Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Extremely Slow Computer Trojan 3733 Script Virus Found


  • Please log in to reply

#1
tony1692

tony1692

    New Member

  • Member
  • Pip
  • 5 posts
Hello, I've reviewed and followed the instructions for Spyware & Malware Removal. Attached is the OTL.txt log. The Extras.txt log was too large to post in this message.

My computer is running extremely slow. So slow in fact, I downloaded and ran GMER but it ran for 18 hours before it became unreponsive before completing.

I ran Malwarebytes and it's log is also attached. However, I also ran F-Secure (my antivirus software) and it detected the Trojan 3733 Script virus and could not remove it.

I've also attached the summary of that log.

Please Advise and thank you.

OTL logfile created on: 6/16/2010 6:46:14 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 18.83 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BACKOFFICE
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/14 17:16:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
PRC - [2010/06/12 06:41:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2010/06/02 08:14:14 | 000,695,472 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2010/06/02 08:14:13 | 000,494,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2010/05/17 03:21:48 | 000,055,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2010/03/21 18:53:43 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Tony\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/12/30 14:31:42 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2009/12/09 10:15:22 | 000,356,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 10:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 10:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/09/18 23:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1203819975\ee\aolsoftware.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1203819975\ee\AOLDesktop.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 16:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2007/03/13 09:41:02 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1203819975\ee\anotify.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2004/04/06 05:28:46 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb11.exe
PRC - [2004/02/23 08:25:39 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/02/11 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2003/12/03 07:40:28 | 000,118,784 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2003/10/08 04:08:00 | 000,540,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CCM\CcmExec.exe
PRC - [2003/08/13 11:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/06/20 04:43:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/18 13:00:00 | 000,200,704 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe
PRC - [2002/04/03 02:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe


========== Modules (SafeList) ==========

MOD - [2010/06/14 17:16:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
MOD - [2009/08/05 10:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Spam Control\fsscoepl.dll
MOD - [2009/08/05 10:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AOLService)
SRV - [2010/05/17 03:21:48 | 000,055,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/12/30 14:31:42 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/10/08 04:08:00 | 000,540,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 08:15:20 | 000,113,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/12/08 20:20:42 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009/08/05 10:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 10:57:20 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/08/05 10:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 10:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/17 10:00:55 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/04/10 16:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2007/04/03 15:12:42 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/31 16:06:39 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/20 16:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 16:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 16:01:00 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/05/20 16:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2005/02/22 22:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/30 09:06:00 | 001,330,172 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/09/07 03:50:00 | 000,013,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/07/02 11:26:20 | 000,202,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/07/02 11:25:24 | 000,631,680 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/02 11:24:16 | 001,063,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/06/21 18:42:50 | 000,008,224 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
DRV - [2002/05/07 04:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB0129.SYS -- (FINEPIX_PCC)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS -- (EL90X)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://red.clientapp...//www.yahoo.com
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.couldnotf...ount_id=1000940
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Charter Security Suite\NRS\[email protected] [2010/05/26 06:23:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/03 21:50:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/12 06:41:30 | 000,000,000 | ---D | M]

[2009/03/01 18:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions
[2010/06/14 17:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\l4ede7wi.default\extensions
[2008/12/05 19:03:22 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\l4ede7wi.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2005/10/19 20:53:31 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\l4ede7wi.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/28 17:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\Tony\extensions
[2009/09/07 20:29:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\Tony\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 06:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 06:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/03/01 18:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\GlobalProfile\extensions
[2008/06/19 04:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 04:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2010/06/12 06:41:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/02/20 15:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2008/03/03 21:46:42 | 000,227,704 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7989 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203819975\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006..\Run: [SansaDispatch] C:\Documents and Settings\Tony\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006..\Run: [Sonic RecordNow!] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Tony\Start Menu\Programs\Startup\AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\Tony\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..Trusted Domains: ebay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1687264502-3255478273-1932189918-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1078579325171 (MSSecurityAdvisor Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst20040510.cab (YInstStarter Class)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-24.cab (EPUImageControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1125367098781 (MUWebControl Class)
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} http://host-d.oddcas...ostClientIE.cab (hostCntrlIE Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft...ols/SassCln.CAB (SassCln Object)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\backup 060704\Data\Active\AActive\Alaska\A2001-5.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{365225b3-196b-11dd-8c4e-00038a000015}\Shell\AutoRun\command - "" = G:\PortableVault.exe -- File not found
O33 - MountPoints2\{56326fa8-2493-11db-8a72-00038a000015}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{6c0dd9a8-0c84-11db-8a55-00038a000015}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{ee2f4b57-116f-11de-8d09-00038a000015}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/02/23 07:54:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\MSG711.ACM (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\MSG723.ACM (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\MSGSM32.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\MSACM32.DRV (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/14 17:16:39 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/06/14 14:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\Malwarebytes
[2010/06/14 14:51:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/14 14:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/14 14:51:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/14 14:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/14 14:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/14 14:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/14 13:26:56 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\TFC.exe
[2010/06/12 06:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/12 06:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/25 21:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Friess Lake 8th Grade Graduation 2010
[2010/05/16 07:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\ArcSoft
[2010/05/12 19:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/05/12 19:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\Downloaded Installations
[2010/05/12 19:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/05/12 19:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/05/12 19:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/05/12 19:19:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/02 11:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/05/02 10:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/21 18:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\SanDisk

========== Files - Modified Within 90 Days ==========

[2010/06/16 06:40:06 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Microsoft Word.lnk
[2010/06/16 06:40:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2010/06/16 06:33:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/06/16 06:29:18 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1687264502-3255478273-1932189918-1006UA.job
[2010/06/16 06:02:30 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/16 05:52:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1687264502-3255478273-1932189918-1007UA.job
[2010/06/16 05:29:17 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1687264502-3255478273-1932189918-1006Core.job
[2010/06/16 04:02:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/15 20:31:25 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/15 20:30:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/15 20:29:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 20:28:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/15 20:28:54 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/14 17:16:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/06/14 17:08:32 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Tony\NTUSER.DAT
[2010/06/14 17:08:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tony\NTUSER.INI
[2010/06/14 14:51:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 14:43:49 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\NTREGOPT.lnk
[2010/06/14 14:43:49 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\ERUNT.lnk
[2010/06/14 13:27:03 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\TFC.exe
[2010/06/14 08:21:23 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\zz Management.pst
[2010/06/14 07:37:29 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Tony\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk
[2010/06/14 07:23:49 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\MP3 Rocket 5.4.4 PRO.lnk
[2010/06/13 20:10:53 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Tony\Start Menu\Programs\Startup\AOL Desktop.lnk
[2010/06/13 15:52:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1687264502-3255478273-1932189918-1007Core.job
[2010/06/11 20:27:04 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Anniversary List of things to do.xls
[2010/06/11 05:03:08 | 000,632,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 21:48:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 21:36:36 | 000,515,840 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/10 21:36:36 | 000,450,498 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/10 21:36:36 | 000,075,226 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/10 18:39:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/08 17:38:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/07 20:59:13 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Anniversary RSVP Tracking.xls
[2010/06/01 20:11:07 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\The Best Happiness Quotes, Sayings, and Phrases - 11 to 20.url
[2010/05/26 20:35:15 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Microsoft Excel.lnk
[2010/05/17 15:06:09 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 16:28:46 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 19:37:53 | 000,002,001 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\muvee Reveal Seagate Edition.lnk
[2010/05/08 08:38:48 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Liesener Soils.doc
[2010/05/04 22:12:48 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Direction To Our House.doc
[2010/05/04 06:15:39 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Will and Guy's free jokes for Tuesday.url
[2010/05/02 22:08:44 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/02 22:01:59 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\pool.bin
[2010/05/02 20:21:56 | 001,366,108 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Backup-(2010-05-02).ipd
[2010/05/02 10:47:30 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Desktop Manager.lnk
[2010/04/30 18:39:11 | 000,000,270 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Funny Status Messages for Facebook.url
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:14:25 | 001,458,569 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Backup-(2010-04-28).ipd
[2010/04/09 14:58:16 | 004,808,764 | -H-- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\IconCache.db
[2010/04/08 17:48:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/30 19:45:57 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Kiss means.doc

========== Files Created - No Company Name ==========

[2010/06/14 14:51:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 14:43:49 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\NTREGOPT.lnk
[2010/06/14 14:43:49 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\ERUNT.lnk
[2010/06/14 07:23:49 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\MP3 Rocket 5.4.4 PRO.lnk
[2010/05/26 20:49:09 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Anniversary List of things to do.xls
[2010/05/17 15:06:09 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/12 19:37:53 | 000,002,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\muvee Reveal Seagate Edition.lnk
[2010/05/09 12:02:24 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Anniversary RSVP Tracking.xls
[2010/05/08 08:38:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Liesener Soils.doc
[2010/05/04 21:53:26 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Direction To Our House.doc
[2010/05/04 06:15:39 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Will and Guy's free jokes for Tuesday.url
[2010/05/02 22:01:59 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\pool.bin
[2010/05/02 20:21:56 | 001,366,108 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Backup-(2010-05-02).ipd
[2010/05/02 06:33:07 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Desktop Manager.lnk
[2010/04/28 20:14:25 | 001,458,569 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Backup-(2010-04-28).ipd
[2010/03/30 19:45:57 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Kiss means.doc
[2009/12/06 21:08:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/07/18 20:58:53 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009/03/01 22:58:55 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/02/23 21:05:13 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/24 21:22:51 | 000,006,852 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/05/30 07:10:18 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/05/30 07:10:17 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2005/02/23 23:29:12 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/02/23 22:29:04 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/23 22:29:04 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/02/23 22:25:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/12/12 22:24:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/10/28 18:20:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IFFKLFG.ini
[2004/07/02 17:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Launcher.INI
[2004/07/02 15:25:20 | 000,000,037 | ---- | C] () -- C:\WINDOWS\btw.ini
[2004/07/02 15:20:32 | 000,000,057 | ---- | C] () -- C:\WINDOWS\viewer.ini
[2004/07/02 15:20:18 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\RWDL6DMX.DLL
[2004/07/02 15:20:17 | 000,633,344 | ---- | C] () -- C:\WINDOWS\System32\RWDL6CMX.DLL
[2004/07/02 15:20:17 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\RWDL6BMX.DLL
[2004/07/02 15:20:16 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\RWDL6AMX.DLL
[2004/07/02 15:20:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/07/02 15:20:01 | 000,000,833 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/06/14 13:40:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2004.ini
[2004/06/12 11:42:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/05/23 09:49:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/05/23 09:49:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/03/28 16:14:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/03/25 22:24:04 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/03/07 16:03:13 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/03/07 14:58:21 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/07 14:25:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/03/06 21:48:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 08:33:25 | 000,000,383 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/23 08:26:37 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/02/23 08:24:13 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/02/23 08:23:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/02/23 08:23:59 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/02/23 08:23:58 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/02/23 08:23:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/02/23 08:23:30 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/02/23 08:21:38 | 000,000,218 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/23 08:11:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/23 08:10:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/23 07:57:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 16:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/14 00:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/08 13:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2000/04/11 20:44:56 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2004/11/05 10:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2004/11/05 10:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/03/01 22:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2009/12/08 20:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/02/21 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2010/05/02 10:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2004/03/06 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/05/12 19:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/01/24 20:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/01 20:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/01/22 13:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2F072519-01D6-4864-AE2C-222D899DD62A}
[2009/12/06 12:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/24 20:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2008/09/15 19:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\acccore
[2009/03/02 07:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\acccore
[2004/09/27 14:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Aladdin Systems
[2010/05/02 19:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Blackberry Desktop
[2005/01/30 07:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\btur
[2009/12/18 10:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\F-Secure
[2005/05/30 07:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\FUJIFILM
[2004/06/14 07:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Leadertech
[2010/05/13 05:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\MP3Rocket
[2009/12/27 13:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Red Kawa
[2009/12/29 11:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Regensoft
[2009/12/01 07:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Research In Motion
[2010/03/21 18:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\SanDisk
[2009/09/27 18:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Viewpoint
[2010/06/08 17:38:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/16 06:33:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/14 16:30:34 | 000,075,840 | ---- | M] () -- C:\aaw7boot.log
[2005/12/05 18:18:01 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/05 18:18:01 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2002/09/03 14:36:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/09/08 22:10:03 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/06/11 17:01:33 | 000,863,218 | ---- | M] () -- C:\boot98se.exe
[2002/09/03 14:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2002/09/03 14:36:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/02/23 08:02:18 | 000,006,664 | RH-- | M] () -- C:\DELL.SDR
[2010/06/15 20:28:54 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2009/12/24 06:57:09 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/09/08 22:03:20 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/29 08:26:05 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/06/15 20:28:49 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2004/02/23 08:26:52 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2004/11/18 19:25:55 | 000,000,307 | ---- | M] () -- C:\tmp.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp5ha.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 14:22:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 14:22:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 14:22:52 | 000,397,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/14/2010 3:31:17 PM
mbam-log-2010-06-14 (15-31-17).txt

Scan type: Quick scan
Objects scanned: 152692
Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\13892344 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\13892344\13892344.glu (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13892344\pc13892344cnf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13892344\pc13892344ins (Rogue.Multiple) -> Quarantined and deleted successfully.

Scanning Report
15 June 2010 20:33:50 - 01:40:06
Computer name: BACKOFFICE
Scanning type: Full scan
Target: C:\ + system + rootkits

Result: 1 malware found
Trojan.Script.3733 (virus)
· C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Outlook\outlook.pst

Statistics
Scanned:
· Files: 536465
· Not scanned: 2667
Result:
· Viruses: 1
· Spyware: 0
· Suspicious items: 0
· Riskware: 0
Actions:
· Disinfected: 0
· Renamed: 0
· Deleted: 0
· Quarantined: 0
· Failed: 0
Boot Sectors:
· Scanned: 2
· Infected: 0
· Suspicious items: 0
· Disinfected: 0
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP