Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Limited or no connectivity. Unable to contact your DHCP server [Closed

Started by kenneth23 , May 06 2010 06:11 AM

  • This topic is locked This topic is locked

#1
kenneth23
Posted 06 May 2010 - 06:11 AM

kenneth23

    Member

  • Member
  • PipPip
  • 14 posts
Log for OTL(extras.txt):
OTL Extras logfile created on: 5/7/2010 7:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free
995.00 Mb Paging File | 336.00 Mb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.59 Gb Total Space | 8.97 Gb Free Space | 51.00% Space Free | Partition Type: NTFS
Drive D: | 19.67 Gb Total Space | 17.60 Gb Free Space | 89.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 953.19 Mb Total Space | 510.20 Mb Free Space | 53.53% Space Free | Partition Type: FAT
Drive G: | 476.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KENNETH
Current User Name: ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\ram\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\ram\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Registry Easy\RE.exe" = C:\Program Files\Registry Easy\RE.exe:*:Enabled:Registry Easy -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO®
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitZipper_is1" = BitZipper 2010
"DHCP Turbo" = DHCP Turbo
"ERUNT_is1" = ERUNT 1.1j
"Garena" = Garena
"ie8" = Windows Internet Explorer 8
"LAN On Internet Pro_is1" = LAN On Internet Pro Beta
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"RegDefense" = RegDefense
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"Spyware Doctor" = Spyware Doctor 6.0
"Tiny DHCP Server" = Tiny DHCP Server
"ToggleEN Toolbar" = ToggleEN Toolbar
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Warkeys" = Warkeys 1.16.0.0b
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"XP TCP/IP Repair_is1" = XP TCP/IP Repair
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2001 12:03:58 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/31/2001 12:03:59 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/31/2001 12:04:01 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/31/2001 9:11:10 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/31/2001 9:11:10 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/31/2001 9:11:10 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/3/2009 3:05:22 AM | Computer Name = PC-RAM | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00066668.

Error - 10/3/2009 5:09:40 AM | Computer Name = PC-RAM | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/4/2009 1:48:41 AM | Computer Name = PC-RAM | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/4/2009 7:52:44 AM | Computer Name = PC-RAM | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x0001fd2f.

[ System Events ]
Error - 5/7/2010 7:37:56 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/7/2010 7:37:56 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/7/2010 7:38:08 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7000
Description = The Dr.Web Scanning Engine (DrWebEngine) service failed to start due
to the following error: %%3

Error - 5/7/2010 7:38:11 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/7/2010 7:38:11 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/7/2010 7:39:03 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
epfwtdi

Error - 5/7/2010 7:45:01 AM | Computer Name = KENNETH | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/7/2010 7:45:01 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 5/7/2010 7:46:39 AM | Computer Name = KENNETH | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/7/2010 7:46:40 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

[ TuneUp Events ]
Error - 7/7/2009 9:40:13 PM | Computer Name = PC-RAM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 7/17/2009 10:13:04 PM | Computer Name = PC-RAM | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >







Log for OTL(OTL.txt):
OTL logfile created on: 5/7/2010 7:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free
995.00 Mb Paging File | 336.00 Mb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.59 Gb Total Space | 8.97 Gb Free Space | 51.00% Space Free | Partition Type: NTFS
Drive D: | 19.67 Gb Total Space | 17.60 Gb Free Space | 89.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 953.19 Mb Total Space | 510.20 Mb Free Space | 53.53% Space Free | Partition Type: FAT
Drive G: | 476.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KENNETH
Current User Name: ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 19:33:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/05/04 20:16:13 | 000,094,208 | ---- | M] () -- C:\Program Files\Tiny DHCP Server\dhcpsrv.exe
PRC - [2010/04/02 08:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/19 02:32:36 | 000,106,608 | ---- | M] () -- C:\Program Files\RegDefense\RDFNSListener.exe
PRC - [2009/09/26 02:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/08 13:33:48 | 001,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/07/28 17:28:12 | 000,575,488 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 19:33:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009/02/13 14:11:44 | 000,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008/11/13 14:19:40 | 000,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - File not found [Auto | Stopped] -- -- (DHCP Turbo)
SRV - [2010/05/04 20:16:13 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\Tiny DHCP Server\dhcpsrv.exe -- (Tiny DHCP Server service)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/02/18 07:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/18 07:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 07:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/06 16:36:30 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2004/08/04 06:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/02/26 16:04:00 | 000,370,048 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.22
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..keyword.URL: "http://www.fastbrows...1FBD63B249}&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/06 14:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/03 23:44:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/02/05 11:08:08 | 000,000,000 | ---D | M]

[2009/08/21 12:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Mozilla\Extensions
[2010/04/27 01:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions
[2010/02/05 13:19:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/05 13:55:48 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010/02/06 00:05:17 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/08/24 20:25:02 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/09/23 00:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\[email protected]
[2010/03/16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\searchplugins\conduit.xml
[2009/08/21 17:34:34 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\searchplugins\mywebsearch.xml
[2002/01/01 00:17:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2002/01/01 00:18:43 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2002/01/01 00:18:43 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/05/03 12:23:15 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found.
O2 - BHO: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mspaint] C:\WINDOWS\System32\Paint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RDFNSListener] C:\Program Files\RegDefense\RDFNSListener.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\ram\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\ram\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O4 - Startup: C:\Documents and Settings\ram\Start Menu\Programs\Startup\Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data]
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\ram\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ram\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 11:03:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/21 06:36:27 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O32 - AutoRun File - [2004/03/01 18:50:00 | 000,000,145 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Play.exe -- [2002/04/18 11:40:08 | 000,045,056 | R--- | M] (Riverdeep Interactive Learning Limited)
O33 - MountPoints2\G\Shell\install\command - "" = G:\INSTALL\_Setup.exe -- [1999/01/11 00:40:20 | 000,073,728 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/07 19:39:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/07 19:42:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/06 21:02:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 21:02:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 21:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 20:55:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/06 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/06 20:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/04 20:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ToggleEN
[2010/05/04 20:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Tiny DHCP Server
[2010/05/04 20:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tiny DHCP Server
[2010/05/02 21:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\XP TCPIP Repair
[2010/04/30 20:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/30 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/29 21:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/04/29 20:21:14 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 20:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\DHCP Turbo
[2010/04/28 23:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/04/28 23:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/28 23:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/28 23:57:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/28 23:57:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/28 23:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/28 23:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/28 23:35:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/28 23:05:47 | 000,000,000 | ---D | C] -- C:\temp
[2010/04/28 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegDefense
[2010/04/26 16:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/25 01:18:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ram\My Documents\My Pictures
[2010/04/25 00:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/04/22 22:58:48 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/04/22 06:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\crowsoft
[2010/04/22 06:57:25 | 000,032,768 | ---- | C] (CrowSoft) -- C:\WINDOWS\System32\ilannsp.dll
[2010/04/22 06:57:24 | 000,153,088 | ---- | C] (CrowSoft) -- C:\WINDOWS\System32\LOILSP.dll
[2010/04/22 06:57:23 | 000,239,616 | ---- | C] (Crow-soft) -- C:\WINDOWS\System32\LANoiService.exe
[2010/04/22 06:47:15 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\winsockfix.exe
[2010/04/20 14:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/20 14:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ram\Application Data\SUPERAntiSpyware.com
[2010/04/20 14:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/24 20:33:50 | 000,055,232 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys

========== Files - Modified Within 90 Days ==========

[2010/05/07 19:49:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E01470E-21CB-4047-980C-4DC584995042}.job
[2010/05/07 19:41:53 | 000,000,474 | ---- | M] () -- C:\Shortcut to Shared Documents.lnk
[2010/05/07 19:35:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/07 19:34:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 16:07:24 | 002,106,738 | -H-- | M] () -- C:\Documents and Settings\ram\Local Settings\Application Data\IconCache.db
[2010/05/07 00:50:10 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\ram\NTUSER.DAT
[2010/05/07 00:50:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ram\ntuser.ini
[2010/05/06 21:02:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:54:24 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\NTREGOPT.lnk
[2010/05/06 20:54:24 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\ERUNT.lnk
[2010/05/06 20:28:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 23:07:01 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/04 20:16:14 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\Tiny DHCP Server.lnk
[2010/05/03 20:46:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/03 20:25:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 12:35:08 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\&Run....lnk
[2010/05/03 12:23:15 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/02 21:53:33 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\ram\xtt
[2010/05/02 21:16:59 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\XP TCPIP Repair.lnk
[2010/05/02 13:55:23 | 000,000,125 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\.bat
[2010/04/30 19:51:56 | 000,000,889 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 20:20:12 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 19:54:15 | 000,507,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 19:54:15 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/29 19:54:15 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 17:02:08 | 000,042,944 | ---- | M] () -- C:\Documents and Settings\ram\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 06:26:08 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\WindowsXP-KB942288-v3-x86.exe
[2010/04/29 00:10:23 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 23:42:45 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/04/28 23:13:59 | 000,000,369 | -HS- | M] () -- C:\boot.ini
[2010/04/28 19:22:56 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/28 14:06:28 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\RegDefense.lnk
[2010/04/26 16:04:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/26 15:53:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\IntIgn0xF28456.dat
[2010/04/25 01:22:18 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\Shortcut to RegistryBooster.lnk
[2010/04/25 01:09:32 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/04/25 01:08:07 | 000,000,000 | RHS- | M] () -- C:\khq
[2010/04/25 01:06:14 | 000,000,990 | RHS- | M] () -- C:\Documents and Settings\ram\ntuser.pol
[2010/04/24 23:33:17 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2010/04/21 09:47:44 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\winsockfix.exe
[2010/04/20 14:34:32 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/04/20 14:25:53 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/03/11 15:17:42 | 000,185,835 | ---- | M] () -- C:\shldr

========== Files Created - No Company Name ==========

[2010/05/07 19:41:53 | 000,000,474 | ---- | C] () -- C:\Shortcut to Shared Documents.lnk
[2010/05/06 21:02:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:54:24 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\NTREGOPT.lnk
[2010/05/06 20:54:24 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\ERUNT.lnk
[2010/05/04 20:16:14 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\Tiny DHCP Server.lnk
[2010/05/04 18:25:33 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\ram\reset.txt
[2010/05/03 20:19:02 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/05/03 20:19:02 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/05/03 20:19:02 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/05/03 20:19:02 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/05/03 20:19:01 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/05/03 20:19:01 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/05/03 20:19:01 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/05/03 20:19:00 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/05/03 20:19:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/05/03 20:19:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/05/03 20:19:00 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/05/03 20:19:00 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/05/03 20:19:00 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/05/03 20:19:00 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/05/03 20:19:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/05/03 20:19:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/05/03 20:18:59 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/05/03 20:18:58 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/05/03 20:18:58 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/05/03 20:18:58 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/05/03 20:18:58 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/05/03 20:18:58 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/05/03 20:18:58 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/05/03 20:18:58 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/05/03 20:18:57 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/05/03 20:18:57 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/05/03 20:18:57 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/05/03 20:18:57 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/05/03 20:18:57 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/05/03 20:18:57 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/05/03 20:18:57 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/05/03 20:18:57 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/05/03 20:18:57 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/05/03 20:18:57 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/05/03 20:18:57 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/05/03 20:18:57 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/05/03 20:18:57 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/05/03 20:18:57 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/05/03 20:18:57 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/05/03 20:18:56 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/05/03 20:18:56 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/05/03 20:18:56 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/05/03 20:18:56 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/05/03 20:18:56 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/05/03 20:18:56 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/05/03 20:18:56 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/05/03 20:18:56 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/05/03 20:18:56 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/05/03 20:18:56 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/05/03 20:18:55 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/05/03 20:18:55 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/05/03 20:18:55 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/05/03 20:18:55 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/05/03 20:18:55 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/05/03 20:18:55 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/05/03 20:18:55 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/05/03 20:18:55 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/05/03 20:18:55 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/05/03 20:18:55 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/05/03 20:18:55 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/05/03 20:18:55 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/05/03 20:18:55 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/05/03 20:18:55 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/05/03 20:18:55 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/05/03 20:18:53 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/05/03 20:18:53 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/05/03 20:18:53 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/05/03 20:18:53 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/05/03 20:18:52 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/05/03 20:18:51 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/05/03 20:18:51 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/05/03 20:18:49 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/05/03 20:18:49 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/05/03 20:18:49 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/05/03 20:18:49 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/05/03 20:18:48 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/05/03 20:18:48 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/05/03 20:18:48 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/05/03 20:18:48 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/05/03 20:18:48 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/05/03 20:18:48 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/05/03 20:18:48 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/05/03 20:18:42 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/05/03 20:18:39 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/05/03 20:18:39 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/05/03 12:35:08 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\&Run....lnk
[2010/05/02 21:53:32 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\ram\xtt
[2010/05/02 21:47:08 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\ram\tmp.txt
[2010/05/02 21:16:59 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\XP TCPIP Repair.lnk
[2010/05/02 13:55:14 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\.bat
[2010/04/30 18:26:32 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\WindowsXP-KB942288-v3-x86.exe
[2010/04/28 23:44:12 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/28 23:44:08 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/28 23:44:01 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/28 20:16:47 | 000,012,765 | ---- | C] () -- C:\Documents and Settings\ram\reset.log
[2010/04/28 14:06:28 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\RegDefense.lnk
[2010/04/27 13:33:57 | 000,001,804 | ---- | C] () -- C:\Program Files\hotfix.txt
[2010/04/27 02:02:28 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\ram\resetlog.txt
[2010/04/26 21:31:31 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\ram\ipconfig.txt
[2010/04/26 15:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IntIgn0xF28456.dat
[2010/04/25 01:22:18 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\Shortcut to RegistryBooster.lnk
[2010/04/25 01:08:07 | 000,000,000 | RHS- | C] () -- C:\khq
[2010/04/24 23:34:37 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/04/24 23:33:15 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2010/04/20 14:34:32 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/10/02 21:45:35 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/10/02 21:45:25 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009/07/02 13:15:32 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/02 13:15:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/07/02 12:39:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/22 07:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\crowsoft
[2010/02/06 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2010/02/04 15:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/08/02 22:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/05/07 19:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 13:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/07/04 19:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/02 22:36:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/02/04 02:57:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2010/01/30 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\BitZipper
[2010/02/04 15:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\ESET
[2009/07/21 20:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\GarageGames
[2010/02/04 18:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\GetRightToGo
[2010/04/22 23:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\TeamViewer
[2009/07/04 19:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\TuneUp Software
[2009/07/04 10:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Uniblue
[2010/04/24 23:33:17 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\Schedule Task Weekly.job
[2010/05/07 19:49:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E01470E-21CB-4047-980C-4DC584995042}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/02 11:03:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/28 23:13:59 | 000,000,369 | -HS- | M] () -- C:\boot.ini
[2009/07/02 11:03:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/02 11:03:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/25 01:08:07 | 000,000,000 | RHS- | M] () -- C:\khq
[2009/07/02 11:03:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 10:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/28 23:42:45 | 000,250,048 | ---- | M] () -- C:\ntldr
[2009/08/29 00:36:16 | 000,230,432 | ---- | M] () -- C:\PA7302.DAT
[2010/05/07 19:34:34 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
[2010/03/11 15:17:42 | 000,185,835 | ---- | M] () -- C:\shldr
[2010/05/07 19:41:53 | 000,000,474 | ---- | M] () -- C:\Shortcut to Shared Documents.lnk
[2009/08/02 22:36:41 | 017,774,920 | ---- | M] (TuneUp Software) -- C:\TU2009TrialEN-US.exe
[2008/06/03 07:49:16 | 000,557,608 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB953761-x86-ENU.exe
[2010/04/21 09:47:44 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\winsockfix.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/02 18:40:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/02 18:40:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/02 18:40:01 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\ehdrv.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 06 May 2010 - 06:39 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
please keep your logs in the one topic


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O32 - AutoRun File - [2009/07/02 11:03:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/21 06:36:27 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O32 - AutoRun File - [2004/03/01 18:50:00 | 000,000,145 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Play.exe -- [2002/04/18 11:40:08 | 000,045,056 | R--- | M] (Riverdeep Interactive Learning Limited)
O33 - MountPoints2\G\Shell\install\command - "" = G:\INSTALL\_Setup.exe -- [1999/01/11 00:40:20 | 000,073,728 | R--- | M] (InstallShield Software Corporation)
[2010/04/26 15:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IntIgn0xF28456.dat
[2010/04/25 01:08:07 | 000,000,000 | RHS- | C] () -- C:\khq

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
Rorschach112
Posted 10 May 2010 - 05:12 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP