Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something strange going on!


  • Please log in to reply

#1
pebblz72

pebblz72

    New Member

  • Member
  • Pip
  • 6 posts
Hi Guys,
I have managed to download a virus of some description that is slowly eating my computer up!
Norton SONAR came up then everything went bad!!!
I have had to uninstall Norton, I have no IE but outlook express is fine.
Comp keeps shutting down.
I have downloaded virus removal progs to this comp and tried to install them on other comp but nothing will install.
I managed a Hijack this log, hopefully someone can help!

Cheers,
Debbie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:40 AM, on 21/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\PLFSetL.exe
C:\Acer\Empowering Technology\eLock\Service\startelock.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [StarteLock] "C:\Acer\Empowering Technology\eLock\Service\startelock.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1258487615515
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://www.optimusex...n.Installer.exe
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BC9DF0F-A471-4D87-977A-387B333335CE}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8326 bytes
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,717 posts
  • MVP
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BC9DF0F-A471-4D87-977A-387B333335CE}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A319B0F-B708-4EFF-86BB-7272BA7F7740}: NameServer = 93.188.162.246,93.188.160.56
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56

Indicate you have something which has hijacked your DNS so that you are using a DNS in the Ukraine. I don't see anything else that is obviously bad (HJT is not the best for this sort of thing) but it may be that your SafeOnline BHO is keeping the browser from going to the bad sites that the Ukraine DNS is trying to send you to. You can try checking them and Fix Checked but they probably won't go away. Anyway we can manually change the DNS to use a good dns and see if that helps tho there is probably more hidden away. On your good computer:
Start, Run, cmd, OK to bring up a command prompt then type:

ipconfig /all

(space before the /)

(Note the DNS server addresses. If they are not the same as those in the O17 lines on the bad one then we can use them so write them down.)

On the sick PC:

1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type one of the DNS addresses from your good PC in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot.

Run another HJT scan and log and post the results. Any change to your browser working?

I'd really like to see an OTL scan. (Step 5 of http://www.geekstogo...cleaning-guide/) If it won't run as is you can download other versions which might:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

or:
www.itxassociates.com/OT-Tools/OTL.com
www.itxassociates.com/OT-Tools/OTL.scr

If you could run MBAM (Step 1) that would be good too.

Please copy and paste your logs. Do not attach them.

Ron
  • 0

#3
pebblz72

pebblz72

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron,
Thanks for the reply.
I had forgotten about my post as I managed to fix the problem by reading through the posts on here.
I managed to install Microsoft Security Essentials but then I couldn't download the updates so i downloaded them on the good pc and manually installed them on my sick laptop. MSE picked up the following:

Virus:Win32/Alureon.H in file:C:\System Volume Information\_restore{AFDD5784-4FFA-413C-84B1-64EE165D77E0}\RP6\A0003722.sys

VirTool:JS/Obfuscator.Y in rootkit:Alureon->symc810

TrojanDownloader:Java/OpenStream.AL in containerfile:C:\Documents and Settings\Debbie Reichelt\Application Data\Sun\Java\Deployment\cache\6.0\4\70e22204-50aea6ba
file:C:\Documents and Settings\Debbie Reichelt\Application Data\Sun\Java\Deployment\cache\6.0\4\70e22204-50aea6ba->bpac/a.class

VirTool:JS/Obfuscator.Y in file:C:\Documents and Settings\Debbie Reichelt\Local Settings\Temporary Internet Files\Content.IE5\IF7YWH0D\yqazfsbvfvkzkpg5[1].php

After these had been fixed Iwas then able to run Malwarebytes Anti Malware which picked up the following:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/10/2010 3:25:59 PM
mbam-log-2010-10-21 (15-25-59).txt

Scan type: Quick scan
Objects scanned: 127530
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.246,93.188.160.56 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

After this my laptop was working great and I have had no probs since!

I did the OTL file anyway and hopefully i am all clean.

OTL.txt:
OTL logfile created on: 30/10/2010 12:21:19 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Debbie Reichelt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 41.25 Gb Free Space | 59.22% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 66.58 Gb Free Space | 95.61% Space Free | Partition Type: NTFS

Computer Name: FLAPPY | User Name: Debbie Reichelt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/30 12:21:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/06/30 15:05:28 | 004,496,448 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2009-10\QBW32.EXE
PRC - [2009/03/24 23:43:52 | 000,126,016 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009-10\QBDBMgr.exe
PRC - [2009/03/24 23:42:38 | 000,121,920 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2008/09/02 21:16:28 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Temp\RtkBtMnt.exe
PRC - [2008/04/14 11:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 04:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/07/05 12:35:54 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2007/06/14 06:55:52 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/05/18 13:14:38 | 000,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common-Use Signing Interface\JRE\bin\javawforcsi.exe
PRC - [2007/03/22 07:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/22 07:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/10/30 12:21:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/24 23:46:34 | 000,068,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/03/24 22:35:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/03/22 07:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/10/21 14:56:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2008/09/02 21:13:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/06/27 09:52:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/05/09 01:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 05:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/14 05:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/14 05:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/09/21 15:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/08 05:16:08 | 000,215,904 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/06/06 09:48:58 | 005,761,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/31 14:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/02 21:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/03/22 06:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/17 09:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/23 05:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/23 05:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/23 05:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/08/29 12:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/01/21 08:42:38 | 000,017,408 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2001/08/18 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 07:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearsh...&systemid=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/01/06 10:55:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/14 06:58:21 | 000,000,000 | ---D | M]

[2009/01/06 10:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Extensions
[2010/10/27 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\extensions
[2009/01/06 11:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/10/20 16:17:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/14 23:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\searchplugins\BearShareWebSearch.xml
[2010/10/20 19:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 09:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/16 14:05:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 06:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/01/05 02:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 23:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2008/01/05 02:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/09/23 06:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/05 02:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [Preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [StarteLock] C:\Acer\Empowering Technology\eLock\Service\startelock.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258487615515 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.optimusex...n.Installer.exe (Reg Error: Key error.)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 12:21:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
[2010/10/27 18:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\My Received Files
[2010/10/27 18:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\BearShare
[2010/10/27 18:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\BearShare
[2010/10/27 18:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/10/27 18:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\PackageAware
[2010/10/24 12:05:04 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/10/24 10:57:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2010/10/24 10:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/10/24 10:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Downloads
[2010/10/24 10:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/10/24 10:40:07 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/10/24 10:40:07 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2010/10/24 10:40:07 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msflxgrd.ocx
[2010/10/24 10:40:06 | 000,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2010/10/21 15:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Malwarebytes
[2010/10/21 14:56:34 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\drivers\SYMC810.SYS
[2010/10/21 12:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/21 12:55:36 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/21 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\PCHealth
[2010/10/21 12:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/10/21 12:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/21 12:11:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/21 11:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/10/21 11:29:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/21 11:29:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/21 11:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/21 11:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/21 11:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2010/10/20 22:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/20 21:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/20 20:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/20 20:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/10/20 19:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/10/20 19:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Symantec
[2010/10/20 18:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Promosoft Corporation
[2010/10/20 18:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Registry Mechanic
[2010/10/20 18:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/20 15:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/10/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Microsoft_Corporation
[2010/10/17 15:20:04 | 000,047,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
[2010/10/17 15:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Integration Services Script Component
[2010/10/17 15:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Integration Services Script Task
[2010/10/17 15:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\SQL Server Management Studio
[2010/10/17 15:16:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2010/10/17 15:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/17 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Visual Studio 2008
[2010/10/17 15:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/10/17 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/17 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/10/17 15:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/10/17 15:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/17 15:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/10/17 06:18:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/17 06:18:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/17 06:18:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/04 16:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/17 03:43:35 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/11/17 03:43:35 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/11/17 03:29:47 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/30 12:21:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
[2010/10/30 12:18:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/30 06:53:35 | 000,520,428 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/30 06:53:35 | 000,100,856 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/30 06:49:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 06:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/30 06:49:14 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 21:30:12 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/10/21 21:30:09 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\HiJackThis.lnk
[2010/10/21 14:56:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\drivers\SYMC810.SYS
[2010/10/21 12:18:59 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Debbie Reichelt\NTUSER.bak
[2010/10/20 22:00:52 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 22:00:40 | 000,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/20 20:46:56 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/10/20 17:55:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 12:19:44 | 000,000,210 | ---- | M] () -- C:\WINDOWS\qbw.ini
[2010/10/20 07:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/14 18:08:44 | 000,369,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:10:55 | 000,529,770 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan3.jpg
[2010/10/13 12:06:49 | 000,735,018 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\black1.jpg
[2010/10/13 12:06:22 | 000,650,891 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan2.jpg
[2010/10/13 12:06:10 | 000,848,318 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan1.jpg
[2010/10/07 12:45:04 | 000,973,856 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\imprint.jpg
[2010/10/07 12:44:23 | 000,776,149 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan2.jpg
[2010/10/07 12:44:11 | 001,026,497 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan1.jpg
[2010/10/07 12:43:50 | 000,966,011 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\skirt.jpg
[2010/10/07 12:43:35 | 000,543,632 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\nivea.jpg
[2010/09/30 13:13:59 | 000,263,218 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tarp2.jpg
[2010/09/30 13:13:37 | 000,223,542 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tarp1.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 11:19:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/10/24 10:57:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/10/24 10:57:24 | 000,002,395 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/10/21 12:37:42 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/21 12:18:47 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Debbie Reichelt\NTUSER.tmp.LOG
[2010/10/20 22:12:28 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\HiJackThis.lnk
[2010/10/20 22:00:52 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 20:38:49 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/20 17:54:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/13 12:06:48 | 000,735,018 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\black1.jpg
[2010/10/13 12:06:34 | 000,529,770 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan3.jpg
[2010/10/13 12:06:21 | 000,650,891 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan2.jpg
[2010/10/13 12:06:10 | 000,848,318 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan1.jpg
[2010/10/07 12:45:04 | 000,973,856 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\imprint.jpg
[2010/10/07 12:44:23 | 000,776,149 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan2.jpg
[2010/10/07 12:44:10 | 001,026,497 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan1.jpg
[2010/10/07 12:43:50 | 000,966,011 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\skirt.jpg
[2010/10/07 12:43:35 | 000,543,632 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\nivea.jpg
[2010/09/30 13:13:59 | 000,263,218 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tarp2.jpg
[2010/09/30 13:13:37 | 000,223,542 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tarp1.jpg
[2010/07/15 11:52:35 | 000,089,004 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\FASTWiz.log
[2010/06/02 17:23:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\bibstats
[2010/04/25 21:47:33 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 18:14:36 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/22 13:14:02 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2009/06/22 13:12:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/11/30 20:09:24 | 000,000,210 | ---- | C] () -- C:\WINDOWS\qbw.ini
[2008/11/17 03:45:13 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\fusioncache.dat
[2008/11/17 03:43:37 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/11/17 03:43:37 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/11/17 03:43:35 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2008/11/17 03:43:35 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2008/11/17 03:43:35 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2008/11/17 03:43:35 | 000,000,131 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/11/17 03:28:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/11/16 15:07:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PS_setup.ini
[2008/11/16 15:01:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/16 13:57:59 | 000,000,142 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2008/11/16 13:23:31 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/02 22:16:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/02 21:14:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/09/02 21:13:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/09/02 21:13:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/09/02 21:13:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/09/18 12:38:28 | 000,018,224 | ---- | C] () -- C:\Program Files\Readme.txt
[2007/06/06 10:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/06/06 09:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/08/29 12:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/03/11 08:18:16 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/18 07:22:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/05 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/05 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/05 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/05 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/05 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/11/25 09:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/25 09:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2001/12/27 09:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 16:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/31 09:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 15:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Debbie Reichelt\Desktop\daz&baz.ncd:SummaryInformation
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Extras.txt:
OTL Extras logfile created on: 30/10/2010 12:21:19 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Debbie Reichelt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 41.25 Gb Free Space | 59.22% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 66.58 Gb Free Space | 95.61% Space Free | Partition Type: NTFS

Computer Name: FLAPPY | User Name: Debbie Reichelt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Intuit\QuickBooks 2009-10\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009-10\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = PhotoStudio
"{26A24AE4-039D-4CA4-87B4-2F83216013FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216017FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216021FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216022FB}" =
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB945282" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB951708" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB954740" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB957259" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB957912" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB957944" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB958396" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB960075" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB960075v2" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB963035" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB968436" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB971932" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB973462" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB973947" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB974158" =
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}.KB974328" =
"{533FA314-B631-4FDA-BF0F-DEF9EC338798}" = LG PC Suite II
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78446B26-6A1E-4429-9F1A-F787777D500C}" = QuickBooks 2009-10 Service Pack 1
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7E545666-F421-45FD-B3DF-C0B99A1A579F}" = QuickBooks Plus 2008-09
"{7E629FEA-1615-4220-8D04-3C0C1FD24D21}" =
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{937C6F96-CEA5-4B97-848D-1328BD8D59D4}" = ECI Client v5.2
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
"{AB4E6854-A093-4E23-AAB8-60A0800BB590}" = AUSkey software 1.3.13.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{BB49AC20-B121-49d7-81D1-A64F81C5B37E}" = QuickBooks Pro 2009-10
"{BB8B979E-E336-47E7-96BC-1031C1B94561}" =
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583" =
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"Acer English Online Help Creator" =
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BP Plus Online.url" = BP Plus Online.url
"Branding" =
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Common-Use Signing Interface" = Common-Use Signing Interface
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"Fontcore" =
"HDMI" = Intel® Graphics Media Accelerator Driver
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Legacy 4.0" = Legacy 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"MobileOptionPack" =
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MPlayer2" =
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OutlookExpress" =
"Paint Shop Pro 6" = Paint Shop Pro 6.02 ESD
"PCHealth" =
"SchedulingAgent" =
"ST6UNST #1" = The Knitting Gauge Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WIC" =
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks again for the reply Ron,

Debbie
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,717 posts
  • MVP
I'm leaving tomorrow on a cross-country trip with no laptop so will be off-line for a while.

Your OTL doesn't look too bad - just some remnants we can clean up:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.optimusex...n.Installer.exe (Reg Error: Key error.)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
     
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I don't like that your event logs aren't working.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Double click on TDSSKiller.exe
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron
  • 0

#5
pebblz72

pebblz72

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron,
I did the fix but it didn't reboot or save the log.
Here is the log after running the quick scan:

OTL logfile created on: 30/10/2010 1:57:54 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Debbie Reichelt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 41.20 Gb Free Space | 59.16% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 66.58 Gb Free Space | 95.61% Space Free | Partition Type: NTFS

Computer Name: FLAPPY | User Name: Debbie Reichelt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/30 12:21:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/06/30 15:05:28 | 004,496,448 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2009-10\QBW32.EXE
PRC - [2009/03/24 23:43:52 | 000,126,016 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009-10\QBDBMgr.exe
PRC - [2009/03/24 23:42:38 | 000,121,920 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2008/09/02 21:16:28 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Temp\RtkBtMnt.exe
PRC - [2008/04/14 11:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 04:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/07/05 12:35:54 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2007/06/14 06:55:52 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/05/18 13:14:38 | 000,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common-Use Signing Interface\JRE\bin\javawforcsi.exe
PRC - [2007/03/22 07:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/22 07:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/10/30 12:21:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/24 23:46:34 | 000,068,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/03/24 22:35:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/03/22 07:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/10/21 14:56:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2008/09/02 21:13:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/06/27 09:52:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/05/09 01:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 05:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/14 05:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/14 05:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/09/21 15:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/08 05:16:08 | 000,215,904 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/06/06 09:48:58 | 005,761,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/31 14:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/02 21:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/03/22 06:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/17 09:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/23 05:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/23 05:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/23 05:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/08/29 12:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/01/21 08:42:38 | 000,017,408 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2001/08/18 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 07:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearsh...&systemid=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/01/06 10:55:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/14 06:58:21 | 000,000,000 | ---D | M]

[2009/01/06 10:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Extensions
[2010/10/27 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\extensions
[2009/01/06 11:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/10/20 16:17:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/14 23:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\Mozilla\Firefox\Profiles\z80xbs6w.default\searchplugins\BearShareWebSearch.xml
[2010/10/20 19:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 09:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/16 14:05:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 06:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/01/05 02:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 23:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2008/01/05 02:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/09/23 06:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/05 02:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [Preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [StarteLock] C:\Acer\Empowering Technology\eLock\Service\startelock.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258487615515 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 13:54:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/30 12:21:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
[2010/10/27 18:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\My Received Files
[2010/10/27 18:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\BearShare
[2010/10/27 18:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\BearShare
[2010/10/27 18:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/10/27 18:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\PackageAware
[2010/10/24 10:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/10/24 10:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Downloads
[2010/10/24 10:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/10/24 10:40:07 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/10/24 10:40:07 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2010/10/24 10:40:06 | 000,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2010/10/21 15:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Malwarebytes
[2010/10/21 12:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/21 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\PCHealth
[2010/10/21 12:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/10/21 12:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/21 12:11:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/21 11:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/10/21 11:29:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/21 11:29:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/21 11:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/21 11:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/21 11:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2010/10/20 22:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/20 21:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/20 20:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/20 20:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/10/20 19:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/10/20 19:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Symantec
[2010/10/20 18:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Promosoft Corporation
[2010/10/20 18:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Registry Mechanic
[2010/10/20 18:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/20 15:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/10/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\Microsoft_Corporation
[2010/10/17 15:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Integration Services Script Component
[2010/10/17 15:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Integration Services Script Task
[2010/10/17 15:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\SQL Server Management Studio
[2010/10/17 15:16:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2010/10/17 15:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/17 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie Reichelt\My Documents\Visual Studio 2008
[2010/10/17 15:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/10/17 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/17 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/10/17 15:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/10/17 15:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/17 15:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/10/04 16:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/17 03:43:35 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/11/17 03:43:35 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/11/17 03:29:47 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/30 12:41:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/30 12:21:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie Reichelt\Desktop\OTL.exe
[2010/10/30 06:53:35 | 000,520,428 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/30 06:53:35 | 000,100,856 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/30 06:49:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 06:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/30 06:49:14 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 21:30:12 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/10/21 21:30:09 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\HiJackThis.lnk
[2010/10/21 12:18:59 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Debbie Reichelt\NTUSER.bak
[2010/10/20 22:00:52 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 22:00:40 | 000,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/20 20:46:56 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/10/20 17:55:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 12:19:44 | 000,000,210 | ---- | M] () -- C:\WINDOWS\qbw.ini
[2010/10/14 18:08:44 | 000,369,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:10:55 | 000,529,770 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan3.jpg
[2010/10/13 12:06:49 | 000,735,018 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\black1.jpg
[2010/10/13 12:06:22 | 000,650,891 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan2.jpg
[2010/10/13 12:06:10 | 000,848,318 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan1.jpg
[2010/10/07 12:45:04 | 000,973,856 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\imprint.jpg
[2010/10/07 12:44:23 | 000,776,149 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan2.jpg
[2010/10/07 12:44:11 | 001,026,497 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan1.jpg
[2010/10/07 12:43:50 | 000,966,011 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\skirt.jpg
[2010/10/07 12:43:35 | 000,543,632 | ---- | M] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\nivea.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 11:19:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/10/24 10:57:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/10/24 10:57:24 | 000,002,395 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/10/21 12:37:42 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/21 12:18:47 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Debbie Reichelt\NTUSER.tmp.LOG
[2010/10/20 22:12:28 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\HiJackThis.lnk
[2010/10/20 22:00:52 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 20:38:49 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/20 17:54:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/13 12:06:48 | 000,735,018 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\black1.jpg
[2010/10/13 12:06:34 | 000,529,770 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan3.jpg
[2010/10/13 12:06:21 | 000,650,891 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan2.jpg
[2010/10/13 12:06:10 | 000,848,318 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\tan1.jpg
[2010/10/07 12:45:04 | 000,973,856 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\imprint.jpg
[2010/10/07 12:44:23 | 000,776,149 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan2.jpg
[2010/10/07 12:44:10 | 001,026,497 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\kaftan1.jpg
[2010/10/07 12:43:50 | 000,966,011 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\skirt.jpg
[2010/10/07 12:43:35 | 000,543,632 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Desktop\nivea.jpg
[2010/07/15 11:52:35 | 000,089,004 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\FASTWiz.log
[2010/06/02 17:23:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Application Data\bibstats
[2010/04/25 21:47:33 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 18:14:36 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/22 13:14:02 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2009/06/22 13:12:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/11/30 20:09:24 | 000,000,210 | ---- | C] () -- C:\WINDOWS\qbw.ini
[2008/11/17 03:45:13 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Debbie Reichelt\Local Settings\Application Data\fusioncache.dat
[2008/11/17 03:43:37 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/11/17 03:43:37 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/11/17 03:43:35 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2008/11/17 03:43:35 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2008/11/17 03:43:35 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2008/11/17 03:43:35 | 000,000,131 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/11/17 03:28:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/11/16 15:07:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PS_setup.ini
[2008/11/16 15:01:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/16 13:57:59 | 000,000,142 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2008/11/16 13:23:31 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/02 22:16:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/02 21:14:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/09/02 21:13:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/09/02 21:13:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/09/02 21:13:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/09/18 12:38:28 | 000,018,224 | ---- | C] () -- C:\Program Files\Readme.txt
[2007/06/06 10:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/06/06 09:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/08/29 12:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/03/11 08:18:16 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/18 07:22:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/11/25 09:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/25 09:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2001/12/27 09:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 16:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/31 09:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 15:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/11/16 16:38:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/11/17 04:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/24 10:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/10/24 12:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/10/20 20:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/04 17:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/04/02 07:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2010/04/24 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/10/21 15:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/10/20 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/16 12:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{53608B89-D534-4FA6-B348-02EF7D3C693C}
[2010/10/30 08:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\AUSkey
[2009/09/07 18:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Canon
[2010/02/06 21:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Facebook
[2010/09/06 16:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\LG Electronics
[2009/04/02 07:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\MyHeritage
[2009/04/24 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\OpenOffice.org
[2009/10/17 13:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\RecoveryFix for Outlook Express (Evaluation version)
[2010/10/20 18:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie Reichelt\Application Data\Registry Mechanic
[2010/10/30 12:41:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Debbie Reichelt\Desktop\daz&baz.ncd:SummaryInformation
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

I am about to start on the rest of your instructions.

Debbie
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,717 posts
  • MVP
Appears to have worked anyway.

Ron
  • 0

#7
pebblz72

pebblz72

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron,
Does that mean i'm clean?

I ran combofix but i can't find the report.
Any idea where it might be?

Debbie
  • 0

#8
pebblz72

pebblz72

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron,

Here is the TDDSKiller report:

2010/10/30 15:05:34.0171 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/30 15:05:34.0171 ================================================================================
2010/10/30 15:05:34.0171 SystemInfo:
2010/10/30 15:05:34.0171
2010/10/30 15:05:34.0171 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/30 15:05:34.0171 Product type: Workstation
2010/10/30 15:05:34.0187 ComputerName: FLAPPY
2010/10/30 15:05:34.0187 UserName: Debbie Reichelt
2010/10/30 15:05:34.0187 Windows directory: C:\WINDOWS
2010/10/30 15:05:34.0187 System windows directory: C:\WINDOWS
2010/10/30 15:05:34.0187 Processor architecture: Intel x86
2010/10/30 15:05:34.0187 Number of processors: 2
2010/10/30 15:05:34.0187 Page size: 0x1000
2010/10/30 15:05:34.0187 Boot type: Normal boot
2010/10/30 15:05:34.0187 ================================================================================
2010/10/30 15:05:34.0734 Initialize success
2010/10/30 15:05:38.0421 ================================================================================
2010/10/30 15:05:38.0421 Scan started
2010/10/30 15:05:38.0421 Mode: Manual;
2010/10/30 15:05:38.0421 ================================================================================
2010/10/30 15:05:39.0343 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/30 15:05:39.0375 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/30 15:05:39.0406 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/30 15:05:39.0421 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/30 15:05:39.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/30 15:05:39.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/30 15:05:39.0656 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/30 15:05:39.0671 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/30 15:05:39.0687 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/30 15:05:39.0718 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/30 15:05:39.0734 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/30 15:05:39.0765 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/30 15:05:39.0781 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/30 15:05:39.0796 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/30 15:05:39.0812 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/30 15:05:39.0875 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/30 15:05:40.0000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/30 15:05:40.0015 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/30 15:05:40.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/30 15:05:40.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/30 15:05:40.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/30 15:05:40.0171 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/30 15:05:40.0203 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/30 15:05:40.0343 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/30 15:05:40.0421 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/30 15:05:40.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/30 15:05:40.0671 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/30 15:05:40.0703 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/10/30 15:05:40.0718 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/30 15:05:40.0781 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/30 15:05:40.0921 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/30 15:05:41.0187 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/30 15:05:41.0203 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/30 15:05:41.0250 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/30 15:05:41.0265 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/30 15:05:41.0312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/30 15:05:41.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/30 15:05:41.0343 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/30 15:05:41.0531 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/30 15:05:41.0687 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/30 15:05:41.0828 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/30 15:05:42.0000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/30 15:05:42.0062 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/30 15:05:42.0078 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/30 15:05:42.0109 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/30 15:05:42.0140 DKbFltr (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/10/30 15:05:42.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/30 15:05:42.0421 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/30 15:05:42.0437 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/30 15:05:42.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/30 15:05:42.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/30 15:05:42.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/30 15:05:42.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/30 15:05:42.0609 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/30 15:05:42.0734 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/10/30 15:05:42.0781 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/30 15:05:42.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/30 15:05:42.0859 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/30 15:05:42.0968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/30 15:05:43.0000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/30 15:05:43.0031 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/10/30 15:05:43.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/30 15:05:43.0203 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/10/30 15:05:43.0265 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/30 15:05:43.0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/30 15:05:43.0453 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/30 15:05:43.0515 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/30 15:05:43.0562 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/30 15:05:43.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/30 15:05:43.0812 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/30 15:05:43.0859 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/30 15:05:43.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/30 15:05:44.0109 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/30 15:05:44.0359 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/10/30 15:05:44.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/30 15:05:44.0562 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/30 15:05:44.0718 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/30 15:05:44.0875 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/30 15:05:44.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/30 15:05:44.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/30 15:05:45.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/30 15:05:45.0125 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/30 15:05:45.0187 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/30 15:05:45.0203 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/30 15:05:45.0234 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/10/30 15:05:45.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/30 15:05:45.0390 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/30 15:05:45.0437 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/30 15:05:45.0562 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/30 15:05:45.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/30 15:05:45.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/30 15:05:45.0859 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/30 15:05:45.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/30 15:05:45.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/30 15:05:46.0078 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/30 15:05:46.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/30 15:05:46.0250 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/30 15:05:46.0281 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/10/30 15:05:46.0328 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2010/10/30 15:05:46.0453 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/30 15:05:46.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/30 15:05:46.0546 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/30 15:05:46.0765 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/30 15:05:46.0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/30 15:05:46.0843 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/30 15:05:46.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/30 15:05:47.0000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/30 15:05:47.0046 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/30 15:05:47.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/30 15:05:47.0203 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/30 15:05:47.0250 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/30 15:05:47.0390 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/30 15:05:47.0406 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/30 15:05:47.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/30 15:05:47.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/30 15:05:47.0484 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/30 15:05:47.0609 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/30 15:05:47.0671 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/30 15:05:47.0750 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/30 15:05:47.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/30 15:05:47.0906 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2010/10/30 15:05:47.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/30 15:05:48.0093 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/10/30 15:05:48.0125 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/30 15:05:48.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/30 15:05:48.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/30 15:05:48.0234 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/30 15:05:48.0359 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/30 15:05:48.0406 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/30 15:05:48.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/30 15:05:48.0546 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2010/10/30 15:05:48.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/30 15:05:48.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/30 15:05:48.0687 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/30 15:05:48.0781 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/30 15:05:48.0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/30 15:05:48.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/30 15:05:49.0000 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/30 15:05:49.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/30 15:05:49.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/30 15:05:49.0078 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/30 15:05:49.0093 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/30 15:05:49.0125 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/30 15:05:49.0140 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/30 15:05:49.0156 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/30 15:05:49.0187 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/30 15:05:49.0312 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/30 15:05:49.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/30 15:05:49.0375 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/30 15:05:49.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/30 15:05:49.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/30 15:05:49.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/30 15:05:49.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/30 15:05:49.0640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/30 15:05:49.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/30 15:05:49.0828 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/30 15:05:49.0875 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2010/10/30 15:05:49.0953 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
2010/10/30 15:05:50.0109 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/30 15:05:50.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/30 15:05:50.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/30 15:05:50.0359 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/10/30 15:05:50.0390 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/10/30 15:05:50.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/30 15:05:50.0625 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/30 15:05:50.0656 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/30 15:05:50.0750 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/10/30 15:05:50.0906 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/30 15:05:50.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/30 15:05:51.0000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/30 15:05:51.0046 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/30 15:05:51.0187 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/30 15:05:51.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/30 15:05:51.0250 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/30 15:05:51.0390 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\SYMC810.SYS
2010/10/30 15:05:51.0515 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/30 15:05:51.0531 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/30 15:05:51.0562 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/30 15:05:51.0609 SynTP (cc5da243cfdac58fc0408f7ce24084c5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/30 15:05:51.0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/30 15:05:51.0812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/30 15:05:51.0937 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/30 15:05:51.0968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/30 15:05:52.0000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/30 15:05:52.0062 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
2010/10/30 15:05:52.0203 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/30 15:05:52.0218 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2010/10/30 15:05:52.0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/30 15:05:52.0421 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/30 15:05:52.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/30 15:05:52.0625 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/30 15:05:52.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/30 15:05:52.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/30 15:05:52.0843 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/30 15:05:52.0875 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/30 15:05:52.0906 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/30 15:05:52.0921 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/30 15:05:53.0062 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/30 15:05:53.0125 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/30 15:05:53.0140 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/30 15:05:53.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/30 15:05:53.0296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/30 15:05:53.0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/30 15:05:53.0390 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/30 15:05:53.0453 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/30 15:05:53.0640 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/30 15:05:53.0687 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/30 15:05:53.0843 ================================================================================
2010/10/30 15:05:53.0843 Scan finished
2010/10/30 15:05:53.0843 ================================================================================
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,717 posts
  • MVP
Can't tell without the combofix log which should be at:

C:\Combofix.txt

Start, Run, cmd, OK then type:

notepad \combofix.txt

(Space before \)

Ron
  • 0

#10
pebblz72

pebblz72

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi again

Here is the bitdefender report:


QuickScan Beta 32-bit v0.9.9.50
-------------------------------
Scan date: Sat Oct 30 15:08:56 2010
Machine ID: E445B10F



No infection found.
-------------------



Processes
---------
Acer Launch Manager 568 C:\PROGRA~1\LAUNCH~1\LManager.exe
Intel® Common User Interface 1304 C:\WINDOWS\system32\igfxext.exe
Intel® Common User Interface 504 C:\WINDOWS\system32\igfxpers.exe
Intel® Common User Interface 560 C:\WINDOWS\system32\igfxsrvc.exe
Java™ Platform SE 6 U22 204 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 604 C:\Program Files\Common Files\Java\Java Update\jusched.exe
LightScribe 684 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Microsoft Distributed Transaction Coord 1888 C:\WINDOWS\system32\msdtc.exe
Microsoft Malware Protection 3480 C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
Microsoft Malware Protection 1128 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
Microsoft Message Queue 2484 C:\WINDOWS\system32\mqsvc.exe
Microsoft Message Queue 2972 C:\WINDOWS\system32\mqtgsvc.exe
Microsoft Security Essentials 648 C:\Program Files\Microsoft Security Essentials\msseces.exe
Microsoft SQL Server 2328 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Microsoft SQL Server 2356 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
Microsoft SQL Server 284 C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
Microsoft® Windows® Operating System 1948 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 3468 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 744 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\rundll32.exe
Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 480 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 1668 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1164 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2404 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1312 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1416 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1740 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 164 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 964 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 724 C:\WINDOWS\system32\winlogon.exe
PowerDVD 264 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
RAID Event Monitor 228 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RAID Monitor 296 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
Realtek HD Audio Data Rerouter 1624 C:\DOCUME~1\DEBBIE~1\LOCALS~1\temp\RtkBtMnt.exe
Realtek HD Audio Sound Effect Manager 400 C:\WINDOWS\RTHDCPL.exe
RichVideo Module 2224 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
sonix DefaultSettingEXE 512 C:\WINDOWS\PLFSetL.exe
Synaptics Pointing Device Driver 576 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Windows® Internet Explorer 1356 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 632 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 2732 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1356) connected on port 80 (HTTP) --> 173.223.232.10
Process iexplore.exe (1356) connected on port 80 (HTTP) --> 66.235.143.54
Process iexplore.exe (1356) connected on port 80 (HTTP) --> 118.215.116.20
Process iexplore.exe (1356) connected on port 80 (HTTP) --> 125.56.181.115
Process iexplore.exe (1356) connected on port 80 (HTTP) --> 144.135.8.190
Process iexplore.exe (1356) connected on port 80 (HTTP) --> 66.102.11.100
Process MpCmdRun.exe (3480) connected on port 443 (HTTP over SSL) --> 65.55.94.222

Process svchost.exe (1032) listens on ports: 135 (RPC)
Process mqsvc.exe (2484) listens on ports: 1026 (RPC), 1801 (MSMQ), 2103 (MSMQ-RPC), 2105 (MSMQ-RPC), 2107 (MSMQ-Mgmt)


Autoruns and critical files
---------------------------
Language Application C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
Acer eLock Service Startup C:\Acer\Empowering Technology\eLock\Service\startelock.exe
Acer Launch Manager C:\Program Files\Launch Manager\LManager.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
eRecovery 2.0 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
Microsoft Malware Protection C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
Microsoft Security Essentials C:\Program Files\Microsoft Security Essentials\msseces.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\regsvr32.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
QuickBooks Automatic Update C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
Realtek AC97 Audio - Event Monitor C:\WINDOWS\ALCMTR.EXE
Realtek Azalia Mixer Selector C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.exe
sonix DefaultSettingEXE C:\WINDOWS\PLFSetL.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
Wistron RunXMLPL C:\Windows\RUNXMLPL.exe
新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE


Browser plugins
---------------
ABR_AUSkey Mozilla Plugin C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
CSI Mozilla Plugin C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll
Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx
Facebook Plugin C:\Documents and Settings\Debbie Reichelt\Application Data\Facebook\npfbplugin_1_0_1.dll
GE Medical Systems iiscomplib C:\WINDOWS\Downloaded Program Files\iiscomplib2.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft ® Windows ® 95, Windows ( C:\WINDOWS\Downloaded Program Files\unicows.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
PEGASUS C:\WINDOWS\Downloaded Program Files\picn20.dll
PEGASUS C:\WINDOWS\Downloaded Program Files\picn6320.dll
PEGASUS C:\WINDOWS\Downloaded Program Files\picn9020.dll
PEGASUS C:\WINDOWS\Downloaded Program Files\picn9120.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
WebViewer C:\WINDOWS\Downloaded Program Files\AmiDicomDirTreeView21.ocx
WebViewer C:\WINDOWS\Downloaded Program Files\AmiViewerLite21.ocx
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Scan
----


No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.05 MB sent, 1.07 KB recvd
Scanned 1089 files and modules - 46 seconds

==============================================================================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP