M] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Becka - Extra Shifts.pdf

========== Files Created - No Company Name ==========

[2010/02/06 23:29:27 | 290,234,368 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\OTLPE.iso
[2010/02/06 17:27:11 | 000,001,058 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Get More Games at PlayFirst.com.lnk
[2010/02/06 17:27:11 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Plantasia.lnk
[2010/02/01 14:05:11 | 000,001,846 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/01 14:03:37 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\SmitfraudFix.exe
[2010/01/31 20:34:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\t43e63xy.exe
[2010/01/30 22:48:07 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\avenger.zip
[2010/01/30 22:00:44 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\SystemLook.exe
[2010/01/30 17:03:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/30 17:03:00 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/30 17:00:31 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/30 17:00:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/30 17:00:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/30 17:00:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/30 17:00:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/30 16:56:59 | 003,840,721 | R--- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\ComboFix.exe
[2010/01/29 22:01:05 | 000,002,610 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Attach.zip
[2010/01/29 21:59:14 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\dds.scr
[2010/01/29 21:53:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\defogger_reenable
[2010/01/29 21:52:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Defogger.exe
[2010/01/29 20:25:25 | 000,000,440 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC79BCE9-184A-4DA4-9F19-ABE785C004AC}.job
[2010/01/19 23:58:06 | 000,001,255 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\JonaieResume.rtf
[2010/01/13 18:15:32 | 000,013,446 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Desktop\Becka - Extra Shifts.pdf
[2009/12/27 20:37:36 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wivrs.ini
[2009/11/04 13:05:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009/03/30 01:20:32 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Rebecca Cooper\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/15 06:43:50 | 000,013,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\UCharger.sys
[2006/11/02 08:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== LOP Check ==========

[2009/04/05 19:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Aveyond II
[2009/12/28 11:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Azureus
[2009/06/06 12:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Balloon Express
[2009/06/21 01:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\BeachPartyCraze
[2009/12/18 10:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Big Fish Games
[2009/08/08 20:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\CasualForge
[2009/06/05 23:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\CupcakeCafe
[2009/06/10 20:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\EleFun Games
[2009/04/10 07:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\FrimaStudio
[2009/11/24 23:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Gaijin Ent
[2009/04/08 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Gamelab
[2009/12/30 02:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\GetRightToGo
[2009/06/09 00:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Home Sweet Home
[2009/06/10 00:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Home Sweet Home 2
[2009/04/11 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\ITTNord
[2009/07/28 16:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\iWin
[2009/06/08 14:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Ludia
[2009/10/09 22:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Magic Seeds
[2009/04/11 17:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Magus
[2009/06/06 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Mean Hamster
[2009/06/11 18:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Meridian93
[2009/10/19 20:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Namco
[2009/03/31 11:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Nexon
[2009/11/22 23:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Peace Craft
[2009/11/29 00:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\PlayFirst
[2009/04/05 21:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\ScreenSeven
[2009/06/10 16:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Shape games
[2009/04/25 16:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\SpinTop
[2009/06/08 11:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\SulusGames
[2009/06/11 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Super-Cow
[2009/06/09 17:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Teggo
[2009/06/11 21:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Turtle Odyssey II
[2009/04/10 11:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\Ubisoft
[2009/06/18 01:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\ViquaSoft
[2009/04/24 07:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\WildTangent
[2009/06/08 13:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\World-LooM
[2009/07/11 22:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebecca Cooper\Application Data\YoudaGames
[2010/02/06 00:00:42 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC79BCE9-184A-4DA4-9F19-ABE785C004AC}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/07 09:34:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/07 09:34:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/07 09:34:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/07 09:34:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/01/30 16:49:07 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2007/07/17 12:35:20 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\Documents and Settings\Administrator\Desktop\Winxp\RAID\drvdisk\x86\NT5\viamraid.sys
[2007/07/17 12:35:20 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\2K\viamraid.sys
[2007/07/17 12:35:20 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2007/07/17 12:35:20 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\SRV2003\x86\viamraid.sys
[2007/07/17 12:35:20 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\XP\x86\viamraid.sys
[2007/07/12 18:35:36 | 000,118,184 | ---- | M] (VIA Technologies inc,.ltd) MD5=7352A2B1CA928AD8A95F75A1D868A0B5 -- C:\Documents and Settings\Administrator\Desktop\Winxp\RAID\drvdisk\x86\NT4\viamraid.sys
[2007/07/12 18:35:36 | 000,118,184 | ---- | M] (VIA Technologies inc,.ltd) MD5=7352A2B1CA928AD8A95F75A1D868A0B5 -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007/07/12 18:35:36 | 000,118,184 | ---- | M] (VIA Technologies inc,.ltd) MD5=7352A2B1CA928AD8A95F75A1D868A0B5 -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\NT4\viamraid.sys
[2007/07/13 13:05:28 | 000,120,832 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=9E897F955AB8F912E4C1C9ADAF35762C -- C:\Documents and Settings\Administrator\Desktop\Winxp\RAID\drvdisk\VISTA\x86\viamraid.sys
[2007/07/13 13:05:28 | 000,120,832 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=9E897F955AB8F912E4C1C9ADAF35762C -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2007/07/13 13:05:28 | 000,120,832 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=9E897F955AB8F912E4C1C9ADAF35762C -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\VRAIDDrv\VISTA\x86\viamraid.sys

< MD5 for: VIPRT.SYS >
[2007/10/18 17:28:52 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=020EB647FEA9187541827231CB236DCE -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\SATAIDE\SRV2003\ViPrt.sys
[2007/10/18 17:28:52 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=020EB647FEA9187541827231CB236DCE -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\SATAIDE\W2K\ViPrt.sys
[2007/10/18 17:28:52 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=020EB647FEA9187541827231CB236DCE -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\SATAIDE\WXP\ViPrt.sys
[2007/10/19 17:03:14 | 000,053,192 | ---- | M] (VIA Technologies, Inc.) MD5=95155D0F72CE3C23C50A6E3B07BF1C71 -- C:\Documents and Settings\Administrator\Desktop\Winxp\VIA_HyperionPro_V514A\SATAIDE\VISTA\ViPrt.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/01/01 17:02:46 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/31 00:36:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/01/01 17:02:46 | 018,350,080 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/01 17:02:46 | 009,437,184 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

[JSntgRvr]

• Boot to the OTLPE CD
• Please double-click OTLPE.exe to run it as you did before.
• Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :OTL
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O7 - HKU\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
  O7 - HKU\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  O7 - HKU\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O15 - HKU\Rebecca_Cooper_ON_C\..Trusted Domains: 6 domain(s) and sub-domain(s) not assigned to a zone.

• Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
• Click the red Run Fix button.
• The computer will restart
• A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Boot in Normal Mode.

I would like to check two suspicious files.

Set Explorer to view Hidden Files and Folders:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Show all Files and Folders
• Remove the checkmark from Hide extensions for known file types
• Remove the checkmark from Hide protected operating System files
• Select Apply to All Folders | Yes | Apply | OK.

Please go here:
The Spy Killer Forum

• Click on "New Topic"
• Put your name, e-mail address, and this as the title: "JSntgRvr"
• Put a link to this thread in the description box.
• Then next to the file box, at the bottom, click the browse button, then navigate to this file:
  
  
  • C:\WINDOWS\wivrs.ini
• Click Open.
• Press the more attachments button .
• click the browse button, then navigate to this file:
  
  
  • C:\WINDOWS\iexplore.ini
• When all the files are listed in the window Click Post.

Set Explorer to Defaults:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Restore Defaults
• Select Apply to All Folders | Yes | Apply | OK.

You wont be able to see if the files were uploaded. Follow the steps and let me know when done.

[serpntene]

The computer did not reboot after I ran the fix. It did generate a log though and here are the contents of that log -

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_USERS\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\Administrator.RCOOPER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

OTLPE by OldTimer - Version 3.1.28.0 log created on 02072010_144201





Thread posted.

[JSntgRvr]

Are you still experiencing popups?

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as query.bat
• Change the Save as Type to All Files
• and Save it on the desktop
• Once saved, double click on the query.bat file. Post the resulting report.

@ECHO OFF
cd /d %~dp0
Dir /a c:\ >log.txt
Start log.txt
Del %0

[serpntene]

Popups have ceased with ie but I am still unable to navigate to malwarebytes.org so redirects are still occurring.


Volume in drive C has no label.
Volume Serial Number is A0F4-75B8

Directory of c:\

04/18/2009 14:03 <DIR> 51b3443ca0b8b9859b6a
03/29/2009 22:13 0 AUTOEXEC.BAT
01/30/2010 22:51 <DIR> Avenger
01/30/2010 22:51 1,082 avenger.txt
03/30/2009 23:25 <DIR> b817f1a11538581f34
01/01/2010 22:59 211 Boot.bak
01/30/2010 17:03 281 boot.ini
01/30/2010 17:03 <DIR> cmdcons
08/03/2004 23:00 260,272 cmldr
01/30/2010 19:38 14,118 ComboFix.txt
01/31/2010 19:35 <DIR> Config.Msi
03/29/2009 22:13 0 CONFIG.SYS
12/30/2009 13:58 <DIR> Documents and Settings
02/06/2010 23:50 32,830 Extras.Txt
07/27/2009 18:48 <DIR> GameRival
04/30/2009 10:19 <DIR> games
02/07/2010 14:48 401,068,032 hiberfil.sys
03/29/2009 22:13 0 IO.SYS
03/29/2009 22:13 0 MSDOS.SYS
08/04/2004 07:00 47,564 NTDETECT.COM
04/02/2009 21:58 250,048 ntldr
02/06/2010 23:50 139,856 OTL.Txt
02/07/2010 14:48 603,979,776 pagefile.sys
03/31/2009 01:16 204 Plugins
02/06/2010 23:20 <DIR> Program Files
01/30/2010 19:38 <DIR> Qoobox
02/01/2010 14:05 4,758 rapport.txt
01/31/2010 19:37 <DIR> RECYCLER
03/30/2009 19:59 1,631 RHDSetup.log
01/03/2010 02:01 <DIR> System Volume Information
01/30/2010 13:57 21,164 TDSSKiller.txt
01/31/2010 19:36 <DIR> WINDOWS
01/30/2010 16:47 <DIR> _OTL
19 File(s) 1,005,821,827 bytes
14 Dir(s) 96,490,803,200 bytes free

[JSntgRvr]

Please upload the following file to the Spykiller forum:

C:\Plugins

[JSntgRvr]

Please follow these steps:

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. mbam-setup.exe

Launch the program. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that you can run a quick scan.

• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.