Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rogue virus, Rootkit.agent, Blue screens and frozen

Started by ruledbychrist , Mar 13 2011 09:16 PM

  • Please log in to reply

#1
ruledbychrist
Posted 13 March 2011 - 09:16 PM

ruledbychrist

    New Member

  • Member
  • Pip
  • 1 posts
Spyware Doctor found a rootkit.agent and also a "rogue" virus. My PC freezes up and runs very slowly. I often get a blue screen when running Rosetta Stone Spanish software. I ran the Cyberdefender Registry Cleaner and the Spyware Doctor apps and let them fix what they could. The "My Clean PC" people told me that the "rogue" virus is not able to be removed by and software. It has to be removed by a person that looks at all the information. Is that true? I am attaching my .txt files to see if you can provide any guidance. Thanks for any help you can provide. Sincerely, Angela

OTL logfile created on: 3/13/2011 9:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 34.63 Gb Free Space | 46.47% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WXP-39B8DB1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 21:18:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/09/29 17:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2010/09/29 17:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/09/24 14:56:04 | 001,599,208 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\SafeEyes.exe
PRC - [2010/09/24 14:56:04 | 000,233,472 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2010/09/24 13:19:08 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\FGuard.exe
PRC - [2010/09/24 13:19:06 | 000,235,472 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/09/15 05:50:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/08/26 13:39:46 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/06/07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/04/30 09:47:00 | 000,069,896 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010/04/22 19:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/18 15:17:38 | 007,258,440 | ---- | M] (CyberDefender) -- C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
PRC - [2009/10/29 14:03:34 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/07 15:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/06 18:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIENA.EXE
PRC - [2007/07/20 23:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
PRC - [2006/10/18 05:22:50 | 000,204,800 | ---- | M] () -- C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
PRC - [2006/06/07 17:05:38 | 000,553,021 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/01 11:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 11:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 11:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 11:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/16 17:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/07 15:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 17:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/29 00:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [1996/11/17 07:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/13 21:18:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/26 13:39:46 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 14:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/08/04 14:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2007/07/20 23:56:14 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/06/07 17:07:04 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2003/10/03 14:21:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/29 17:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/24 14:56:04 | 000,233,472 | ---- | M] (InternetSafety.com, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (seUpdateSvc)
SRV - [2010/09/24 13:19:06 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/26 13:39:46 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/05/04 13:21:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 05:22:50 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe -- (SMS_v3_2_0)
SRV - [2006/05/29 22:27:26 | 000,049,152 | ---- | M] (Sony Cooporation) [On_Demand | Stopped] -- C:\Program Files\Sony\mylo Utility\PcdSptiSvr.exe -- (PcdSptiSvr)
SRV - [2006/05/01 11:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010/10/05 12:10:56 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/08/27 10:26:40 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/08/26 13:39:46 | 000,068,880 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/08/26 13:39:46 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/08/26 13:39:46 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/08/18 14:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 15:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 15:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/12/15 01:30:46 | 000,161,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTQHVSP.sys -- (PTQHVSP) PANTECH HSUSB Diagnostic Serial Port(MSM6290)
DRV - [2009/12/15 01:30:46 | 000,161,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTQHMDM.sys -- (PTQHMDM) PANTECH HSUSB Modem(MSM6290)
DRV - [2009/12/15 01:30:46 | 000,055,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTQHBUS.sys -- (PTQHBUS) PANTECH Handset HSUSB Composite Device(MSM6290)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/11 17:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 17:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 17:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 17:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2007/08/17 20:56:46 | 000,059,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2007/08/17 20:56:40 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2007/08/17 20:56:38 | 000,041,856 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2007/08/17 20:56:34 | 000,029,952 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2006/06/14 12:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/06/07 22:06:58 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/06/07 16:33:34 | 000,855,018 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/06/07 16:29:10 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/11 15:55:34 | 000,093,568 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2006/05/01 11:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 09:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/16 17:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/10 12:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 21:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/17 21:12:40 | 000,204,800 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aarich.sys -- (aarich)
DRV - [2005/02/17 23:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\a320raid.sys -- (a320raid)
DRV - [2004/04/07 17:14:30 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aac.sys -- (aac)
DRV - [2003/04/28 11:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)
DRV - [2003/02/24 13:02:58 | 000,011,029 | ---- | M] (VMware, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...n&refresh=1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost

FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/11/17 10:37:23 | 000,000,000 | ---D | M]

[2010/07/01 16:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/12 08:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\SEToolbar.dll (InternetSafety.com, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\SEToolbar.dll (InternetSafety.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CyberDefender Registry Cleaner] File not found
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\SafeEyes.exe (InternetSafety.com, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CyberDefender Registry Cleaner] C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe (CyberDefender)
O4 - HKCU..\Run: [EPSON Artisan 700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIENA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Artisan 700(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIENA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: //@surf.mar@ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: deductionpro.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1251316126421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E4D88471-7ED7-43E1-B290-205559E8EBB2} https://myinfo.cookc...wser Logoff.dll (logoff Class)
O16 - DPF: {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} https://myinfo.cookc.../MWebEnable.dll (WebEnable Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/28 12:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/01 12:26:54 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2005/01/26 15:42:47 | 000,000,039 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{519ab9b1-2d90-11e0-82bd-0015c53c148e}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{519ab9b1-2d90-11e0-82bd-0015c53c148e}\Shell\Install\command - "" = E:\Setup.exe
O33 - MountPoints2\{fe81ee91-cedb-11de-81c6-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{fe81ee91-cedb-11de-81c6-7a8020000200}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (97122477716537344)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 21:17:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/03/13 20:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/13 20:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/03/13 20:32:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2011/03/12 14:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Roblox
[2011/03/12 14:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RobloxVersions
[2011/03/12 14:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RobloxDownloads
[2011/03/01 19:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberDefender
[2011/03/01 19:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberDefender
[2011/03/01 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[2011/02/25 16:42:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/02/25 16:42:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/02/21 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/13 21:18:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/03/13 20:45:58 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/03/13 20:39:47 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/13 20:32:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2011/03/13 16:19:00 | 000,462,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 16:19:00 | 000,078,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/13 16:13:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/13 16:13:44 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/13 16:13:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 16:13:29 | 1600,249,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 12:48:38 | 000,058,393 | ---- | M] () -- C:\crash.dmp
[2011/03/12 18:11:38 | 000,000,494 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2011/03/12 18:00:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/03/12 16:17:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD3648.FOT
[2011/03/12 16:17:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpF3348.FOT
[2011/03/12 16:17:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp5F448.FOT
[2011/03/12 16:17:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp46248.FOT
[2011/03/12 16:17:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpEB048.FOT
[2011/03/12 16:17:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp82F38.FOT
[2011/03/12 16:17:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3FF38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpE3E38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp96C38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3DA38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp36D38.FOT
[2011/03/12 16:17:55 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpC5938.FOT
[2011/03/12 14:51:58 | 000,001,148 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Play Roblox.lnk
[2011/03/09 15:12:08 | 000,703,234 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/09 15:04:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/08 19:28:22 | 006,684,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Money.mny
[2011/03/08 19:28:18 | 001,485,403 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Money Backup_2011-03-08_182801.mbf
[2011/03/08 18:42:44 | 000,007,057 | ---- | M] () -- C:\WINDOWS\Administrator8.xlb
[2011/03/03 14:34:36 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 00:19:28 | 001,111,503 | R--- | M] () -- C:\My Money Backup_2011-03-01_231916.mbf
[2011/03/02 00:19:13 | 001,111,503 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Money Backup_2011-03-01_231859.mbf
[2011/03/01 19:20:09 | 000,130,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/01 19:12:09 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberDefender Registry Cleaner.lnk
[2011/03/01 19:12:09 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fix PC Errors Now.lnk
[2011/02/28 15:05:52 | 002,505,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Oliver's Cabana.JPG
[2011/02/25 16:37:04 | 000,075,365 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LinkClick.pdf
[2011/02/25 14:38:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpC639C.FOT
[2011/02/25 14:38:33 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpE809C.FOT
[2011/02/25 14:38:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp77C8C.FOT
[2011/02/25 14:38:31 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp46A8C.FOT
[2011/02/25 14:38:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD268C.FOT
[2011/02/25 14:38:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpCC38C.FOT
[2011/02/25 14:38:29 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp7128C.FOT
[2011/02/25 14:38:29 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3208C.FOT
[2011/02/25 14:38:28 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpEBB7C.FOT
[2011/02/25 14:38:28 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp38D7C.FOT
[2011/02/25 14:38:27 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpC597C.FOT
[2011/02/25 14:38:26 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp8677C.FOT
[2011/02/23 17:49:44 | 005,043,807 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\9th grade.pdf
[2011/02/22 12:58:19 | 000,278,528 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2011/02/22 12:58:01 | 000,007,120 | ---- | M] () -- C:\WINDOWS\extend.dat
[2011/02/16 15:12:57 | 001,351,405 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Money Backup_2011-02-16_141209.mbf
[2011/02/15 23:46:49 | 000,046,154 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\profile pic.jpg
[2011/02/15 14:24:40 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Backup of Updating Money.wbk
[2011/02/15 01:31:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/12 22:46:00 | 000,007,583 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2010 shirecreek net income.csv
[2011/02/12 22:45:47 | 000,005,570 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2010 claremont net income.csv
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/13 20:44:56 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/03/12 16:17:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD3648.FOT
[2011/03/12 16:17:58 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpF3348.FOT
[2011/03/12 16:17:58 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp5F448.FOT
[2011/03/12 16:17:58 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp46248.FOT
[2011/03/12 16:17:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpEB048.FOT
[2011/03/12 16:17:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp82F38.FOT
[2011/03/12 16:17:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3FF38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpE3E38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp96C38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3DA38.FOT
[2011/03/12 16:17:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp36D38.FOT
[2011/03/12 16:17:55 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpC5938.FOT
[2011/03/12 14:51:58 | 000,001,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Play Roblox.lnk
[2011/03/08 19:28:18 | 001,485,403 | R--- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Money Backup_2011-03-08_182801.mbf
[2011/03/02 00:19:28 | 001,111,503 | R--- | C] () -- C:\My Money Backup_2011-03-01_231916.mbf
[2011/03/02 00:19:12 | 001,111,503 | R--- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Money Backup_2011-03-01_231859.mbf
[2011/03/01 19:12:09 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberDefender Registry Cleaner.lnk
[2011/03/01 19:12:09 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fix PC Errors Now.lnk
[2011/02/28 16:05:44 | 002,505,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Oliver's Cabana.JPG
[2011/02/25 16:37:04 | 000,075,365 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LinkClick.pdf
[2011/02/25 14:38:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpC639C.FOT
[2011/02/25 14:38:33 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpE809C.FOT
[2011/02/25 14:38:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp77C8C.FOT
[2011/02/25 14:38:31 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp46A8C.FOT
[2011/02/25 14:38:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD268C.FOT
[2011/02/25 14:38:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpCC38C.FOT
[2011/02/25 14:38:29 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp7128C.FOT
[2011/02/25 14:38:29 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3208C.FOT
[2011/02/25 14:38:28 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpEBB7C.FOT
[2011/02/25 14:38:28 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp38D7C.FOT
[2011/02/25 14:38:27 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpC597C.FOT
[2011/02/25 14:38:26 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp8677C.FOT
[2011/02/23 17:49:44 | 005,043,807 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\9th grade.pdf
[2011/02/16 15:12:57 | 001,351,405 | R--- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Money Backup_2011-02-16_141209.mbf
[2011/02/15 23:47:17 | 000,046,154 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\profile pic.jpg
[2011/02/12 21:42:03 | 000,005,570 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2010 claremont net income.csv
[2011/02/12 21:27:32 | 000,007,583 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2010 shirecreek net income.csv
[2010/12/17 09:23:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/11/20 01:06:54 | 000,042,108 | ---- | C] () -- C:\WINDOWS\System32\fun_avutil.dll
[2010/11/20 01:06:53 | 003,566,434 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2010/11/20 01:06:53 | 000,827,392 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4System.dll
[2010/11/20 01:06:53 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4Tools.dll
[2010/11/20 01:06:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4DSF.dll
[2010/11/20 01:06:52 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\AMR.dll
[2010/11/20 01:06:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EvrcDecDll.dll
[2010/11/20 01:06:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\AMRDSF.dll
[2010/08/22 15:31:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 15:47:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/01 15:47:05 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/09 22:05:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/04/09 22:04:28 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/04/09 22:04:27 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/04/03 17:05:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/03/31 11:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/29 12:40:30 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2010/03/29 12:35:35 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/29 12:35:35 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/29 12:35:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/29 12:35:35 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/29 12:35:35 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/29 12:35:35 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/29 12:35:35 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/29 12:35:35 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/29 12:35:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/03/29 12:35:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/29 12:35:34 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/29 12:35:34 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/29 12:35:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/29 12:35:34 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/29 12:35:34 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/29 12:35:34 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/29 12:34:35 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPART700.ini
[2009/11/17 18:07:19 | 000,007,120 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/09/17 23:21:00 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 14:58:59 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2009/08/26 14:58:59 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2009/08/26 14:58:59 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2009/08/26 14:58:59 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2009/08/26 14:58:59 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2009/08/26 14:58:09 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/14 23:58:55 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/05/21 13:33:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/21 13:33:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2009/04/24 18:23:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/24 19:12:18 | 000,004,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinIo.sys
[2006/09/24 19:10:06 | 000,000,798 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/28 12:34:06 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2006/07/28 12:16:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/28 12:10:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/28 05:04:06 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/28 05:03:01 | 000,130,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/01/21 14:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 08:26:07 | 000,462,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 08:26:05 | 000,078,458 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 08:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/11/17 07:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 07:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 07:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 07:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/07/28 12:13:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/03/13 20:32:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2011/03/13 20:33:11 | 000,014,100 | ---- | M] () -- C:\Program Files\hijackthis.log

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/08/26 16:02:30 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/24 23:26:54 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/07/28 12:17:33 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/20 13:36:23 | 031,737,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HRB_At_Home_2010PES_B.exe
[2011/03/13 21:18:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/01 15:28:48 | 036,600,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdasetup.exe
[2010/11/17 10:15:56 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup[1].exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/05/04 13:21:07 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/24 23:26:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini
[2010/06/30 16:56:58 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2006/03/23 17:13:40 | 000,077,824 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hkcmd.exe
[2006/03/23 17:17:50 | 000,118,784 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\igfxpers.exe
[2006/03/23 17:13:30 | 000,163,840 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\igfxsrvc.exe
[2010/09/15 05:50:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\java.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/07/28 05:02:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/07/28 05:02:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/28 05:02:34 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/12 08:17:21 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/12 08:18:15 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/12 08:19:36 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/12 08:20:44 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/12 08:20:45 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/12 08:25:08 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/12 08:25:08 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/12 08:25:08 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/12 08:25:09 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/12 08:25:09 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/12 08:25:11 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/12 08:25:11 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/12 08:25:11 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/12 08:25:12 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/12 08:25:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/12/31 08:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2006/07/28 12:13:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/24 23:25:53 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2011/03/01 19:12:23 | 000,002,398 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2006/07/28 12:13:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/23 14:21:27 | 000,000,000 | ---- | M] () -- C:\conmgr.log
[2011/03/13 12:48:38 | 000,058,393 | ---- | M] () -- C:\crash.dmp
[2011/03/13 12:48:38 | 000,040,774 | ---- | M] () -- C:\crash.log
[2010/11/13 12:01:54 | 000,005,349 | -H-- | M] () -- C:\ffastun.ffa
[2010/11/13 12:01:54 | 000,884,736 | -H-- | M] () -- C:\ffastun.ffl
[2010/11/13 12:01:54 | 000,311,296 | -H-- | M] () -- C:\ffastun.ffo
[2010/11/13 12:01:54 | 003,072,000 | -H-- | M] () -- C:\ffastun0.ffx
[2011/03/13 16:13:29 | 1600,249,856 | -HS- | M] () -- C:\hiberfil.sys
[2006/07/28 12:13:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/28 12:13:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/20 13:40:12 | 001,432,341 | R--- | M] () -- C:\My Money Backup_2011-01-20_124007.mbf
[2011/02/10 21:39:23 | 001,559,687 | R--- | M] () -- C:\My Money Backup_2011-02-10_203913.mbf
[2011/03/02 00:19:28 | 001,111,503 | R--- | M] () -- C:\My Money Backup_2011-03-01_231916.mbf
[2009/06/15 00:03:31 | 000,000,202 | ---- | M] () -- C:\myloUtilitySetup.log
[2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/26 15:54:14 | 000,250,048 | ---- | M] () -- C:\ntldr
[2011/03/13 16:13:27 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/07/27 14:47:41 | 000,004,012 | ---- | M] () -- C:\Rescued Document 1.txt
[2009/07/27 14:47:31 | 000,010,167 | ---- | M] () -- C:\Rescued Document.txt

< %PROGRAMFILES%\*. >
[2009/05/15 15:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/02/21 15:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2010/03/22 16:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Britannica
[2009/05/04 13:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/01/31 21:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/07/28 12:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/04/24 18:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/03/01 19:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\CyberDefender
[2010/05/13 21:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/02/14 12:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\DeductionPro 2009
[2009/04/24 18:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/08/25 15:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/01/31 15:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/03/29 12:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/03/29 12:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2010/03/29 12:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\EpsonNet
[2010/10/01 14:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/25 18:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\HRBlock2009
[2011/01/20 13:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\HRBlock2010
[2010/11/20 19:53:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/24 18:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/21 12:26:55 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Content Filter
[2011/02/25 16:47:11 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/14 02:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/05 23:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/31 21:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Memeo
[2009/08/26 16:52:51 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/07/28 12:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/06/14 14:32:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money Plus
[2010/10/29 10:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/02/16 13:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/15 21:06:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/21 14:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/09/14 10:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/29 10:20:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/07/28 12:09:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/07/28 12:09:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/06/05 15:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/26 15:57:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/08/25 15:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2011/01/14 16:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2011/01/14 16:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/05/21 13:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2006/07/28 12:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 17:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/20 19:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\PANTECH
[2010/08/25 15:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/04/09 22:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\PDF995
[2010/03/21 19:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/09/14 10:05:07 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/05 23:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2010/07/05 23:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/04/27 13:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2010/03/05 20:04:10 | 000,000,000 | ---D | M] -- C:\Program Files\Scholastic
[2011/01/31 21:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2009/04/24 18:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2009/06/15 00:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/06/14 23:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2011/03/13 16:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/06/29 15:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Teaching Textbooks
[2010/01/31 15:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\Tetris Worlds
[2011/03/13 20:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/07/28 12:17:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/26 17:41:25 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2010/08/25 15:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2010/06/28 16:03:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/05/08 18:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/05/07 12:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/05/07 12:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/05/21 13:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Messaging
[2009/08/26 15:57:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/07/28 12:12:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/07/28 12:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/11/10 10:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2006/07/28 05:03:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/12 08:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 08:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 03:05:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/12 08:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/12 08:18:39 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 08:19:04 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/04/26 09:23:52 | 000,250,880 | ---- | M] (Intel Corporation) MD5=1C77A81756D4777CCB0425AE8107FE96 -- C:\WINDOWS\system32\drivers\iastor.sys
[2004/08/12 08:36:15 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/12 08:24:31 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/12 08:27:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2006/05/11 15:55:34 | 000,093,568 | ---- | M] (LSI Logic) MD5=E16380D5911FA00E90452F90F49ED352 -- C:\WINDOWS\system32\drivers\symmpi.sys

< MD5 for: USBSTOR.SYS >
[2004/08/12 08:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/08/26 14:57:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsMake sure Use Safe List is selected under all categories >
Invalid Switch: rsMake sure Use Safe List is selected under all categories


< Make sure both Purity Check and LOP Check are selected >

< Make sure File Age is set to 30 days >

< Click the Run Scan button. >

< >

< When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. >

< >

< Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time into your thread >

< Note: in the event that OTL fails to run, please use alternate download links to try again: >

< >

< http://www.itxassoci...T-Tools/OTL.scr >
Invalid Switch: OTL.scr


< http://www.itxassoci...T-Tools/OTL.com >
Invalid Switch: OTL.com


< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

< -------------------------------------------------------------------------------- >

< Last edited by Crush; 11-08-2010 at 11:43 PM. Reason: Updated color of Run Scan :D >

< >

< >

< Crush >

< View Public Profile >

< Find More Posts by Crush >

< Add Crush to Your Contacts >

< >

< My System Information >

< CPU: XPS M1210 >

< Motherboard: Factory Motherboard >

< Mem: 2 GB 667MHz DDR2 SDRAM >

< HDD: 80 GB @7200 RPM >

< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >

< Sound: SigmaTel HD Audio Codec >

< OS: Windows XP Media Center Edition >

< Monitor: 12.1" WXGA with TrueLife (1280x800) >

< ISP: Verizon >

< >

< 09-24-2010 #3 >

< Crush >

< Security Team Leader >

< >

< >

< >

< >

< >

< >

< Join Date: Sep 2008 >

< Location: Caldwell, New Jersey >

< Posts: 16,973 >

< PC Experience: Always Learning New Things Instructions Part 2 >

< >

< -------------------------------------------------------------------------------- >

< >

< Instructions Part 2: Check the Master Boot Record (MBR) >

< >

< Download MBRCheck to your desktop. >

< >

< Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator). >

< It will show a black screen with some data on it. >

< A report called MBRcheckxxxx.txt will be on your desktop >

< Open this report and post its content in your thread. >

< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

< -------------------------------------------------------------------------------- >

< Last edited by Crush; 09-29-2010 at 10:31 AM. >

< >

< >

< Crush >

< View Public Profile >

< Find More Posts by Crush >

< Add Crush to Your Contacts >

< >

< My System Information >

< CPU: XPS M1210 >

< Motherboard: Factory Motherboard >

< Mem: 2 GB 667MHz DDR2 SDRAM >

< HDD: 80 GB @7200 RPM >

< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >

< Sound: SigmaTel HD Audio Codec >

< OS: Windows XP Media Center Edition >

< Monitor: 12.1" WXGA with TrueLife (1280x800) >

< ISP: Verizon >

< >

< 09-24-2010 #4 >

< Crush >

< Security Team Leader >

< >

< >

< >

< >

< >

< >

< Join Date: Sep 2008 >

< Location: Caldwell, New Jersey >

< Posts: 16,973 >

< PC Experience: Always Learning New Things Extra Notes >

< >

< -------------------------------------------------------------------------------- >

< >

< Extra Notes: >

< >

< Please note: It is common for a computer to appear free from malware even when the malware has not been completely removed. Although your computer appears to be clean after following the Prework, to avoid further problems, or even re-infection, please post the requested logs in order to have a Security Analyst verify that all traces are removed. Thank you for your cooperation. >

< >

< Also note: Each set of instructions is specifically tailored to the user that has posted with the issues. Following the instructions posted to another user when you yourself are infected is inadvisable, and could potentially result in your computer being rendered unbootable. If you think you are infected please do not hesitate to post. >

< >

< IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. The PCHF Security Team will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those used to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. >

< >

< Because of this, we advise you to backup any personal files and folders before you start. >

< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

< -------------------------------------------------------------------------------- >

< Last edited by Crush; 12-06-2010 at 12:43 PM. Reason: Fixed a typo >

< >

< >

< Crush >

< View Public Profile >

< Find More Posts by Crush >

< Add Crush to Your Contacts >

< >

< My System Information >

< CPU: XPS M1210 >

< Motherboard: Factory Motherboard >

< Mem: 2 GB 667MHz DDR2 SDRAM >

< HDD: 80 GB @7200 RPM >

< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >

< Sound: SigmaTel HD Audio Codec >

< OS: Windows XP Media Center Edition >

< Monitor: 12.1" WXGA with TrueLife (1280x800) >

< ISP: Verizon >

< >

< 09-24-2010 #5 >

< Crush >

< Security Team Leader >

< >

< >

< >

< >

< >

< >

< Join Date: Sep 2008 >

< Location: Caldwell, New Jersey >

< Posts: 16,973 >

< PC Experience: Always Learning New Things P2P Issues >

< >

< -------------------------------------------------------------------------------- >

< >

< Person To Person (P2P) File sharing Programs: >

< >

< The following post denotes the perils of P2P file sharing today: >

< Warnings Regarding P2P Sharing Sites >

< >

< Please Note: As long as you have any P2P/cracked/warez program(s) installed, as per the PCHF Rules, PCHF Security Analysts will not be able to offer you assistance. >
Invalid Switch: warez program(s) installed, as per the PCHF Rules, PCHF Security Analysts will not be able to offer you assistance.


< >

< Please remove any and all P2P Clients, etc. before proceding. In the case of your operating system, please obtain a valid licensed copy before requesting assistance. Read more here. >

< >

< It takes an enormous amount of time, dedication, reading, research, and experience to learn how to recognize, and effectively remove today's malware. HijackThis has its uses, but no longer provides enough information in regard to today's malware which is why we use the scanning tools such as OTL etc. >

< >

< Should you encounter any issues when running any of these programs please make a note of it and move on to the next step. Once you're done and ready to post, please let us know of any of these types of issues. >

< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

< -------------------------------------------------------------------------------- >

< Last edited by Crush; 10-13-2010 at 10:00 PM. >

< >

< >

< Crush >

< View Public Profile >

< Find More Posts by Crush >

< Add Crush to Your Contacts >

< >

< My System Information >

< CPU: XPS M1210 >

< Motherboard: Factory Motherboard >

< Mem: 2 GB 667MHz DDR2 SDRAM >

< HDD: 80 GB @7200 RPM >

< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >

< Sound: SigmaTel HD Audio Codec >

< OS: Windows XP Media Center Edition >

< Monitor: 12.1" WXGA with TrueLife (1280x800) >

< ISP: Verizon >

< >

< 09-24-2010 #6 >

< Crush >

< Security Team Leader >

< >

< >

< >

< >

< >

< >

< Join Date: Sep 2008 >

< Location: Caldwell, New Jersey >

< Posts: 16,973 >

< PC Experience: Always Learning New Things What To Do When Posting >

< >

< -------------------------------------------------------------------------------- >

< >

< What To Do When Posting: >

< >

< When posting a new thread for the PCHF Security team please observe the following: >

< >

< Describe your issue/problem in DETAIL!. We cannot second guess as to what your issue(s) may be. Please provide as much detail as possible, including virus/Trojan/worm names and locations if available. The more information you can give us the better we can help >
Invalid Switch: worm names and locations if available. The more information you can give us the better we can help


< Post the logs that we've specifically requested for you to. >

< DO NOT Wrap the log using Quote or Code tags. (DO make sure notepad word-wrap is OFF) >

< DO NOT Post another Program’s log (Unless we specifically ask for it) >

< DO NOT Cut off the header of any log (It contains important information for the Analyst) >

< DO NOT Private Message the Analyst unless asked to do so. >

< DO NOT post live suspicious links. We do appreciate that you want to give as much information as possible, but the links need to be munged. Please make sure before sending your post, the options are checked like so: >

< >

< >

< Please include all requested logs from this PreWork. >

< Post NEW THREADS ONLY here; New HijackThis Logs Forum >

< If you have a current thread; post the logs in your thread, and one of the staff will move your thread to the HJT Forum for you. >

< Please include a detailed description of the problem you are having, be as specific as possible, and tell us any symptoms, scans you may have already done, other than PreWork, and also any hard or software that you may have installed prior to the odd behavior starting. >

< When a Security Analyst replies to your thread, it will be moved to the In Progress section. >

< To include a log - Simply copy and paste it into your thread. Only attach if directed. >

< To attach a log - Click Add Reply. Scroll down and choose Manage Attachments. Click the Browse button. Browse to the location of the log and click Ok. Hit Attach. >

< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

< -------------------------------------------------------------------------------- >

< Last edited by Crush; 10-11-2010 at 02:39 PM. >

< >

< >

< Crush >

< View Public Profile >

< Find More Posts by Crush >

< Add Crush to Your Contacts >

< >

< My System Information >

< CPU: XPS M1210 >

< Motherboard: Factory Motherboard >

< Mem: 2 GB 667MHz DDR2 SDRAM >

< HDD: 80 GB @7200 RPM >

< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >

< Sound: SigmaTel HD Audio Codec >

< OS: Windows XP Media Center Edition >

< Monitor: 12.1" WXGA with TrueLife (1280x800) >

< ISP: Verizon >

< >

< 09-24-2010 #7 >

< Crush >

< Security Team Leader >

< >

< >

< >

< >

< >

< >

< Join Date: Sep 2008 >

< Location: Caldwell, New Jersey >

< Posts: 16,973 >

< PC Experience: Always Learning New Things Personal Information Removal >

< >

< -------------------------------------------------------------------------------- >

< >

< Removing Personal Information: >

< >

< Many times in the various log files generated there may be entries that show personal information, such as your name. >

< >

< You may edit your name or other identifying information out of these entries, if you wish, prior to posting your logs into the Forum. It is often difficult (or impossible) for the Staff to edit these out of a post once posted. >

< >

< Pre-post editing is much easier than you might think. >

< >

< When the log in question shows in Notepad, BEFORE you copy it to the Forum, please hit the Ctrl + A keys. This will highlight the entire log. Next hit the Ctrl + H keys. This will bring up the Replace utility, and allow you to exchange your name or other identifying information as many times as it occurs, all at one time. Use asterisk to replace any information that you need to. >

< >

< See an example below, it may take a minute or so more time, but will help us and protect you. >

< >

< >

< ComboFix 09-02-21.01 - *******l 2009-02-23 18:58:08.2 - NTFSx86 >

< Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2936.1865 [GMT -8:00] >

< Running from: c:\users\*******\Desktop\ComboFix.exe >

< FW: ZoneAlarm Anti-virus Firewall *disabled* >

< Note the *** places where the username was replaced with **** >

< >

< IMPORTANT! DO NOT change any information other than the information that could personally identify you. Logs that are purposely falsified will only serve to defeat what Security Staff Members are trying to do for you, and may make it impossible to properly clean your computer. >

< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

< -------------------------------------------------------------------------------- >

< Last edited by Crush; 09-29-2010 at 10:33 AM. >

< >

< >

< Crush >

< View Public Profile >

< Find More Posts by Crush >

< Add Crush to Your Contacts >

< >

< My System Information >

< CPU: XPS M1210 >

< Motherboard: Factory Motherboard >

< Mem: 2 GB 667MHz DDR2 SDRAM >

< HDD: 80 GB @7200 RPM >

< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >

< Sound: SigmaTel HD Audio Codec >

< OS: Windows XP Media Center Edition >

< Monitor: 12.1" WXGA with TrueLife (1280x800) >

< ISP: Verizon >

< >

< 09-24-2010 #8 >

< Crush >

< Security Team Leader >

< >

< >

< >

< >

< >

< >

< Join Date: Sep 2008 >

< Location: Caldwell, New Jersey >

< Posts: 16,973 >

< PC Experience: Always Learning New Things Disclaimer >

< >

< -------------------------------------------------------------------------------- >

< >

< Disclaimer: >

< >

< PC Help Forum shall not be held liable for any issues resulting from the following: direct,indirect, incidental, special, consequential, or exemplary damages. >

< >

< Administrators and other specialized staff including Tech Staff, Sec Staff, and Mod Staff, are the only users whom you shall receive any trusted advice on fixing your computer. >

< >

< However, we cannot account for any damages arising from fixing your computer, since the results of removing malware are unpredictable. Approximately 75% of computers infected with malware are fixable; however, the latter margin is prone to issues beyond our control. >

< >

< If your computer happens to be in the latter margin, we will do our best to help you through the process of recovering your data, and if need be - reformat and reinstall your operating system. >

< >

< By starting a new topic, you agree to the disclaimer and are aware of the risks involved in malware removal. >

< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

< -------------------------------------------------------------------------------- >

< Last edited by Crush; 09-29-2010 at 10:33 AM. >

< >

< >

< Crush >

< View Public Profile >

< Find More Posts by Crush >

< Add Crush to Your Contacts >

< >

< My System Information >

< CPU: XPS M1210 >

< Motherboard: Factory Motherboard >

< Mem: 2 GB 667MHz DDR2 SDRAM >

< HDD: 80 GB @7200 RPM >

< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >

< Sound: SigmaTel HD Audio Codec >

< OS: Windows XP Media Center Edition >

< Monitor: 12.1" WXGA with TrueLife (1280x800) >

< ISP: Verizon >

< >

< 11-02-2010 #9 >

< Crush >

< Security Team Leader >

< >

< >

< >

< >

< >

< >

< Join Date: Sep 2008 >

< Location: Caldwell, New Jersey >

< Posts: 16,973 >

< PC Experience: Always Learning New Things Re: [Prework] Please Read Before Posting >

< >

< -------------------------------------------------------------------------------- >

< >

< Can't Post Your Logs? >

< >

< Occasionally the character limit on a post or the maximum upload size for an attachment is exceeded due to the length of the logs. >

< >

< If you encounter an error when posting please post them zipped as an attachment. To zip the file into an uploadable archive you can use either WinRAR or 7-Zip. >

< >

< Still having difficulty uploading files? You can email the files to pchffiles[AT]gmail[DOT]com or upload them to Megaupload or Rapidshare >

< >

< Note: If you use the email method please still post and let us know in your thread as it is not checked every day. >

< __________________ >

< >

< If i have not responded within 24 hours and I am helping you please PM me >

< Handy links: Prework|Afterwork|PCHF Rules|Donate >

< >

< >

< >

[color=#A23BEC]< -------------------------------------------------------------------------------- >[/color]

[color=#A23BEC]< Last edited by Crush; 11-02-2010 at 12:43 PM. >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Crush >[/color]

[color=#A23BEC]< View Public Profile >[/color]

[color=#A23BEC]< Find More Posts by Crush >[/color]

[color=#A23BEC]< Add Crush to Your Contacts >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< My System Information >[/color]

[color=#A23BEC]< CPU: XPS M1210 >[/color]

[color=#A23BEC]< Motherboard: Factory Motherboard >[/color]

[color=#A23BEC]< Mem: 2 GB 667MHz DDR2 SDRAM >[/color]

[color=#A23BEC]< HDD: 80 GB @7200 RPM >[/color]

[color=#A23BEC]< Video: 256MB NVIDIA GeForce Go 7400 TurboCache >[/color]

[color=#A23BEC]< Sound: SigmaTel HD Audio Codec >[/color]

[color=#A23BEC]< OS: Windows XP Media Center Edition >[/color]

[color=#A23BEC]< Monitor: 12.1" WXGA with TrueLife (1280x800) >[/color]

[color=#A23BEC]< ISP: Verizon >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Tags >[/color]

[color=#A23BEC]< aka, follow, hijackthis, information, Information:, instructions, log, posting, prework, read, [Information] >[/color]

[color=#A23BEC]< Similar Threads >[/color]

[color=#A23BEC]< Thread Forum >[/color]

[color=#A23BEC]< Read Before Following Prework Instructions [New] Hijackthis! Logs >[/color]

[color=#A23BEC]< Posting Screenshots New Member Site Support >[/color]

[color=#A23BEC]< Motherboard not Posting? Motherboards >[/color]

[color=#A23BEC]< [Pending] Read only checkbox stays on read only Windows XP/2000 >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< « - | PC Runs Slow? It May Not Be Malware Related » >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< LinkBacks (?) >[/color]

[color=#A23BEC]< LinkBack to this Thread: http://www.pchelpfor...re-posting.html >[/color]
Invalid Switch: 11849-prework-please-read-before-posting.html


[color=#A23BEC]< Posted By For Type Date >[/color]

[color=#A23BEC]< Virus Help - eBaum Nation Forum This thread Refback 09-14-2009 06:02 PM >[/color]

[color=#A23BEC]< Virus Help - eBaum Nation Forum This thread Refback 09-13-2009 07:27 PM >[/color]

[color=#A23BEC]< SuperAntiSpyware 4.28.1008 - alt.comp.freeware | Google Groups This thread Refback 09-10-2009 09:34 PM >[/color]

[color=#A23BEC]< Virus help. - eBaum Nation Forum This thread Refback 09-02-2009 09:09 PM >[/color]

[color=#A23BEC]< Virus help. - eBaum Nation Forum This thread Refback 09-02-2009 08:58 PM >[/color]

[color=#A23BEC]< How to get rid of my malware! - Habboing.com This thread Refback 08-27-2009 05:27 PM >[/color]

[color=#A23BEC]< malwarebytes gratuito quale versione? | VIRGILIO Ricerca | Web This thread Refback 08-10-2009 05:01 AM >[/color]

[color=#A23BEC]< My computer doesn't allow me to open ANY programs, even INTERNET! HELP!? - Yahoo! Answers This thread Refback 08-04-2009 08:25 PM >[/color]

[color=#A23BEC]< MAJOR Anti - virus Help Needed This thread Refback 07-16-2009 03:31 PM >[/color]

[color=#A23BEC]< Virus problem/not an administrator - Blackgirl Online This thread Refback 07-12-2009 06:00 AM >[/color]
Invalid Switch: not an administrator - Blackgirl Online This thread Refback 07-12-2009 06:00 AM


[color=#A23BEC]< Virus problem/not an administrator - Blackgirl Online This thread Refback 06-25-2009 03:23 AM >[/color]
Invalid Switch: not an administrator - Blackgirl Online This thread Refback 06-25-2009 03:23 AM


[color=#A23BEC]< Virus problem/not an administrator - Blackgirl Online This thread Refback 06-23-2009 02:10 AM >[/color]
Invalid Switch: not an administrator - Blackgirl Online This thread Refback 06-23-2009 02:10 AM


[color=#A23BEC]< DT Vintage Fans &bull; View topic - What the... AGAIN????? This thread Refback 05-23-2009 03:52 PM >[/color]

[color=#A23BEC]< Virus that blocks certain websites? - Yahoo! Answers This thread Refback 05-22-2009 11:10 PM >[/color]

[color=#A23BEC]< How to remove Msn Messenger Virus? - Yahoo! UK & Ireland Answers This thread Refback 05-18-2009 10:20 AM >[/color]

[color=#A23BEC]< Is My Site Being Hijacked? This thread Refback 04-05-2009 03:00 PM >[/color]

[color=#A23BEC]< MAJOR Anti - virus Help Needed This thread Refback 03-10-2009 01:07 PM >[/color]

[color=#A23BEC]< Vista gadgets « How-To Geek Forums This thread Refback 03-06-2009 09:09 PM >[/color]

[color=#A23BEC]< Vista gadgets « How-To Geek Forums This thread Refback 03-06-2009 08:40 PM >[/color]

[color=#A23BEC]< If you need help with viruses on your PC look here - globaldjnetwork This thread Refback 03-06-2009 11:46 AM >[/color]

[color=#A23BEC]< Vista gadgets « How-To Geek Forums This thread Refback 03-06-2009 06:56 AM >[/color]

[color=#A23BEC]< If you need help with viruses on your PC look here - globaldjnetwork This thread Refback 03-05-2009 04:11 AM >[/color]

[color=#A23BEC]< DT Vintage Fans &bull; View topic - Her Majesty's Holy Bible This thread Refback 02-22-2009 08:18 PM >[/color]

[color=#A23BEC]< AT Forums > Please, Please! Will someone help me with my computer! This thread Refback 02-09-2009 01:19 AM >[/color]

[color=#A23BEC]< Pc Virus This thread Refback 02-01-2009 03:39 PM >[/color]

[color=#A23BEC]< How do i reset my whole hp lab top computer system it is just moving to slow and it wont let me go on line ? - Yahoo! Answers This thread Refback 01-26-2009 07:49 PM >[/color]

[color=#A23BEC]< I think my computer is infected This thread Refback 01-20-2009 06:26 AM >[/color]

[color=#A23BEC]< I think my computer is infected This thread Refback 01-20-2009 01:25 AM >[/color]

[color=#A23BEC]< 204 infected files on my computer? - Yahoo! UK & Ireland Answers This thread Refback 01-09-2009 11:07 PM >[/color]

[color=#A23BEC]< So, maybe the admins should do something about this Trojan virus *#+##+#$. - General - The Lounge » - Nike Talk - Message Board - Yuku This thread Refback 01-09-2009 10:29 AM >[/color]

[color=#A23BEC]< So, maybe the admins should do something about this Trojan virus *#+##+#$. - General - The Lounge » - Nike Talk - Message Board - Yuku This thread Refback 01-06-2009 06:25 PM >[/color]

[color=#A23BEC]< So, maybe the admins should do something about this Trojan virus *#+##+#$. - General - The Lounge » - Nike Talk - Message Board - Yuku This thread Refback 01-05-2009 02:22 PM >[/color]

[color=#A23BEC]< What is this website is it a key logger or a virus plz i need help? - Yahoo! Answers This thread Refback 12-29-2008 08:56 AM >[/color]

[color=#A23BEC]< Ceramic Tile Advice Forums - John Bridge Ceramic Tile - All versions of Internet Explorer are vulnerable to an attack... This thread Refback 12-19-2008 11:41 PM >[/color]

[color=#A23BEC]< How can I speed up my Laptop? - Yahoo! UK & Ireland Answers This thread Refback 12-19-2008 10:33 AM >[/color]

[color=#A23BEC]< So, maybe the admins should do something about this Trojan virus *#+##+#$. - General - The Lounge » - Nike Talk - Message Board - Yuku This thread Refback 12-17-2008 10:57 PM >[/color]

[color=#A23BEC]< mob3 - Sharing our Computing Experience This thread Refback 12-16-2008 02:36 PM >[/color]

[color=#A23BEC]< So, maybe the admins should do something about this Trojan virus *#+##+#$. - General - The Lounge » - Nike Talk - Message Board - Yuku This thread Refback 12-14-2008 02:56 PM >[/color]

[color=#A23BEC]< who is the mob3 comedian This thread Refback 12-13-2008 02:40 AM >[/color]

[color=#A23BEC]< problem with itunes !!! This thread Refback 12-12-2008 04:25 PM >[/color]

[color=#A23BEC]< How to remove Trojan.Win32.Obfuscated.fpn n its givin windows cant find resycled\boot.com? - Yahoo! Answers This thread Refback 12-06-2008 12:13 AM >[/color]

[color=#A23BEC]< Pre-work HiJackThis logs. This thread Refback 12-04-2008 11:40 AM >[/color]

[color=#A23BEC]< Pre-work HiJackThis logs. This thread Refback 12-04-2008 10:48 AM >[/color]

[color=#A23BEC]< Virus that blocks certain websites? - Yahoo! Answers This thread Refback 11-30-2008 04:02 PM >[/color]

[color=#A23BEC]< How to remove Trojan.Win32.Obfuscated.fpn n its givin windows cant find resycled\boot.com? - Yahoo! UK & Ireland Answers This thread Refback 11-12-2008 02:34 PM >[/color]

[color=#A23BEC]< How to remove Trojan.Win32.Obfuscated.fpn n its givin windows cant find resycled\boot.com? - Yahoo! Answers This thread Refback 11-11-2008 03:35 PM >[/color]

[color=#A23BEC]< DT Vintage Fans &bull; View topic - Scotty and Jeremy! READ THIS! This thread Refback 11-10-2008 09:17 AM >[/color]

[color=#A23BEC]< Need help I got a Trojan or something? - Yahoo! Answers This thread Refback 11-07-2008 05:26 PM >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Currently Active Users Viewing This Thread: 4 (1 members and 3 guests) >[/color]

[color=#A23BEC]< ruledbychrist >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Thread Tools >[/color]

[color=#A23BEC]< Show Printable Version >[/color]

[color=#A23BEC]< Email this Page >[/color]

[color=#A23BEC]< Subscribe to this Thread >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Search this Thread >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Advanced Search >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Rate This Thread >[/color]

[color=#A23BEC]< Excellent >[/color]

[color=#A23BEC]< Good >[/color]

[color=#A23BEC]< Average >[/color]

[color=#A23BEC]< Bad >[/color]

[color=#A23BEC]< Terrible >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Posting Rules >[/color]

[color=#A23BEC]< You may post new threads >[/color]

[color=#A23BEC]< You may post replies >[/color]

[color=#A23BEC]< You may post attachments >[/color]

[color=#A23BEC]< You may edit your posts >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< -------------------------------------------------------------------------------- >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< BB code is On >[/color]

[color=#A23BEC]< Smilies are On >[/color]

[color=#A23BEC]< [IMG] code is On >[/color]

[color=#A23BEC]< HTML code is Off >[/color]

[color=#A23BEC]< Trackbacks are Off >[/color]

[color=#A23BEC]< Pingbacks are Off >[/color]

[color=#A23BEC]< Refbacks are On >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< -------------------------------------------------------------------------------- >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Forum Rules >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Site Map - Top >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< All times are GMT -6. The time now is 08:14 PM. >[/color]

[color=#A23BEC]< Powered by vBulletin >[/color]

[color=#A23BEC]< Copyright ©2000 - 2011, Jelsoft Enterprises Ltd. >[/color]

[color=#A23BEC]< SEO by vBSEO 3.5.2 >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Contact Us | Privacy Policy | Site Disclaimer | Terms of Service | Lost Password? >[/color]

[color=#A23BEC]< © 2004-2011 digital68 Ltd. All Rights Reserved - CopyScape Protected Content >[/color]

[color=#A23BEC]< LinkBack >[/color]

[color=#A23BEC]< LinkBack URL >[/color]

[color=#A23BEC]< About LinkBacks >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 3/13/2011 9:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 34.63 Gb Free Space | 46.47% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WXP-39B8DB1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\RS2.2.1.0Asms\Rosetta Stone.exe" = C:\Program Files\Rosetta Stone\RS2.2.1.0Asms\Rosetta Stone.exe:*:Enabled:Rosetta Stone Application -- (Macromedia, Inc.)
"C:\Program Files\Rosetta Stone\RS2.2.1.0Asms\Discover.exe" = C:\Program Files\Rosetta Stone\RS2.2.1.0Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool -- (Fairfield Language Technologies)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment -- (Sun Microsystems, Inc.)
"C:\Program Files\Rosetta Stone\SMS v3.2.0hs\server.exe" = C:\Program Files\Rosetta Stone\SMS v3.2.0hs\server.exe:*:Enabled:SMS Server v3.2.0hs -- ()
"C:\Program Files\Rosetta Stone\SMS v3.2.0hs\admin.exe" = C:\Program Files\Rosetta Stone\SMS v3.2.0hs\admin.exe:*:Enabled:SMS Admin v3.2.0hs -- ()
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\InetCntrl\InetCntrl.exe" = C:\WINDOWS\system32\InetCntrl\InetCntrl.exe:*:Enabled:Bsecure Internet Protection Services - Application
"D:\Common\EasyInstall\EasyInstall.exe" = D:\Common\EasyInstall\EasyInstall.exe:*:Enabled:EasyInstall


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18886756-CD05-41C4-9EAC-AF4C2F30D080}" = mylo Utility 1.0.00
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC26D3D-3FA4-40C7-8957-FBC32289BB51}" = Pantech PCSuite
"{529A52D1-5521-436B-83AB-1322780DCDAD}" = H&R Block Premium + Efile + State 2010
"{5B5FE75F-A999-45e7-AE6B-5B85E1DD0577}" = PANTECH Handset USB Driver V2
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682A2953-FF3B-42DE-B80A-D711FF94B1C8}" = Rosetta Stone 2.2.1.0Asms
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE18AB5-540B-4981-87D5-6CF7E923D983}_is1" = CyberDefender Registry Cleaner
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0CE255-7AE1-48FB-ABA4-4347574CF40C}" = COM-1 Operating Instructions (English)
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3F33D3-E2BC-4BAE-93AB-41700072F680}" = Pantech PCSuite
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C3FA280D-3AE4-43F3-AFB5-D459B36A05B7}" = Safe Eyes
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Browser Defender_is1" = Browser Defender 3.0
"Canon SELPHY CP740" = Canon SELPHY CP740
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Artisan 700 Series" = EPSON Artisan 700 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"GoToAssist" = GoToAssist 8.0.0.514
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{682A2953-FF3B-42DE-B80A-D711FF94B1C8}" = Rosetta Stone 2.2.1.0Asms
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math 7 Teaching Textbook" = Math 7 Teaching Textbook
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2008b" = Microsoft Money Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RegCure" = RegCure
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Spyware Doctor" = Spyware Doctor
"Student Management System v3.2.0hs" = Student Management System v3.2.0hs
"Tetris Worlds" = Tetris Worlds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Software Update" = Yahoo! Software Update

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Administrator

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/9/2011 12:45:06 AM | Computer Name = WXP-39B8DB1 | Source = Windows Search Service | ID = 9002
Description = The Windows Search Service cannot load the property store information.

Context:
Windows Application, SystemIndex Catalog Details: 0x%08x (0x8004117f - The content
index server cannot update or access information because of a database error.
Stop and restart the search service. If the problem persists, reset and recrawl
the content index. In some cases it may be necessary to delete and recreate the
content index. )

Error - 3/9/2011 12:45:06 AM | Computer Name = WXP-39B8DB1 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index metadata cannot
be read. (0xc0041801)

Error - 3/9/2011 12:45:08 AM | Computer Name = WXP-39B8DB1 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (0x80070490)


Error - 3/9/2011 12:45:08 AM | Computer Name = WXP-39B8DB1 | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index metadata cannot be read. (0xc0041801)


Error - 3/9/2011 12:45:08 AM | Computer Name = WXP-39B8DB1 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index metadata cannot be read. (0xc0041801)

Error - 3/9/2011 3:57:54 PM | Computer Name = WXP-39B8DB1 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 3/11/2011 8:27:12 PM | Computer Name = WXP-39B8DB1 | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

Error - 3/12/2011 7:27:45 PM | Computer Name = WXP-39B8DB1 | Source = Application Hang | ID = 1002
Description = Hanging application iFrmewrk.exe, version 10.1.1.19, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/13/2011 1:48:42 PM | Computer Name = WXP-39B8DB1 | Source = Application Error | ID = 1000
Description = Faulting application safeeyes.exe, version 6.0.240.0, faulting module
unknown, version 0.0.0.0, fault address 0xf18b56ec.

Error - 3/13/2011 5:24:16 PM | Computer Name = WXP-39B8DB1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/13/2011 5:45:52 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/13/2011 5:46:09 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/13/2011 5:46:09 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/13/2011 5:50:43 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/13/2011 5:50:43 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/13/2011 5:51:26 PM | Computer Name = WXP-39B8DB1 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.4 for the Network Card with network address
0013025572D1 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a
DHCPNACK message).

Error - 3/13/2011 5:51:47 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/13/2011 5:51:47 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/13/2011 6:12:05 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/13/2011 6:12:05 PM | Computer Name = WXP-39B8DB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP