- When you have the screen up that you want to capture, press the PrtSc key on your keyboard.
- Run the Paint program by going to Start > Run... and enter mspaint.exe
- In Paint, go up to Edit > Paste
- Then go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
- Then click Add Reply in this topic.
- Click the Browse button.
- Locate the file you just saved, click on it, then click Open.
- Click Upload, then, on Manage Attachments, there is an option to include the attachment in the text window.
- Click on Add Reply
Malware Referral [Solved]
Started by
jbljohn
, Jul 09 2009 07:58 PM
-
This topic is locked
#16
Posted 12 July 2009 - 12:44 AM
hammerman
-
- Member
-
- 4,183 posts
Member 4k
#17
Posted 13 July 2009 - 12:33 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
#18
Posted 14 July 2009 - 03:53 PM
hammerman
-
- Member
-
- 4,183 posts
Member 4k
Hi jbljohn,
Can you please carry out the steps.
-- Step 1 --
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
-- Step 2 --
Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
Can you please carry out the steps.
-- Step 1 --
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity. - Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
-- Step 2 --
Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
#19
Posted 14 July 2009 - 07:58 PM
jbljohn
- Topic Starter
-
- Member
-
- 326 posts
Member
Here they are:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-14 21:47:31
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT F7CFBA9E ZwCreateKey
SSDT F7CFBA94 ZwCreateThread
SSDT F7CFBAA3 ZwDeleteKey
SSDT F7CFBAAD ZwDeleteValueKey
SSDT F7CFBAB2 ZwLoadKey
SSDT F7CFBA80 ZwOpenProcess
SSDT F7CFBA85 ZwOpenThread
SSDT F7CFBABC ZwReplaceKey
SSDT F7CFBAB7 ZwRestoreKey
SSDT F7CFBAA8 ZwSetValueKey
SSDT F7CFBA8F ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 7/14/2009 9:56:13 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 590.10 Mb Available Physical Memory | 57.66% Memory free
1.56 Gb Paging File | 1.25 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.00 Gb Total Space | 39.75 Gb Free Space | 57.60% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 2.62 Gb Free Space | 47.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 26.60 Gb Free Space | 23.80% Space Free | Partition Type: FAT32
Computer Name: YOUR-RTMEJESVBC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 7 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirSchedulerService [Disabled | Stopped]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Disabled | Stopped]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Disabled | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Disabled | Stopped]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (getPlus® Helper [Disabled | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Integrated Multimedia Server [Disabled | Stopped]) -- C:\Program Files\NETGEAR\Media Server\immsService.exe ()
SRV - (IntuitUpdateService [Disabled | Stopped]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPodService [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSSQL$PINNACLESYS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PDFProFiltSrv [Disabled | Stopped]) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (PinnacleSys.MediaServer [Disabled | Stopped]) -- c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe (Pinnacle Systems)
SRV - (RetroLauncher [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Helper [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe (Dantz Development Corporation)
SRV - (RetroWDSvc [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe (Dantz Development Corporation)
SRV - (SQLAgent$PINNACLESYS [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wwEngineSvc [Disabled | Stopped]) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 07:53:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/11 17:27:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
O4 - HKCU..\RunOnce: [] \Program Files\Internet Explorer\iexplore.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.11 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: izone.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1091817232828 (MSSecurityAdvisor Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8190.4608101852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.148 24.25.5.147
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 18:15:59 | 00,000,140 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 02:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 00,000,036 | RH-- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 00,000,000 | RH-D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 7 Days ==========
[2009/07/14 21:55:15 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/14 21:52:08 | 00,181,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTC.exe
[2009/07/14 18:28:38 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/07/13 22:44:35 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/07/13 22:44:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/07/13 22:44:18 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/13 22:44:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/07/13 22:44:18 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/07/13 22:44:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/07/13 22:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/13 22:44:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/07/13 22:33:55 | 32,299,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/07/13 20:52:51 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\My Documents\aswclear.exe
[2009/07/11 17:44:33 | 00,547,210 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\spywareguardsetup.exe
[2009/07/11 17:35:53 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/07/11 17:33:48 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/07/11 17:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/07/11 17:33:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/07/11 17:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/07/11 17:32:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/07/11 13:14:03 | 36,182,432 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2009/07/11 07:33:48 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2009/07/11 04:00:49 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/07/11 04:00:49 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/07/10 21:02:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\2009 Malware
[2009/07/10 20:48:40 | 00,001,941 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1247273300477-integrated.jnlp
[2009/07/10 20:44:41 | 00,001,187 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jre-6u14-windows-i586.exe.sdm
[2009/07/10 20:43:59 | 00,001,257 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1247273023496-integrated.jnlp
[2009/07/10 20:37:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2009/07/10 20:36:23 | 00,071,717 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2009/07/10 20:20:34 | 02,908,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2009/07/10 18:38:59 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/07/09 21:30:23 | 00,000,000 | ---D | C] -- C:\4be227ac176f5b053f00d7c5
[2009/07/09 21:30:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/09 21:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/07/09 21:09:22 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:09:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/09 21:09:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/09 21:08:22 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/09 21:05:54 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/09 21:04:10 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:06 | 01,042,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 17:59:48 | 00,834,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 16:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Autoruns
[2009/07/09 16:49:04 | 00,586,212 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:15:54 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 09:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/08 00:36:36 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/08 00:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited
[2009/07/08 00:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CDBurnerXP Projects
[2009/07/08 00:05:59 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/08 00:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2009/07/07 23:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/07/07 23:01:22 | 00,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 23:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
========== Files - Modified Within 7 Days ==========
[2009/07/14 21:55:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/14 21:52:08 | 00,181,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTC.exe
[2009/07/14 18:28:39 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/07/14 07:08:08 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/14 07:07:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/14 07:07:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/14 06:56:27 | 07,032,134 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/14 06:56:13 | 00,000,860 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/14 06:56:13 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/07/14 06:56:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/13 22:44:35 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/07/13 22:37:52 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/13 22:33:57 | 32,299,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/07/13 20:52:51 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\My Documents\aswclear.exe
[2009/07/13 18:10:27 | 00,547,210 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\spywareguardsetup.exe
[2009/07/11 17:35:53 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/07/11 17:33:48 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/07/11 13:14:59 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2009/07/11 13:14:05 | 36,182,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2009/07/11 04:00:49 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/11 04:00:49 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/07/11 03:57:30 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Streets & Trips 2006.lnk
[2009/07/11 03:09:12 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/07/10 20:48:40 | 00,001,941 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1247273300477-integrated.jnlp
[2009/07/10 20:44:41 | 00,001,187 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jre-6u14-windows-i586.exe.sdm
[2009/07/10 20:43:59 | 00,001,257 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1247273023496-integrated.jnlp
[2009/07/10 20:36:24 | 00,071,717 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2009/07/10 20:20:34 | 02,908,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2009/07/10 20:07:15 | 00,254,648 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/09 21:38:59 | 00,772,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 21:36:39 | 00,529,506 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/09 21:36:39 | 00,460,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/09 21:36:39 | 00,079,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/09 21:09:22 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:08:26 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:05:54 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:04:12 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:08 | 01,042,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 17:59:51 | 00,834,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 17:31:49 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/09 17:30:18 | 00,003,892 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2009/07/09 16:49:06 | 00,586,212 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:16:01 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 00:05:59 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/07 23:01:22 | 00,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
< End of report >
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-14 21:47:31
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT F7CFBA9E ZwCreateKey
SSDT F7CFBA94 ZwCreateThread
SSDT F7CFBAA3 ZwDeleteKey
SSDT F7CFBAAD ZwDeleteValueKey
SSDT F7CFBAB2 ZwLoadKey
SSDT F7CFBA80 ZwOpenProcess
SSDT F7CFBA85 ZwOpenThread
SSDT F7CFBABC ZwReplaceKey
SSDT F7CFBAB7 ZwRestoreKey
SSDT F7CFBAA8 ZwSetValueKey
SSDT F7CFBA8F ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 7/14/2009 9:56:13 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 590.10 Mb Available Physical Memory | 57.66% Memory free
1.56 Gb Paging File | 1.25 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.00 Gb Total Space | 39.75 Gb Free Space | 57.60% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 2.62 Gb Free Space | 47.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 26.60 Gb Free Space | 23.80% Space Free | Partition Type: FAT32
Computer Name: YOUR-RTMEJESVBC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 7 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirSchedulerService [Disabled | Stopped]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Disabled | Stopped]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Disabled | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Disabled | Stopped]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (getPlus® Helper [Disabled | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Integrated Multimedia Server [Disabled | Stopped]) -- C:\Program Files\NETGEAR\Media Server\immsService.exe ()
SRV - (IntuitUpdateService [Disabled | Stopped]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPodService [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSSQL$PINNACLESYS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PDFProFiltSrv [Disabled | Stopped]) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (PinnacleSys.MediaServer [Disabled | Stopped]) -- c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe (Pinnacle Systems)
SRV - (RetroLauncher [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Helper [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe (Dantz Development Corporation)
SRV - (RetroWDSvc [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe (Dantz Development Corporation)
SRV - (SQLAgent$PINNACLESYS [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wwEngineSvc [Disabled | Stopped]) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 07:53:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/11 17:27:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
O4 - HKCU..\RunOnce: [] \Program Files\Internet Explorer\iexplore.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.11 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: izone.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1091817232828 (MSSecurityAdvisor Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8190.4608101852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.148 24.25.5.147
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 18:15:59 | 00,000,140 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 02:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 00,000,036 | RH-- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 00,000,000 | RH-D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 7 Days ==========
[2009/07/14 21:55:15 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/14 21:52:08 | 00,181,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTC.exe
[2009/07/14 18:28:38 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/07/13 22:44:35 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/07/13 22:44:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/07/13 22:44:18 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/13 22:44:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/07/13 22:44:18 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/07/13 22:44:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/07/13 22:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/13 22:44:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/07/13 22:33:55 | 32,299,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/07/13 20:52:51 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\My Documents\aswclear.exe
[2009/07/11 17:44:33 | 00,547,210 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\spywareguardsetup.exe
[2009/07/11 17:35:53 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/07/11 17:33:48 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/07/11 17:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/07/11 17:33:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/07/11 17:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/07/11 17:32:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/07/11 13:14:03 | 36,182,432 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2009/07/11 07:33:48 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2009/07/11 04:00:49 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/07/11 04:00:49 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/07/10 21:02:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\2009 Malware
[2009/07/10 20:48:40 | 00,001,941 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1247273300477-integrated.jnlp
[2009/07/10 20:44:41 | 00,001,187 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jre-6u14-windows-i586.exe.sdm
[2009/07/10 20:43:59 | 00,001,257 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1247273023496-integrated.jnlp
[2009/07/10 20:37:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2009/07/10 20:36:23 | 00,071,717 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2009/07/10 20:20:34 | 02,908,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2009/07/10 18:38:59 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/07/09 21:30:23 | 00,000,000 | ---D | C] -- C:\4be227ac176f5b053f00d7c5
[2009/07/09 21:30:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/09 21:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/07/09 21:09:22 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:09:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/09 21:09:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/09 21:08:22 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/09 21:05:54 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/09 21:04:10 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:06 | 01,042,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 17:59:48 | 00,834,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 16:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Autoruns
[2009/07/09 16:49:04 | 00,586,212 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:15:54 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 09:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/08 00:36:36 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/08 00:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited
[2009/07/08 00:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CDBurnerXP Projects
[2009/07/08 00:05:59 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/08 00:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2009/07/07 23:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/07/07 23:01:22 | 00,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 23:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
========== Files - Modified Within 7 Days ==========
[2009/07/14 21:55:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/14 21:52:08 | 00,181,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTC.exe
[2009/07/14 18:28:39 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/07/14 07:08:08 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/14 07:07:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/14 07:07:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/14 06:56:27 | 07,032,134 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/14 06:56:13 | 00,000,860 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/14 06:56:13 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/07/14 06:56:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/13 22:44:35 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/07/13 22:37:52 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/13 22:33:57 | 32,299,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/07/13 20:52:51 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\My Documents\aswclear.exe
[2009/07/13 18:10:27 | 00,547,210 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\spywareguardsetup.exe
[2009/07/11 17:35:53 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/07/11 17:33:48 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/07/11 13:14:59 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2009/07/11 13:14:05 | 36,182,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2009/07/11 04:00:49 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/11 04:00:49 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/07/11 03:57:30 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Streets & Trips 2006.lnk
[2009/07/11 03:09:12 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/07/10 20:48:40 | 00,001,941 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1247273300477-integrated.jnlp
[2009/07/10 20:44:41 | 00,001,187 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jre-6u14-windows-i586.exe.sdm
[2009/07/10 20:43:59 | 00,001,257 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1247273023496-integrated.jnlp
[2009/07/10 20:36:24 | 00,071,717 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2009/07/10 20:20:34 | 02,908,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2009/07/10 20:07:15 | 00,254,648 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/09 21:38:59 | 00,772,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 21:36:39 | 00,529,506 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/09 21:36:39 | 00,460,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/09 21:36:39 | 00,079,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/09 21:09:22 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:08:26 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:05:54 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:04:12 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:08 | 01,042,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 17:59:51 | 00,834,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 17:31:49 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/09 17:30:18 | 00,003,892 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2009/07/09 16:49:06 | 00,586,212 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:16:01 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 00:05:59 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/07 23:01:22 | 00,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
< End of report >
#20
Posted 15 July 2009 - 03:15 PM
hammerman
-
- Member
-
- 4,183 posts
Member 4k
Hello,
Can you try downloading SpywareGuard to another computer and copy it on to your computer using a USB memory stick or CD.
Check the size of the file. It should be 2,062,665 bytes.
Now try and install SpywareGuard.
Also, can you let me know if you are using a download manager.
Thanks.
Can you try downloading SpywareGuard to another computer and copy it on to your computer using a USB memory stick or CD.
Check the size of the file. It should be 2,062,665 bytes.
Now try and install SpywareGuard.
Also, can you let me know if you are using a download manager.
Thanks.
#21
Posted 15 July 2009 - 04:06 PM
jbljohn
- Topic Starter
-
- Member
-
- 326 posts
Member
Instead of downloading Spyware Guard I have successfully installed Spyware Blaster.
I have removed Avira Free and replaced it with Avast.
As far as using a Download Manager I only dowmload to my Desktop and then install from there.
For what it is worth I do note that when I select any of the downloads, none of them start automatically.
My plans are not to install Spyware Guard.
Is my computer now Malware free?
I have removed Avira Free and replaced it with Avast.
As far as using a Download Manager I only dowmload to my Desktop and then install from there.
For what it is worth I do note that when I select any of the downloads, none of them start automatically.
My plans are not to install Spyware Guard.
Is my computer now Malware free?
#22
Posted 16 July 2009 - 03:54 AM
hammerman
-
- Member
-
- 4,183 posts
Member 4k
Hi jbljohn,
There is no sign of any malware so feel free to return to Broni.
There is no sign of any malware so feel free to return to Broni.
#23
Posted 16 July 2009 - 04:10 PM
jbljohn
- Topic Starter
-
- Member
-
- 326 posts
Member
Thanks for your help!
I believe I have a more secure computer at this time.
To maintain the security of my computer how often should I run Malware, Spyware Blaster and Avast?
--Jay
I believe I have a more secure computer at this time.
To maintain the security of my computer how often should I run Malware, Spyware Blaster and Avast?
--Jay
#24
Posted 16 July 2009 - 11:39 PM
hammerman
-
- Member
-
- 4,183 posts
Member 4k
Hi Jay,
I run a full antivirus scan once a week and update every day. I don't scan with Malwarebytes quite so often.
Spyware Blaster does not scan your system as it's protection remains resident. You just need to update it, which I do every couple of weeks.
Hope that helps.
I run a full antivirus scan once a week and update every day. I don't scan with Malwarebytes quite so often.
Spyware Blaster does not scan your system as it's protection remains resident. You just need to update it, which I do every couple of weeks.
Hope that helps.
#25
Posted 17 July 2009 - 12:46 PM
jbljohn
- Topic Starter
-
- Member
-
- 326 posts
Member
Thank you very much for all of your help over the past several days. I really learned a lot!
--Jay
--Jay
#26
Posted 17 July 2009 - 12:53 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
