Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antimalwaredoctor

Started by Tmare , Jul 26 2010 07:28 AM

  • Please log in to reply

#1
Tmare
Posted 26 July 2010 - 07:28 AM

Tmare

    Member

  • Member
  • PipPip
  • 63 posts
I have the Antimaldoctor and everytime I run the Malwarebytes program, it finds it and deletes it, but then when I reboot, it's back. I've run Max registry too!

Any ideas on how to get rid of this annoying adware program?
  • 0

Advertisements

#2
Tmare
Posted 26 July 2010 - 06:55 PM

Tmare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Here is the OTL file:

OTL logfile created on: 7/26/2010 8:36:55 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 283.00 Mb Available Physical Memory | 56.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.28 Gb Total Space | 46.86 Gb Free Space | 63.09% Space Free | Partition Type: NTFS
Drive D: | 505.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/24 16:30:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
PRC - [2010/07/24 16:29:10 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTH.scr
PRC - [2008/11/13 18:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2008/11/12 17:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 16:30:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/08 03:12:36 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/13 18:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2008/11/12 17:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2007/09/06 16:14:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/28 14:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 14:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 14:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 09:40:04 | 000,010,328 | ---- | M] (America Online) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2002/02/15 13:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\SSFS0BB9.SYS -- (SSFS0BB9)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\posvpn.sys -- (Posvpn)
DRV - [2010/07/25 17:57:21 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/25 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100725.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/25 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100725.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/24 16:02:21 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\dlgcgb.sys -- (dlgcgb)
DRV - [2010/06/08 02:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/24 16:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/02/12 12:29:45 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/12 12:29:43 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/12 17:02:28 | 000,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2008/11/12 17:02:26 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/11/12 17:02:26 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/09/06 16:14:28 | 000,395,080 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/07/03 20:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 20:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 20:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/11 12:44:10 | 000,050,416 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/02/06 23:54:49 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/12/16 20:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 06:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 06:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/19 20:23:29 | 000,011,648 | R--- | M] (Samsung electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamFlt.sys -- (CAMFLT)
DRV - [2005/06/02 07:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/07 21:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/02/11 13:51:00 | 000,033,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/10/09 13:51:00 | 000,014,944 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2000/09/11 13:51:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://search.search...10101039100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search...10101039100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/21 07:45:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EC441E6B-E088-4C6E-A6C5-1084B31300FB}: C:\Documents and Settings\Owner\Local Settings\Application Data\{EC441E6B-E088-4C6E-A6C5-1084B31300FB} [2010/07/25 13:19:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/05/21 07:45:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 19:15:01 | 000,000,000 | ---D | M]

[2008/09/07 21:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y6axkarx.default\extensions
[2010/07/25 10:47:11 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y6axkarx.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/04/16 19:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 19:09:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/16 19:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/04/16 19:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2006/10/11 04:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 04:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 04:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 04:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 04:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2009/01/06 18:50:04 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/07/23 06:37:38 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/07/26 10:19:32 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (moigh Object) - {1157BFEC-B6E1-4F88-BC20-28FB2265199E} - C:\WINDOWS\system32\wpegp.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (My Web Search Bar BHO) - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (My Web Search)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Anefegube] C:\WINDOWS\avibeyitamewiga.DLL (Sonic Solutions)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe ()
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Wireless Optical Mouse\MOffice.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\npegp.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe ()
O4 - HKLM..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe (Max Secure Software www.maxpcsecure.com)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Nyurexuluqizeva] C:\WINDOWS\mgtspn.DLL (MaresWEB)
O4 - HKCU..\Run: [setupupdate70700.exe] C:\Documents and Settings\Owner\Application Data\66A56397AA76EF41BC95724D6D556AE8\setupupdate70700.exe (MS)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Push Client.LNK = C:\Program Files\interwise\participant\pull.exe (AT&T Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: bytes-d0wnload.com ([malware] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: malwarebytes.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: malwareSupport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {03CC02A3-6098-4D0E-89D9-71041E7F5F86} https://secure2.posi...CX/56.5/WTP.cab (Reg Error: Key error.)
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} http://cw.sjhs.com/n...t/LocalExec.CAB (LocalExec Control)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://healthweb.st...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.236,93.188.166.216
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\hgGvstTJ: DllName - hgGvstTJ.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/18 23:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/04/23 19:51:42 | 000,000,028 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{16e8d4c1-f893-11dd-af49-0013025cea4c}\Shell - "" = AutoRun
O33 - MountPoints2\{16e8d4c1-f893-11dd-af49-0013025cea4c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16e8d4c1-f893-11dd-af49-0013025cea4c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 10:17:09 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2010/07/26 10:17:09 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2010/07/25 18:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
[2010/07/25 17:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec_Client_Security
[2010/07/25 13:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{EC441E6B-E088-4C6E-A6C5-1084B31300FB}
[2010/07/25 11:13:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 11:08:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/24 20:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eca
[2010/07/24 19:56:33 | 000,195,072 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Qqabab.exe
[2010/07/24 16:30:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/07/24 16:29:27 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTH.scr
[2010/07/24 14:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/07/24 14:02:17 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/07/24 14:02:16 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/07/24 14:02:16 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/07/24 14:02:16 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/07/24 14:01:57 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/24 14:01:54 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/24 14:01:54 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/24 14:01:50 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/24 14:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/24 14:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/07/24 14:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/24 13:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/24 13:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/24 13:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sky-Banners
[2010/07/24 13:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/07/24 13:10:27 | 000,195,072 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Qqabaa.exe
[2010/07/24 13:10:10 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/24 13:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\lhwfjgefn
[2010/07/24 13:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/24 13:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\66A56397AA76EF41BC95724D6D556AE8
[2010/07/01 07:52:17 | 000,000,000 | ---D | C] -- C:\weekly status reports
[2010/06/30 20:06:53 | 000,000,000 | ---D | C] -- C:\Firstnet changes
[2006/01/18 23:54:04 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[5 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/26 20:29:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/26 20:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 20:24:05 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/26 20:18:28 | 000,353,247 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/26 20:15:49 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\5c821c58.job
[2010/07/26 20:15:44 | 000,000,298 | -HS- | M] () -- C:\WINDOWS\tasks\vletc.job
[2010/07/26 20:15:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/26 20:14:05 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/26 20:14:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/26 16:11:21 | 138,311,712 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/07/26 16:11:21 | 001,622,744 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/07/26 16:09:59 | 000,001,903 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/07/26 14:12:58 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rgugitulo.dat
[2010/07/26 09:27:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bjepofowacehezu.bin
[2010/07/25 20:17:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI
[2010/07/25 18:00:17 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/07/25 17:57:21 | 000,124,167 | ---- | M] () -- C:\WINDOWS\System32\SYMEVNT.386
[2010/07/25 17:57:21 | 000,083,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/25 17:57:21 | 000,073,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/25 13:18:42 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System\SYSRegC.dll
[2010/07/25 11:13:37 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/24 20:06:46 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{82F54788-9780-11DF-BCED-00038A000015}.job
[2010/07/24 19:58:44 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/24 16:30:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/07/24 16:29:10 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTH.scr
[2010/07/24 16:02:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\dlgcgb.sys
[2010/07/24 16:00:20 | 000,002,804 | ---- | M] () -- C:\WINDOWS\utoponamevede.dll
[2010/07/24 14:15:47 | 000,002,804 | ---- | M] () -- C:\WINDOWS\inilihiwekesu.dll
[2010/07/24 14:01:53 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/24 13:25:20 | 000,002,804 | ---- | M] () -- C:\WINDOWS\abihifopawuqewi.dll
[2010/07/24 13:10:40 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\bthci1.dll
[2010/07/24 13:09:40 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Qqabaa.exe
[2010/07/24 13:09:39 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Qqabab.exe
[2010/07/22 18:12:47 | 000,177,402 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BillPayProofOfPaymentPDF.pdf
[2010/07/19 20:11:01 | 000,767,928 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/16 00:11:36 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\wpegp.dll
[2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\npegp.exe
[2010/07/05 08:16:12 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{C3CE20A4-0B31-11DE-8FB9-0013025CEA4C}.job
[2010/07/05 01:31:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/07/01 20:39:40 | 001,331,712 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\firstnet to emap.doc
[2010/07/01 20:37:23 | 000,004,890 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sjhs_0011331310180_dp_1
[2010/06/30 20:06:41 | 000,601,600 | ---- | M] () -- C:\Proposed Changes for New Version of Depart Process.doc
[2010/06/29 20:15:12 | 000,011,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nursing_Communication_Known_Issues.xlsx
[5 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 20:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/07/25 17:48:29 | 000,001,903 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/07/25 13:19:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rgugitulo.dat
[2010/07/25 13:19:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bjepofowacehezu.bin
[2010/07/25 11:13:37 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/24 20:06:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{82F54788-9780-11DF-BCED-00038A000015}.job
[2010/07/24 16:00:15 | 000,002,804 | ---- | C] () -- C:\WINDOWS\utoponamevede.dll
[2010/07/24 15:51:32 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System\SYSRegC.dll
[2010/07/24 14:15:44 | 000,002,804 | ---- | C] () -- C:\WINDOWS\inilihiwekesu.dll
[2010/07/24 14:02:17 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/07/24 14:02:17 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/07/24 14:02:17 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/24 14:02:17 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/07/24 14:02:17 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/07/24 14:02:17 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/07/24 14:01:57 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/24 14:01:54 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/24 14:01:54 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/24 14:01:53 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/24 14:01:50 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/24 13:25:20 | 000,002,804 | ---- | C] () -- C:\WINDOWS\abihifopawuqewi.dll
[2010/07/24 13:10:41 | 000,000,298 | -HS- | C] () -- C:\WINDOWS\tasks\vletc.job
[2010/07/24 13:10:40 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\bthci1.dll
[2010/07/24 13:10:32 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/24 13:10:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\dlgcgb.sys
[2010/07/24 13:09:44 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\tasks\5c821c58.job
[2010/07/22 18:12:47 | 000,177,402 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BillPayProofOfPaymentPDF.pdf
[2010/07/16 00:11:36 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\wpegp.dll
[2010/07/13 20:43:22 | 000,040,581 | ---- | C] () -- C:\WINDOWS\System32\npegp.exe
[2010/07/01 20:37:20 | 000,004,890 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sjhs_0011331310180_dp_1
[2010/07/01 20:32:22 | 001,331,712 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\firstnet to emap.doc
[2010/06/30 20:06:40 | 000,601,600 | ---- | C] () -- C:\Proposed Changes for New Version of Depart Process.doc
[2010/06/29 20:15:10 | 000,011,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nursing_Communication_Known_Issues.xlsx
[2010/02/26 18:58:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/04/13 19:00:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/06/01 17:54:17 | 000,700,416 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2007/06/01 17:54:17 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2007/06/01 17:54:17 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\mcs_vfw.dll
[2007/06/01 17:53:49 | 000,057,344 | R--- | C] () -- C:\WINDOWS\HAJEInstall.dll
[2007/03/20 19:16:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/20 18:20:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/11/06 19:51:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/09 19:27:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/09 13:15:05 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/09/01 14:03:12 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/08/24 11:07:45 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/06/20 00:18:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/19 00:41:58 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/19 00:31:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/19 00:31:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/19 00:31:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/19 00:31:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/19 00:31:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/19 00:31:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/19 00:29:14 | 000,000,211 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/19 00:12:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/01/19 00:04:55 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/01/19 00:04:55 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/01/19 00:03:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/01/18 23:57:31 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/01/18 23:57:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/01/18 23:57:31 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/01/18 23:57:31 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/01/18 23:54:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/01/18 23:50:48 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/18 23:27:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/18 23:20:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/18 22:05:17 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/29 00:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 18:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/05/07 20:00:00 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2004/07/20 21:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 22:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
MBT
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP