Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IEXPLORER.EXE Error


  • Please log in to reply

#1
etcheemanoho

etcheemanoho

    Member

  • Member
  • PipPip
  • 11 posts
This is Etcheemanoho.I'm posting my scan log reports so I hope this is right in helping me to find out whats wrong with my computer.OTL logfile created on: 4/23/2010 12:26:58 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.08 Gb Total Space | 96.53 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.20 Gb Free Space | 17.24% Space Free | Partition Type: FAT32
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/23 11:58:17 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 10:17:54 | 000,587,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/01/16 11:10:04 | 000,316,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DebugDiag\DbgSvc.exe
PRC - [2006/10/10 14:42:32 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2006/09/12 17:20:00 | 000,049,152 | ---- | M] (Streamload) -- C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/11/21 22:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe


========== Modules (SafeList) ==========

MOD - [2010/04/23 11:58:17 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/04/13 19:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/16 11:10:04 | 000,316,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DebugDiag\DbgSvc.exe -- (DbgSvc)
SRV - [2006/10/10 14:42:32 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2006/09/12 17:20:00 | 000,049,152 | ---- | M] (Streamload) [Auto | Running] -- C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe -- (StreamloadService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/11/12 18:44:24 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/21 15:05:42 | 003,972,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/04/04 22:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/09 06:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/03/09 06:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/05/31 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 05:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 05:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 10:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 10:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/03/09 20:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/07 16:00:48 | 000,064,964 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd3.sys -- (sonypvd3)
DRV - [2004/12/06 15:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 14:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [1998/11/27 14:57:18 | 000,006,144 | R--- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\IOPORT.SYS -- (IOPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/18 02:37:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/20 10:51:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: eset.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} http://eshare.hpphot...sLocalPrint.CAB (SaveImageFiles Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1143301640625 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/12 18:20:26 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/12 13:06:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/04/23 11:58:10 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/23 09:24:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/04/23 08:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/23 07:40:51 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/04/22 14:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\FixItCenter
[2010/04/22 14:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2010/04/22 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/04/22 14:29:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/04/21 14:45:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/20 10:48:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/20 10:41:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/20 10:41:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/20 10:41:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/20 10:41:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/20 10:41:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/20 10:00:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/20 08:40:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 08:40:25 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 08:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/18 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ESET
[2010/04/18 02:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/04/17 23:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ESET
[2010/04/17 23:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\ESET
[2010/04/17 23:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/04/17 23:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/17 23:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/16 18:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/16 18:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/13 22:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/13 22:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2010/04/13 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/13 20:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/04/13 20:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/24 23:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/03/24 23:12:16 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/03/24 20:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
[2010/03/24 20:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2010/03/24 20:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/24 20:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/03/24 20:33:50 | 000,055,232 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/03/24 16:53:48 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/02/20 19:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2010/02/01 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[4 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]
[36 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[36 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/23 11:58:17 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/23 11:52:13 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/04/23 11:50:49 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/23 11:50:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 11:49:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 11:49:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 11:49:37 | 3689,467,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/23 11:18:31 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03A89BDE-9588-4DD6-B8DB-72F85599CFAE}.job
[2010/04/23 10:37:06 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/04/23 08:31:14 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2010/04/23 08:29:06 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yahoo!.url
[2010/04/23 08:01:18 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2010/04/23 08:01:18 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2010/04/23 07:45:41 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/04/23 07:45:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/04/23 07:41:07 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/04/22 14:30:49 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/04/22 08:33:14 | 000,000,284 | RHS- | M] () -- C:\boot.ini
[2010/04/21 14:48:28 | 000,479,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/21 14:48:27 | 000,085,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/21 14:48:26 | 000,573,692 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/21 13:34:09 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\MyProject.sonic
[2010/04/21 11:00:22 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/04/20 11:13:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/20 11:06:26 | 003,922,124 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/04/20 10:51:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/20 08:40:29 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 23:46:37 | 043,478,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ess_nt32_enu.msi
[2010/04/17 16:43:53 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/16 18:32:30 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/15 23:27:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 14:21:31 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Oklahoma Health Insurance High Risk Pool.doc
[2010/04/06 13:47:35 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\For handling and disposal guidance concerning old cement.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 18:28:42 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\GROCERY LIST USE THIS ONEc.doc
[2010/03/25 21:12:25 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tracking Verbage USPS.doc
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/03/24 16:53:48 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/03/23 07:03:13 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\my husband.doc
[2010/03/22 13:09:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\~$ husband.doc
[2010/03/19 07:18:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Gardening without pulling grass.doc
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 17:11:39 | 000,000,862 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/28 16:12:29 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Link John DVM.doc
[2010/02/19 13:22:43 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Muffins Blueberry.doc
[2010/02/19 13:19:45 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Blueberry Streusel Scones.doc
[2010/02/01 08:00:12 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Antibiotic Treatments.doc
[2010/01/24 19:45:04 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\crumb Pie.doc
[2010/01/24 19:40:16 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\peach crisp recipe.doc
[4 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/23 08:31:13 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2010/04/23 08:01:18 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2010/04/23 08:01:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2010/04/22 14:37:15 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/04/22 14:37:14 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/04/22 14:30:49 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/04/22 08:08:56 | 3689,467,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/20 10:41:49 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/20 10:41:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/20 10:41:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/20 10:41:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/20 10:41:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/20 10:39:12 | 003,922,124 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/04/20 08:40:29 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 23:46:28 | 043,478,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ess_nt32_enu.msi
[2010/04/17 16:43:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/16 18:11:36 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/08 14:21:30 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Oklahoma Health Insurance High Risk Pool.doc
[2010/04/06 13:47:34 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\For handling and disposal guidance concerning old cement.doc
[2010/03/25 21:12:25 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tracking Verbage USPS.doc
[2010/03/22 13:09:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\~$ husband.doc
[2010/03/19 06:53:25 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Gardening without pulling grass.doc
[2010/03/05 04:45:39 | 006,553,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/02/28 16:11:42 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Link John DVM.doc
[2010/02/19 13:22:43 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Muffins Blueberry.doc
[2010/02/19 13:19:44 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Blueberry Streusel Scones.doc
[2010/02/06 16:17:13 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\my husband.doc
[2010/02/01 08:00:11 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Antibiotic Treatments.doc
[2010/01/15 20:17:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/01/08 09:47:21 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\wmpdxm5.dll
[2009/12/09 01:22:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DSSPLAY.INI
[2009/03/12 19:59:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/12 19:57:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX300.ini
[2008/11/27 12:47:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/15 18:00:30 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/24 23:23:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/04/06 23:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2007/04/06 23:01:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/03/05 13:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/28 15:02:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/26 07:59:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/19 08:53:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/10 20:10:43 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/03/08 21:25:36 | 000,000,572 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/12 20:19:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/12 19:56:06 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/12 19:50:16 | 000,012,994 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/12 19:50:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/12 19:47:45 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/12 19:44:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/12 19:39:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/12 19:39:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/12 19:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/12 19:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/12 19:39:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/12 19:39:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/12 19:31:40 | 000,001,485 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/12 19:30:29 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/12 19:23:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/12 19:08:15 | 000,000,886 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/12 19:04:55 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/12 19:04:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/12 19:04:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/06/16 00:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/12/17 19:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/01/15 20:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/12 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/17 23:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/03/24 23:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/16 18:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/03/10 20:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/05/04 21:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/10/23 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/15 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/12 20:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/11/09 23:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2006/03/12 16:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Studio
[2009/11/07 20:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/04 19:23:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2010/01/02 10:54:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
[2010/01/02 00:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ACA Utilities
[2008/11/28 23:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/16 19:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2008/02/10 09:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CopyToDvd
[2009/03/16 19:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\EPSON
[2010/04/17 23:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ESET
[2010/03/24 22:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
[2009/05/04 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2006/03/10 20:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Individual Software
[2006/03/08 22:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2006/03/08 23:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2006/03/08 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2009/01/03 21:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OfficeUpdate12
[2009/11/01 18:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Publish Providers
[2007/10/23 20:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sony
[2007/10/27 21:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\System Tweaker
[2008/06/27 22:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeamViewer
[2010/02/04 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
[2009/11/09 23:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
[2007/07/23 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
[2008/07/22 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Windows Desktop Search
[2008/07/22 20:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Windows Search
[2010/04/23 11:52:13 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2010/04/23 10:37:06 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2010/04/23 11:18:31 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{03A89BDE-9588-4DD6-B8DB-72F85599CFAE}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/08/25 11:33:26 | 003,870,719 | ---- | M] (Trend Micro Inc. ) -- C:\pcc.exe


< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/27 23:00:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/06/27 23:00:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/06/11 22:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/27 23:00:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/06/27 23:00:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/06/11 22:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/03/09 20:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\hp\drivers\Intel_Emery_RAID_v5.0.0.1032\iaStor.sys
[2005/03/09 20:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/01/08 09:47:21 | 000,098,304 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wmpdxm5.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/06/24 17:25:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/24 17:25:14 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/24 17:25:14 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\ehdrv.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys
[2010/04/16 18:32:30 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 4/23/2010 12:26:58 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.08 Gb Total Space | 96.53 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.20 Gb Free Space | 17.24% Space Free | Partition Type: FAT32
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12872B4E-90F7-44E5-B1AA-D13AFEC8618B}" = First Step Guide
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{27861C94-F4C2-466B-9F01-0F90D8609CA7}" = MediaMax XL
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B78B379-C0E7-4FBF-9FD9-04FB6E05E60F}" = Debug Diagnostics Tool 1.1 (x86)
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{939E2189-9B65-41FC-A842-1BBC1588BFD1}" = HP eServices Local Prints and Save
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B8E8C8EC-5C22-4B02-9C02-D851262F574C}" = Sony Vegas Movie Studio Platinum 8.0
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DCA27D8C-8144-4CF3-9A38-920548C06ED5}" = HP Connections XP
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"3B3B73D1-DC4A-4780-B0E4-E823D08B3397" = 5 Card Slingo from Compaq (remove only)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"ATI Display Driver" = ATI Display Driver
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"dcmsvc_is1" = dcmsvc 1.0
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MVApplication1" = Memorex exPressit Label Design Studio
"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer
"NewBlue VideoFX MSP" = NewBlue VideoFX MSP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Resumes Quick & Easy" = Resumes Quick & Easy
"Savings Bond Wizard" = Savings Bond Wizard
"System Tweaker_is1" = Uniblue System Tweaker
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodecsVideo" = VideoCodecs
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2010 11:23:43 AM | Computer Name = LINDA | Source = ESENT | ID = 455
Description = wuaueng.dll (1492) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/23/2010 11:23:53 AM | Computer Name = LINDA | Source = ESENT | ID = 489
Description = wuauclt (1492) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/23/2010 11:23:53 AM | Computer Name = LINDA | Source = ESENT | ID = 455
Description = wuaueng.dll (1492) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/23/2010 11:24:06 AM | Computer Name = LINDA | Source = ESENT | ID = 489
Description = wuauclt (2976) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/23/2010 11:24:06 AM | Computer Name = LINDA | Source = ESENT | ID = 455
Description = wuaueng.dll (2976) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/23/2010 11:24:16 AM | Computer Name = LINDA | Source = ESENT | ID = 489
Description = wuauclt (2976) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/23/2010 11:24:16 AM | Computer Name = LINDA | Source = ESENT | ID = 455
Description = wuaueng.dll (2976) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/23/2010 12:51:10 PM | Computer Name = LINDA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/23/2010 12:52:13 PM | Computer Name = LINDA | Source = MatSvc | ID = 262153
Description = The MATS service encountered a failure when diagnosing problems. hr=0x803C0101
SAP
folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.18


Error - 4/23/2010 12:52:13 PM | Computer Name = LINDA | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x803C0101 .

[ System Events ]
Error - 4/23/2010 8:50:22 AM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/23/2010 10:28:19 AM | Computer Name = LINDA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.107 on
the Network Card with network address 0015F25874BF.

Error - 4/23/2010 10:30:05 AM | Computer Name = LINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 Lbd

Error - 4/23/2010 10:30:41 AM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/23/2010 10:53:53 AM | Computer Name = LINDA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.107 on
the Network Card with network address 0015F25874BF.

Error - 4/23/2010 10:55:35 AM | Computer Name = LINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 Lbd

Error - 4/23/2010 10:56:09 AM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/23/2010 12:49:47 PM | Computer Name = LINDA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.107 on
the Network Card with network address 0015F25874BF.

Error - 4/23/2010 12:51:33 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 Lbd

Error - 4/23/2010 12:52:10 PM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 11:41:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgldapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB521D610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB521DC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB521D730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB521D4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB521D570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB521D6D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB521D690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB521D650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB521D7D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB521D510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB521D590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB521D4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB521D5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB521D750]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[472] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1448] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.45
DB: 4025

IE: Internet Explorer 8.0.6001.18702
OS: Windows 5.1.2600 Service Pack 3
EX: C:\Program Files\Malwarebytes' Anti-Malware\mbam
DB: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

U: Compaq_Owner

W: C:\WINDOWS

S: C:\WINDOWS\system32

RD: C:

PF: C:\Program Files

CF: C:\Program Files\Common Files

DAS: C:\Documents and Settings

D: C:\Documents and Settings\Administrator\Desktop
D: C:\Documents and Settings\All Users\Desktop
D: C:\Documents and Settings\Compaq_Owner\Desktop
D: C:\Documents and Settings\Default User\Desktop
D: C:\Documents and Settings\NetworkService\Desktop
D: C:\WINDOWS\system32\config\systemprofile\Desktop

SM: C:\Documents and Settings\Administrator\Start Menu
SM: C:\Documents and Settings\All Users\Start Menu
SM: C:\Documents and Settings\Compaq_Owner\Start Menu
SM: C:\Documents and Settings\Default User\Start Menu
SM: C:\WINDOWS\system32\config\systemprofile\Start Menu

UR: C:\Documents and Settings\Administrator
UR: C:\Documents and Settings\All Users
UR: C:\Documents and Settings\Compaq_Owner
UR: C:\Documents and Settings\Default User
UR: C:\Documents and Settings\LocalService
UR: C:\Documents and Settings\NetworkService
UR: C:\Documents and Settings\Owner
UR: C:\WINDOWS\system32\config\systemprofile

F: C:\Documents and Settings\Administrator\Favorites
F: C:\Documents and Settings\All Users\Favorites
F: C:\Documents and Settings\Compaq_Owner\Favorites
F: C:\Documents and Settings\Default User\Favorites
F: C:\WINDOWS\system32\config\systemprofile\Favorites

AD: C:\Documents and Settings\All Users\Application Data
AD: C:\Documents and Settings\Compaq_Owner\Application Data
AD: C:\Documents and Settings\Administrator\Application Data
AD: C:\Documents and Settings\Default User\Application Data
AD: C:\Documents and Settings\LocalService\Application Data
AD: C:\Documents and Settings\NetworkService\Application Data
AD: C:\Documents and Settings\Owner\Application Data
AD: C:\WINDOWS\system32\config\systemprofile\Application Data

QL: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch

TF: C:\Documents and Settings\Administrator\Local Settings\Temp
TF: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp
TF: C:\Documents and Settings\Default User\Local Settings\Temp
TF: C:\Documents and Settings\LocalService\Local Settings\Temp
TF: C:\Documents and Settings\NetworkService\Local Settings\Temp
TF: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp
TF: C:\WINDOWS\Temp

P: C:\Documents and Settings\Administrator\Start Menu\Programs
P: C:\Documents and Settings\All Users\Start Menu\Programs
P: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs
P: C:\Documents and Settings\Default User\Start Menu\Programs
P: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs

S: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
S: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
S: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
S: C:\Documents and Settings\Default User\Start Menu\Programs\Startup
S: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup

D: C:\Documents and Settings\Administrator\My Documents
D: C:\Documents and Settings\All Users\Documents
D: C:\Documents and Settings\Compaq_Owner\My Documents
D: C:\Documents and Settings\Default User\My Documents
D: C:\Documents and Settings\LocalService\My Documents
D: C:\WINDOWS\system32\config\systemprofile\My Documents
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found

:Files
C:\WINDOWS\System32\wmpdxm5.dll
C:\Program Files\dcmsvc

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron
  • 0

#3
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you Ron I will do as you say on Monday and post the combofix log....I'm so grateful that you are trying to help.
  • 0

#4
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK This is Etcheemanoho.I did the combo fix as requested and Iam posting the combofix log.Thank you for all your help.....ComboFix 10-04-21.01 - Compaq_Owner 04/26/2010 7:59.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3518.2962 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\george.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-23 13:01 . 2010-04-23 13:01 -------- d-----w- c:\program files\ERUNT
2010-04-22 19:38 . 2010-04-22 19:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\FixItCenter
2010-04-22 19:30 . 2010-04-22 19:30 -------- d-----w- c:\windows\MATS
2010-04-22 19:30 . 2010-04-22 19:30 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-04-20 13:40 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 13:40 . 2010-04-20 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 13:40 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 22:46 . 2010-04-18 22:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\ESET
2010-04-18 07:41 . 2010-04-18 07:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-18 04:55 . 2010-04-18 04:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ESET
2010-04-18 04:55 . 2010-04-18 04:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ESET
2010-04-18 04:55 . 2010-04-18 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2010-04-18 04:54 . 2010-04-18 04:54 -------- d-----w- c:\program files\ESET
2010-04-18 04:54 . 2010-04-18 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-17 21:43 . 2010-04-17 21:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-16 23:11 . 2010-04-16 23:32 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-16 23:11 . 2010-04-16 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-16 23:11 . 2010-04-16 23:11 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 03:23 . 2010-04-14 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-14 03:23 . 2010-04-17 18:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2010-04-14 03:23 . 2010-04-17 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-14 01:41 . 2010-04-14 01:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-04-14 01:41 . 2010-04-14 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 04:47 . 2006-03-09 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-18 04:47 . 2006-03-09 04:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-18 04:17 . 2007-10-12 01:42 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-18 04:17 . 2007-10-12 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-18 04:17 . 2007-10-12 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-15 23:53 . 2008-03-02 13:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-10 22:05 . 2010-04-10 22:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll
2010-04-10 18:09 . 2005-11-13 00:12 -------- d-----w- c:\program files\Java
2010-04-10 11:34 . 2008-12-02 00:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 04:13 . 2010-03-25 01:37 -------- d-----w- c:\program files\Garmin
2010-03-25 04:12 . 2010-03-25 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-03-25 03:59 . 2010-03-25 01:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GARMIN
2010-03-25 01:40 . 2010-03-25 01:40 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-03-25 01:38 . 2010-03-25 01:38 -------- d-----w- c:\program files\DIFX
2010-03-25 01:33 . 2010-03-25 01:33 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-03-25 01:33 . 2010-03-25 01:33 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-03-25 01:33 . 2010-03-25 01:33 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-03-25 01:31 . 2010-03-25 01:31 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-25 01:23 . 2010-03-25 01:23 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-24 21:53 . 2009-05-07 01:48 -------- d-----w- c:\program files\Coupons
2010-03-14 06:08 . 2010-03-14 06:08 4004960 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-06-21 00:21 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-06-21 00:21 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-06-21 00:21 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-06-21 00:21 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 03:15 . 2010-02-02 03:15 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-237b9c78-n\msvcp71.dll
2010-02-02 03:15 . 2010-02-02 03:15 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-237b9c78-n\msvcr71.dll
2010-02-02 03:15 . 2010-02-02 03:15 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-237b9c78-n\jmc.dll
2010-02-02 03:15 . 2010-02-02 03:15 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2653f7cb-n\decora-sse.dll
2010-02-02 03:15 . 2010-02-02 03:15 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2653f7cb-n\decora-d3d.dll
2006-03-11 02:05 . 2006-03-11 02:05 22 -csha-w- c:\windows\SMINST\HPCD.sys
2010-01-08 14:47 . 2010-01-08 14:47 98304 --sha-r- c:\windows\system32\wmpdxm5.dll
.

((((((((((((((((((((((((((((( [email protected]_16.13.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 12:13 . 2010-04-26 12:13 16384 c:\windows\temp\Perflib_Perfdata_3a0.dat
+ 2010-04-22 19:29 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2005-06-25 05:43 . 2010-04-21 19:48 85634 c:\windows\system32\perfc009.dat
- 2005-06-25 05:43 . 2010-04-16 03:50 85634 c:\windows\system32\perfc009.dat
+ 2010-04-21 19:16 . 2010-04-23 12:29 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-04-10 22:05 . 2010-04-10 22:05 19760 c:\windows\MATS\MatsRes.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d91557a8d7da1b1377ff12bf695d2977\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba5cb8e68159a50a1aee54dd0a632c70\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8c02349f1eddb48ec8c45f4d1e3fa457\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\347c32079ed04f5cd475bc1854ec50b7\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-04-22 19:30 . 2010-04-22 19:30 26416 c:\windows\assembly\GAC_MSIL\Microsoft.Support.Diagnosis.MatsHost\1.0.0.0__31bf3856ad364e35\Microsoft.Support.Diagnosis.MatsHost.dll
+ 2010-04-22 19:30 . 2010-04-22 19:30 14640 c:\windows\assembly\GAC_MSIL\Microsoft.Support.Diagnosis.Commands.WriteDiagProgress\1.0.0.0__31bf3856ad364e35\Microsoft.Support.Diagnosis.Commands.WriteDiagProgress.dll
+ 2010-04-22 19:30 . 2010-04-22 19:30 16176 c:\windows\assembly\GAC_MSIL\Microsoft.Support.Diagnosis.Commands.UpdateDiagRootcause\1.0.0.0__31bf3856ad364e35\Microsoft.Support.Diagnosis.Commands.UpdateDiagRootcause.dll
+ 2010-04-22 19:30 . 2010-04-22 19:30 17712 c:\windows\assembly\GAC_MSIL\Microsoft.Support.Diagnosis.Commands.UpdateDiagReport\1.0.0.0__31bf3856ad364e35\Microsoft.Support.Diagnosis.Commands.UpdateDiagReport.dll
+ 2010-04-22 19:30 . 2010-04-22 19:30 16688 c:\windows\assembly\GAC_MSIL\Microsoft.Support.Diagnosis.Commands.GetDiagInput\1.0.0.0__31bf3856ad364e35\Microsoft.Support.Diagnosis.Commands.GetDiagInput.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2010-04-22 19:29 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2010-04-22 19:28 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2005-06-25 05:43 . 2010-04-21 19:48 479818 c:\windows\system32\perfh009.dat
- 2005-06-25 05:43 . 2010-04-16 03:50 479818 c:\windows\system32\perfh009.dat
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2010-04-23 13:02 . 2010-04-23 13:02 208896 c:\windows\ERDNT\4-23-2010\Users\00000002\UsrClass.dat
+ 2010-04-23 13:02 . 2005-10-20 17:02 163328 c:\windows\ERDNT\4-23-2010\ERDNT.EXE
+ 2010-04-22 20:09 . 2010-04-22 20:09 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\646fab05d237a943021a9ceaa6c32c7b\System.Management.Automation.resources.ni.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9e64552e502e83ea9f36a635da673f2a\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7a87e180c6853689a6962cfabf5a4a22\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\263801f28bdfc6390257bfd325c791d4\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-04-22 20:09 . 2010-04-22 20:09 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0b22303173840a037788ee88b4f664cc\Microsoft.PowerShell.Security.ni.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2010-04-22 19:30 . 2010-04-22 19:30 1089024 c:\windows\Installer\14533ba.msi
+ 2010-04-23 13:02 . 2010-04-23 13:02 6389760 c:\windows\ERDNT\4-23-2010\Users\00000001\ntuser.dat
+ 2010-01-26 21:59 . 2010-01-26 21:59 1955384 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2010-04-22 20:09 . 2010-04-22 20:09 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a61c36c0207c5c67294c2e53fb3f55c7\System.Management.Automation.ni.dll
+ 2010-04-22 19:29 . 2010-04-22 19:29 1564672 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-05 344064]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-07-28 81920]
"HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="c:\program files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [2008-04-04 587176]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-25 2145000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-11-12 151552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [11/12/2009 4:59 PM 19507]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/24/2010 8:31 PM 114984]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [11/12/2009 4:59 PM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [11/12/2009 4:59 PM 423454]
R2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe [1/16/2007 11:10 AM 316256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/24/2010 8:31 PM 810120]
R2 IOPort;IOPort;c:\windows\system32\IOPORT.SYS [3/8/2006 10:14 PM 6144]
S0 Lbd;Lbd; [x]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [11/12/2009 4:59 PM 64964]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS --> c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]
.
Contents of the 'Scheduled Tasks' folder

2010-04-26 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-04-23 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-04-26 c:\windows\Tasks\User_Feed_Synchronization-{03A89BDE-9588-4DD6-B8DB-72F85599CFAE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uStart Page = hxxp://yahoo.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: eset.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 08:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1655226734-941326178-4047143256-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-26 08:07:59
ComboFix-quarantined-files.txt 2010-04-26 13:07
ComboFix2.txt 2010-04-20 16:15
ComboFix3.txt 2010-04-20 15:58

Pre-Run: 103,590,518,784 bytes free
Post-Run: 103,576,408,064 bytes free

- - End Of File - - 02D999DA82F0FC25AC54BCD935B648B0
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
Go back and read my last post again. There were two other things to do besides combofix.

Ron
  • 0

#6
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry I missed those two. I did as stated and here are their results.OTL logfile created on: 4/26/2010 10:00:56 AM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.08 Gb Total Space | 96.84 Gb Free Space | 68.16% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.20 Gb Free Space | 17.24% Space Free | Partition Type: FAT32
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/26 09:58:44 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 10:17:54 | 000,587,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/01/16 11:10:04 | 000,316,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DebugDiag\DbgSvc.exe
PRC - [2006/10/10 14:42:32 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2006/09/12 17:20:00 | 000,049,152 | ---- | M] (Streamload) -- C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/11/21 22:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe


========== Modules (SafeList) ==========

MOD - [2010/04/26 09:58:44 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/16 11:10:04 | 000,316,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DebugDiag\DbgSvc.exe -- (DbgSvc)
SRV - [2006/10/10 14:42:32 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2006/09/12 17:20:00 | 000,049,152 | ---- | M] (Streamload) [Auto | Running] -- C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe -- (StreamloadService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/11/12 18:44:24 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/21 15:05:42 | 003,972,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/04/04 22:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/09 06:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/03/09 06:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/05/31 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 05:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 05:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 10:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 10:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/03/09 20:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/07 16:00:48 | 000,064,964 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd3.sys -- (sonypvd3)
DRV - [2004/12/06 15:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 14:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [1998/11/27 14:57:18 | 000,006,144 | R--- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\IOPORT.SYS -- (IOPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/18 02:37:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/20 10:51:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: eset.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} http://eshare.hpphot...sLocalPrint.CAB (SaveImageFiles Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1143301640625 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/12 18:20:26 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/26 09:49:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/26 09:36:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/26 08:12:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/04/23 11:58:10 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/23 08:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/23 07:40:51 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/04/22 14:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\FixItCenter
[2010/04/22 14:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2010/04/22 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/04/22 14:29:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/04/20 10:48:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/20 10:41:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/20 10:41:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/20 10:41:49 | 000,136,704 | R--- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/20 10:41:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/20 10:41:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/20 10:00:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/20 08:40:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 08:40:25 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 08:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/18 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ESET
[2010/04/18 02:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/04/17 23:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ESET
[2010/04/17 23:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\ESET
[2010/04/17 23:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/04/17 23:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/17 23:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/16 18:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/16 18:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/13 22:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/13 22:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2010/04/13 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/13 20:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/04/13 20:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/24 23:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/03/24 23:12:16 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/03/24 20:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
[2010/03/24 20:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2010/03/24 20:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/24 20:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/03/24 20:33:50 | 000,055,232 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/03/24 16:53:48 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/02/20 19:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2010/02/01 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[4 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]
[36 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[36 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/26 09:58:44 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/26 09:57:40 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/26 09:55:34 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/04/26 09:53:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 09:53:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 09:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 09:53:05 | 3689,467,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 09:50:49 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/04/26 09:50:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/04/26 08:40:29 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yahoo!.url
[2010/04/26 08:05:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/26 07:55:01 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\george.exe
[2010/04/26 07:15:10 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03A89BDE-9588-4DD6-B8DB-72F85599CFAE}.job
[2010/04/23 14:37:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/04/23 08:31:14 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2010/04/23 08:01:18 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2010/04/23 08:01:18 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2010/04/23 07:41:07 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/04/22 08:33:14 | 000,000,284 | RHS- | M] () -- C:\boot.ini
[2010/04/21 14:48:28 | 000,479,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/21 14:48:27 | 000,085,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/21 14:48:26 | 000,573,692 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/21 13:34:09 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\MyProject.sonic
[2010/04/21 11:00:22 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/04/20 10:51:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/20 08:40:29 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 23:46:37 | 043,478,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ess_nt32_enu.msi
[2010/04/17 16:43:53 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/16 18:32:30 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/15 23:27:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 14:21:31 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Oklahoma Health Insurance High Risk Pool.doc
[2010/04/06 13:47:35 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\For handling and disposal guidance concerning old cement.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 18:28:42 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\GROCERY LIST USE THIS ONEc.doc
[2010/03/25 21:12:25 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tracking Verbage USPS.doc
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/03/24 16:53:48 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/03/23 07:03:13 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\my husband.doc
[2010/03/22 13:09:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\~$ husband.doc
[2010/03/19 07:18:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Gardening without pulling grass.doc
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 17:11:39 | 000,000,862 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/28 16:12:29 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Link John DVM.doc
[2010/02/19 13:22:43 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Muffins Blueberry.doc
[2010/02/19 13:19:45 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Blueberry Streusel Scones.doc
[2010/02/01 08:00:12 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Antibiotic Treatments.doc
[4 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 07:54:50 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\george.exe
[2010/04/23 08:31:13 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2010/04/23 08:01:18 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2010/04/23 08:01:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2010/04/22 14:37:15 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/04/22 14:37:14 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/04/22 08:08:56 | 3689,467,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/20 10:41:49 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/20 10:41:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/20 10:41:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/20 10:41:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/20 10:41:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/20 08:40:29 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 23:46:28 | 043,478,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ess_nt32_enu.msi
[2010/04/17 16:43:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/16 18:11:36 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/08 14:21:30 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Oklahoma Health Insurance High Risk Pool.doc
[2010/04/06 13:47:34 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\For handling and disposal guidance concerning old cement.doc
[2010/03/25 21:12:25 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tracking Verbage USPS.doc
[2010/03/22 13:09:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\~$ husband.doc
[2010/03/19 06:53:25 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Gardening without pulling grass.doc
[2010/03/05 04:45:39 | 006,553,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/02/28 16:11:42 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Link John DVM.doc
[2010/02/19 13:22:43 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Muffins Blueberry.doc
[2010/02/19 13:19:44 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Blueberry Streusel Scones.doc
[2010/02/06 16:17:13 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\my husband.doc
[2010/02/01 08:00:11 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Antibiotic Treatments.doc
[2010/01/15 20:17:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/12/09 01:22:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DSSPLAY.INI
[2009/03/12 19:59:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/12 19:57:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX300.ini
[2008/11/27 12:47:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/15 18:00:30 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/24 23:23:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/04/06 23:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2007/04/06 23:01:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/03/05 13:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/28 15:02:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/26 07:59:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/19 08:53:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/10 20:10:43 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/03/08 21:25:36 | 000,000,572 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/12 20:19:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/12 19:56:06 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/12 19:50:16 | 000,012,994 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/12 19:50:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/12 19:47:45 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/12 19:44:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/12 19:39:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/12 19:39:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/12 19:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/12 19:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/12 19:39:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/12 19:39:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/12 19:31:40 | 000,001,485 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/12 19:30:29 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/12 19:23:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/12 19:08:15 | 000,000,886 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/12 19:04:55 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/12 19:04:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/12 19:04:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/06/16 00:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/12/17 19:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/01/15 20:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/12 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/17 23:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/03/24 23:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/16 18:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/03/10 20:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/05/04 21:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/10/23 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/15 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/12 20:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/11/09 23:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2006/03/12 16:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Studio
[2009/11/07 20:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/04 19:23:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2010/01/02 10:54:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
[2010/01/02 00:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ACA Utilities
[2008/11/28 23:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/16 19:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2008/02/10 09:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CopyToDvd
[2009/03/16 19:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\EPSON
[2010/04/17 23:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ESET
[2010/03/24 22:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
[2009/05/04 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2006/03/10 20:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Individual Software
[2006/03/08 22:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2006/03/08 23:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2006/03/08 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2009/01/03 21:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OfficeUpdate12
[2009/11/01 18:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Publish Providers
[2007/10/23 20:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sony
[2007/10/27 21:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\System Tweaker
[2008/06/27 22:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeamViewer
[2010/02/04 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
[2009/11/09 23:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
[2007/07/23 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
[2008/07/22 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Windows Desktop Search
[2008/07/22 20:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Windows Search
[2010/04/26 09:55:34 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2010/04/23 14:37:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2010/04/26 07:15:10 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{03A89BDE-9588-4DD6-B8DB-72F85599CFAE}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4038

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/26/2010 11:37:56 AM
mbam-log-2010-04-26 (11-37-56).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 217200
Time elapsed: 1 hour(s), 25 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll,schannel.dll,digest.dll,) Good: (msapsspc.dll, ,schannel.dll, ,digest.dll, ,.dll) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
Are you still getting the original error? Could you explain when it happens and exactly what the error says.

Ron

Edited by RKinner, 26 April 2010 - 12:07 PM.

  • 0

#8
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
My original problem was google and yahoo or any search results were redirected to false sites.Since running all the scan and fixes the redirect problem seems to be cured.The problem now that I still have is that I noticed that when I went to adobe.com to redown load flashplayer or anything from adobe.com I get a windows error message saying IEXPLORE.EXE-Application error. Then it states: The instruction at "0x0e060068" referenced memory at "0x0e060068". The memory could not be "written". Click on OK to terminate the program. Click on Cancel to debug the program. When I click on OK terminate the program the screen changes to Internet Explorer has closed this webpage to help protect your computer. I'm not able to get anything from adobe.com downloaded. I may have other problem sites as well but haven't checked it out. I don't know if this is a result of the infection corrupting explorer or not.
  • 0

#9
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I don't know if this means anything but I have the program Uniblue Registry Booster 2010 that when I ran it ....it placed in the Registry ignore list these three ehtries. HKEY_Local_MACHINE\SYSTEM\current controlSet\services\CatchMe HKEY_local_MACHINE\SYSTEM\current controlSet\services\PCAMPR5 HKEY_Local_MACHINE\SYSTEM\currentcontrolSet\services\ATIXPGAA
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
Uniblue Registry Booster 2010 is not something we recommend so please do not use it.

Catchme is one of our tools.

PCAMPR5 has something to do with your wireless LAN.

PC-Doctor 5 for Windows is supposedly responsible for ATIXPGAA.SYS. PC_Doctor is provided by your PC maker.

See if you can download Firefox or Google Chrome and install one of them then see if you have the same problem with adobe.

http://www.mozilla.com/firefox/

http://www.google.com/chrome

Ron
  • 0

#11
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I loaded google chrome and it worked perfect!! was able to download flashplayer and adobe reader with no problem from adobe.com. So far everything works great.I will remove Uniblue Registry Booster 2010. I also have Uniblue Drive Scanner 2009 is that ok?
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
Glad Chrome worked for you. I never use IE unless I am talking to Microsoft. I usually use Firefox with the AdBlock Plus extension. Didn't even know this site had ads until I had a complaint that it wasn't loading long files in IE.

I have never used Uniblue. Can't say I like the idea of something changing drivers without me telling it to.

If you go to IE, Tools, Internet Options, Advanced you will see a Reset button at the bottom. Push it and IE should go back to its default state. That may fix whatever is wrong with it.

Ron
  • 0

#13
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The Uniblue Driver scanner looks for updated drivers and if it finds them it prompts first if you want to download them and install them. If it feels some driver updates are to risky to install it won't install them and leaves that up to you at your own risk. If you know of a registry repair program that you recommend I would like to know of it but if you think it's best not to have them at all then I won't try them.I think I will try firefox for awhile.My brothers like it better than the rest.So far everything is back to normal.I really like your malware/spyware tools and how nice everybody is.Everybody is first rate!!! If you have anymore suggestions for me that would be great! Unless you have more I should do I will consider my problem fixed.......THANKS TO YOU AND ALL THAT HELP.........MANY,MANY, THANKS....YOU PEOPLE ARE GREAT............Etcheemanoho

Edited by etcheemanoho, 26 April 2010 - 06:19 PM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
About Registry Cleaners:

http://aumha.net/vie...=...p;sk=t&sd=a

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

If BitDefender comes back clean then you can uninstall or delete any tools we had you download and their logs.
To uninstall combofix copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

open a command prompt and right click and Paste then Enter.

you can also put your system back the way it was (Hide hidden and System files) tho I think hiding extensions is dumb.


You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.


Stay away from P2P programs like limewire and utorrent. Too easy to pick up an infection. If you must use them then always submit a new file to http://virustotal.com before you open it.
  • 0

#15
etcheemanoho

etcheemanoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Cleaned as you stated and ran the last bug tests which came up clean also. Installed the programs you suggested and all has settled down so thank you again for your help......etcheemanoho done for now........
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP