Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 5.1.2600 Service Pack 3
5/3/2009 8:17:03 AM
mbam-log-2009-05-03 (08-17-03).txt
Scan type: Quick Scan
Objects scanned: 82778
Time elapsed: 3 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:17492 Mo/Free:3617 Mo)
D:\ [Fixed] - NTFS - (Total:17516 Mo/Free:1051 Mo)
E:\ [Fixed] - NTFS - (Total:35000 Mo/Free:2125 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Sun 05/03/2009| 8:32
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
---------- C:\WINDOWS\system32\lxdccoms.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
---------- C:\WINDOWS\System32\imapi.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Safari\Safari.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\system32\drwtsn32.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/03/2009| 8:33
----------------------\\ Scan completed at 8:33
OTListIt logfile created on: 5/3/2009 11:54:37 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Judge\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 87.72% Memory free
3.85 Gb Paging File | 3.78 Gb Available in Paging File | 98.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.08 Gb Total Space | 5.60 Gb Free Space | 32.77% Space Free | Partition Type: NTFS
Drive D: | 17.11 Gb Total Space | 17.03 Gb Free Space | 99.54% Space Free | Partition Type: NTFS
Drive E: | 34.18 Gb Total Space | 34.08 Gb Free Space | 99.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CONRAD-OSTIISH0
Current User Name: Judge
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Judge\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ioloFileInfoList [Auto | Stopped]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Stopped]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lxdc_device [Auto | Stopped]) -- C:\WINDOWS\system32\lxdccoms.exe ( )
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (UMWdf [Auto | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WMConnectCDS [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (FileDisk [System | Stopped]) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (mxcard [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mxcard.sys (Moxa Technologies Co., Ltd.)
DRV - (mxport [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mxport.sys (Moxa Technologies Co., Ltd.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pmem [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pmemnt.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (XPacket [Boot | Running]) -- C:\WINDOWS\System32\xpacket.sys (iolo technologies, LLC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bsafehome.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.epix.net/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/10/19 11:00:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/01 16:20:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/01/06 16:54:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/01/03 18:29:42 | 00,000,000 | ---D | M]
[2008/08/29 09:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judge\Application Data\mozilla\Extensions
[2008/08/29 09:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judge\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/02/23 13:16:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judge\Application Data\mozilla\Firefox\Profiles\1zjrxy3b.default\extensions
[2008/06/19 19:17:17 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\Judge\Application Data\Mozilla\FireFox\Profiles\1zjrxy3b.default\searchplugins\jeeves.xml
[2008/05/26 07:10:36 | 00,001,944 | ---- | M] () -- C:\Documents and Settings\Judge\Application Data\Mozilla\FireFox\Profiles\1zjrxy3b.default\searchplugins\msn.xml
[2008/06/19 19:17:17 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Judge\Application Data\Mozilla\FireFox\Profiles\1zjrxy3b.default\searchplugins\wikipedia.xml
[2008/08/29 09:09:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/03 18:29:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/03 18:29:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/01/03 18:29:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/01 19:45:37 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/01 19:45:37 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/01 19:45:37 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/01 19:45:37 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/01 19:45:37 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/28 05:37:19 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/08/28 05:37:19 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/01/01 19:45:37 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/01 19:45:37 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found
O4 - HKLM..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" rstrq ()
O4 - HKLM..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" ()
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" (Lexmark)
O4 - HKLM..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S (Uniblue Software)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\iavlsp.dll (iolo technologies, LLC)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1140497025062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\araraswi.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/21 00:33:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/03 11:26:57 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judge\Desktop\OTListIt2.exe
[2009/05/03 08:32:22 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/03 08:31:50 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Judge\Desktop\Rooter.exe
[2009/05/03 08:13:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judge\Application Data\Malwarebytes
[2009/05/03 08:13:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/03 08:13:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/03 08:13:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/03 08:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/03 08:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/03 08:12:18 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Judge\Desktop\mbam-setup-2.exe
[2009/05/03 08:11:44 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Judge\Desktop\mbam-setup-1.exe
[2009/05/03 08:11:34 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Judge\Desktop\mbam-setup.exe
[2009/05/03 08:11:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/03 08:10:29 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\Judge\Desktop\NTREGOPT.lnk
[2009/05/03 08:10:29 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\Judge\Desktop\ERUNT.lnk
[2009/05/03 08:10:29 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/03 08:09:48 | 00,265,683 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Judge\Desktop\erunt_setup-2.exe.download
[2009/05/03 08:09:41 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Judge\Desktop\erunt_setup-1.exe
[2009/05/03 08:09:09 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Judge\Desktop\erunt_setup.exe
[2009/05/03 08:08:20 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Judge\Desktop\SysRestorePoint.exe
[2009/05/02 13:01:08 | 00,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2009/05/02 12:50:20 | 00,118,784 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iavlsp.dll
[2009/05/02 12:50:18 | 00,936,288 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/05/02 12:50:18 | 00,000,899 | ---- | C] () -- C:\Documents and Settings\Judge\Desktop\System Mechanic Professional.lnk
[2009/05/02 12:50:11 | 00,039,424 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\xpacket.sys
[2009/05/02 12:50:11 | 00,009,341 | ---- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2009/05/02 12:50:06 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2009/05/02 12:50:06 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2009/05/02 12:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\iolo
[2009/05/02 11:44:39 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/05/02 11:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judge\Application Data\iolo
[2009/05/02 11:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/05/02 09:06:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/05/02 09:01:56 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/02 08:48:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judge\Application Data\Uniblue
[2009/05/02 08:45:01 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/05/02 08:44:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/05/02 04:03:53 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/01 20:31:32 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/05/01 16:19:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/01 16:19:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/01 16:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/01 16:18:31 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/01 16:18:31 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/01 16:18:31 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/01 16:18:30 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/01 16:18:30 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/01 16:18:30 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/01 16:18:30 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/01 16:17:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/05/01 08:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/15 04:43:36 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 04:43:36 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 04:43:35 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 04:43:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 04:43:35 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 04:43:35 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 04:43:34 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 04:43:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 04:43:34 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 04:42:45 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 04:42:45 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 04:42:45 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 13:18:08 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/13 13:06:36 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/03/27 18:14:12 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\glapow.dll
[2008/04/13 20:11:56 | 00,275,968 | ---- | C] () -- C:\WINDOWS\System32\ebxblaesi.dll
[2007/10/21 15:36:53 | 00,000,086 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2007/10/05 20:33:34 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini
[2007/10/05 20:33:32 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll
[2007/10/05 20:33:31 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll
[2007/10/05 20:32:55 | 00,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2007/02/12 06:46:04 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2007/01/10 20:02:06 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2007/01/10 20:00:42 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2007/01/10 19:54:42 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll
[2007/01/10 19:53:10 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2007/01/10 19:51:52 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2007/01/10 19:49:44 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2007/01/10 19:49:00 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[2007/01/10 19:48:30 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2007/01/10 19:42:24 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2007/01/10 19:41:44 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2007/01/10 19:37:42 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2006/05/18 10:47:12 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2006/03/05 13:54:14 | 00,000,067 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/02 21:03:00 | 00,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 21:03:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2003/03/31 08:00:00 | 00,000,487 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/03 11:51:17 | 00,013,708 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/03 11:51:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Judge\Local Settings\desktop.ini
[2009/05/03 11:50:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/03 11:45:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/03 11:27:02 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judge\Desktop\OTListIt2.exe
[2009/05/03 08:31:57 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Judge\Desktop\Rooter.exe
[2009/05/03 08:30:02 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/03 08:30:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/03 08:29:48 | 00,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/03 08:13:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/03 08:12:43 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Judge\Desktop\mbam-setup-2.exe
[2009/05/03 08:12:19 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Judge\Desktop\mbam-setup-1.exe
[2009/05/03 08:11:59 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Judge\Desktop\mbam-setup.exe
[2009/05/03 08:10:29 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Judge\Desktop\NTREGOPT.lnk
[2009/05/03 08:10:29 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\Judge\Desktop\ERUNT.lnk
[2009/05/03 08:09:51 | 00,265,683 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Judge\Desktop\erunt_setup-2.exe.download
[2009/05/03 08:09:50 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Judge\Desktop\erunt_setup-1.exe
[2009/05/03 08:09:18 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Judge\Desktop\erunt_setup.exe
[2009/05/03 08:08:24 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Judge\Desktop\SysRestorePoint.exe
[2009/05/02 13:01:08 | 00,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2009/05/02 12:50:18 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\Judge\Desktop\System Mechanic Professional.lnk
[2009/05/02 11:44:39 | 00,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2009/05/02 09:03:23 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/02 09:03:23 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/02 09:03:23 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/01 16:36:01 | 00,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
Edited by oldestofone, 03 May 2009 - 09:58 AM.