paperdragon

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About paperdragon

  • Rank
    Member
  1. [quote name='visitor' post='115206' date='Jan 11 2010, 01:16 PM']I don't think Lavasoft can easily provide an update if it's various malware causing the problem. Cookies alone shouldn't lock up the program, but in paperdragon's case, it may be a rootkit, which can be troublesome to remove. Rorschach is a Volunteer Security Advisor in the HijackThis forum (instructions in my signature). You might try that to see if Ad-Aware will work properly once you know your system is clean.[/quote] Just an update. My system is now clear of all malicious software(at least for a few days I hope) and Ad-Aware 8.1.3 will still not complete a scan. It gets some some point and just stops.
  2. [quote name='Rorschach112' post='115379' date='Jan 15 2010, 09:05 AM']the last one is a false positive the others are from emails in your outlook, impossible to say which ones[/quote] Awesome! I want to thank you for all your help. It is really appreciated. I noticed in your wrapup that you didnt recommend Ad-Aware as one of the products I should be using to keep my system clean. Is there a reason for this? As for IE, I avoid it whenever possible even though I did download IE8. I prefer to use Opera. Also, I do keep up to date on all windows components as well as all my malware programs. Im still not sure how I ended up with a rootkit infection but Im glad its gone. Again, thanks!! Jeff
  3. What about the Trojans found by Kaspersky? C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Administrator\My Documents\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 4 C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-7985b8be Infected: Trojan-Downloader.Java.OpenStream.ad 1
  4. [quote name='Rorschach112' post='115317' date='Jan 14 2010, 09:27 AM'][*]Open OTL again and click the [b]Quick Scan[/b] button. Post the log it produces in your next reply.[/quote] Here it is. Are we getting close? OTL logfile created on: 1/14/2010 5:33:18 PM - Run 2 OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,021.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 29.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.80 Gb Total Space | 43.56 Gb Free Space | 30.08% Space Free | Partition Type: NTFS Drive D: | 4.23 Gb Total Space | 1.53 Gb Free Space | 36.10% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JEFF001 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2010/01/14 17:32:30 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/11/20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2009/11/09 11:40:10 | 00,273,664 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009/11/01 03:46:30 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009/10/19 15:48:54 | 00,087,336 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/06/23 11:48:12 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe PRC - [2009/05/09 10:20:34 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/02/14 16:29:14 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/13 13:44:44 | 04,141,056 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe PRC - [2007/11/13 13:39:08 | 00,704,512 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe PRC - [2007/07/10 00:39:15 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe PRC - [2007/02/06 11:59:04 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/10/16 20:17:16 | 01,941,784 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2006/10/16 20:13:32 | 00,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2006/10/16 20:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2006/10/16 20:12:20 | 01,164,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2006/07/06 10:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006/07/06 10:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006/03/21 20:30:00 | 01,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2006/01/05 04:28:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005/12/09 21:44:40 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe PRC - [2005/10/22 15:15:28 | 00,196,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE PRC - [2005/07/22 20:21:40 | 12,061,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE PRC - [2005/01/12 06:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe PRC - [2004/08/04 21:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2004/04/06 15:04:38 | 00,053,248 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe PRC - [2003/10/21 12:28:10 | 00,886,272 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE PRC - [2003/10/21 11:31:44 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE PRC - [2003/10/21 11:26:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2010/01/14 17:32:30 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2009/12/08 13:12:24 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2009/06/23 11:48:10 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll MOD - [2006/01/05 04:28:00 | 01,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006/01/05 04:28:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2010/01/10 15:47:51 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/01/10 12:08:45 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/19 15:48:54 | 00,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/10/07 05:31:18 | 00,035,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state) SRV - [2009/10/07 02:44:58 | 00,752,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2009/10/07 02:44:58 | 00,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32) SRV - [2009/10/07 02:44:58 | 00,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009/03/24 07:38:08 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/02/14 16:29:14 | 00,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008/08/29 04:18:40 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c8e153d3322c38) Google Update Service (gupdate1c8e153d3322c38) SRV - [2007/02/06 11:59:04 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/10/16 20:13:28 | 00,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006/07/06 10:14:30 | 00,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/01/05 04:28:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2004/04/06 15:04:38 | 00,053,248 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc) SRV - [2003/10/21 11:31:44 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS) SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530S"]http://www.gateway.com/g/startpage.html?Ch...TP&M=FX530S[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/" FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/27 21:55:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/25 12:56:20 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/02 08:21:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [2009/12/25 13:03:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [2010/01/02 08:21:18 | 00,000,000 | ---D | M] [2008/06/29 19:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010/01/12 18:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\353uunsr.default\extensions [2008/10/24 10:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\353uunsr.default\extensions\[email protected] [2009/12/02 12:45:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll (planetscott.ca) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html () O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries0000000001 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries0000000002 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries0000000003 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries0000000009 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [url="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [url="http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab"]http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab[/url] (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\My Documents\My Pictures\fluorescence2k9colors11920.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\My Documents\My Pictures\fluorescence2k9colors11920.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/05/31 22:32:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color="#E56717"]========== Files/Folders - Created Within 14 Days ==========[/color] [2010/01/14 17:32:30 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/01/11 19:03:43 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2010/01/10 15:52:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative [2010/01/10 15:49:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults [2010/01/10 15:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared [2010/01/10 15:45:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Data [2010/01/10 15:45:20 | 00,000,000 | ---D | C] -- C:\Program Files\Creative [2010/01/10 13:32:35 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2010/01/10 13:32:30 | 00,000,000 | ---D | C] -- C:\_OTM [2010/01/10 13:28:14 | 00,480,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe [2010/01/10 12:09:42 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/01/10 12:07:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010/01/10 11:55:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group [2010/01/10 11:55:14 | 00,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys [2010/01/10 11:55:12 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2010/01/09 14:44:36 | 00,000,000 | RHSD | C] -- C:\cmdcons [2010/01/09 14:43:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/01/09 14:43:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/01/09 14:43:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/01/09 14:43:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/01/09 14:41:04 | 00,000,000 | ---D | C] -- C:\Qoobox [2010/01/09 14:27:43 | 00,000,000 | ---D | C] -- C:\_OTL [2010/01/03 13:53:56 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2010/01/03 13:50:40 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2010/01/03 13:48:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/01/03 13:47:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010/01/03 13:46:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/01/03 10:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer [2010/01/03 10:17:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/01/03 10:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\erunt [2010/01/03 09:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13 [2010/01/02 08:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2009/09/25 06:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2009/06/23 11:49:14 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2009/05/27 19:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/02/06 15:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/01/14 06:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2008/04/30 17:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2007/09/18 18:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/06/09 08:55:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2007/02/12 05:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera [2007/02/10 19:26:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2006/05/31 22:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2006/05/31 22:32:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [color="#E56717"]========== Files - Modified Within 14 Days ==========[/color] [2010/01/14 17:32:30 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/01/14 16:51:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/01/14 16:04:20 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/01/14 12:09:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/01/14 06:09:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/01/14 03:51:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/01/14 00:09:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/01/13 19:03:46 | 00,008,444 | ---- | M] () -- C:\WINDOWS\uedit32.INI [2010/01/13 18:09:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/01/13 12:11:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/13 06:05:43 | 00,043,805 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/01/13 06:05:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/13 03:22:54 | 00,035,605 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2010/01/13 03:22:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/13 03:22:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/13 03:21:59 | 10,704,28160 | -HS- | M] () -- C:\hiberfil.sys [2010/01/13 03:21:08 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/01/13 03:21:04 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/13 03:21:03 | 00,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/13 03:21:03 | 00,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/13 03:21:02 | 00,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/13 03:21:01 | 00,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/13 03:20:38 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/01/13 03:03:13 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/12 19:43:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/01/11 19:44:24 | 04,932,477 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000000-00001102-00000008-10211102}.CDF [2010/01/11 19:44:24 | 04,932,477 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000000-00001102-00000008-10211102}.BAK [2010/01/11 19:03:48 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2010/01/10 16:27:55 | 00,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma [2010/01/10 16:27:55 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\C6BCA2 [2010/01/10 15:49:38 | 02,115,346 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010/01/10 15:47:03 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2010/01/10 15:47:03 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2010/01/10 13:32:34 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/01/10 13:28:15 | 00,480,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe [2010/01/10 12:07:43 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/01/10 11:55:15 | 00,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2010/01/10 10:25:12 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini [2010/01/09 14:44:50 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2010/01/09 14:39:24 | 03,819,182 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/07 14:04:50 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/01/03 10:18:00 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip [2010/01/03 10:15:44 | 00,513,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\erunt.zip [2010/01/03 09:55:37 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip [2010/01/02 08:21:20 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2010/01/02 08:21:10 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2010/01/02 08:20:04 | 00,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk [2010/01/01 01:00:24 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2010/01/10 15:50:16 | 00,029,604 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/10 15:50:16 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/10 15:49:35 | 04,932,477 | ---- | C] () -- C:\WINDOWS\{00000005-00000000-00000000-00001102-00000008-10211102}.BAK [2010/01/10 15:49:21 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2 [2010/01/10 15:48:05 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd [2010/01/10 12:07:43 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/01/10 11:55:15 | 00,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2010/01/09 14:44:49 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2010/01/09 14:44:42 | 00,260,272 | ---- | C] () -- C:\cmldr [2010/01/09 14:43:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/01/09 14:43:08 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/01/09 14:43:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/01/09 14:43:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/01/09 14:43:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/01/09 14:39:14 | 03,819,182 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2010/01/03 10:17:59 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip [2010/01/03 10:15:44 | 00,513,320 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\erunt.zip [2010/01/03 09:55:37 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip [2009/12/26 08:47:03 | 00,199,234 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2009/12/12 12:04:57 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/11/19 20:43:52 | 00,185,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/06/23 12:29:50 | 00,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2009/06/23 12:29:48 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009/06/23 11:51:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2009/06/05 02:01:06 | 09,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll [2009/06/05 02:01:06 | 00,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll [2009/06/05 02:01:06 | 00,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll [2009/06/05 02:01:06 | 00,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll [2009/05/10 11:18:42 | 00,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll [2009/05/10 11:17:16 | 00,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll [2009/05/09 14:57:14 | 00,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll [2008/05/24 14:00:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007/11/04 07:22:53 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/09/23 12:14:47 | 00,021,365 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll [2007/03/01 17:43:56 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/02/24 10:25:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxallcnp.dll [2007/02/24 08:03:27 | 00,008,444 | ---- | C] () -- C:\WINDOWS\uedit32.INI [2007/02/11 10:18:32 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/02/10 22:33:59 | 00,000,054 | ---- | C] () -- C:\WINDOWS\me101.dll [2007/02/06 12:17:16 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/02/06 12:17:15 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/02/06 12:17:13 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/02/06 12:17:09 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/02/06 12:17:02 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007/02/06 11:57:25 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll [2007/02/06 11:56:51 | 00,046,593 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2007/02/06 11:52:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/02/06 11:52:16 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2006/06/30 05:27:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/31 22:17:16 | 00,001,232 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/05/31 22:17:16 | 00,000,516 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2004/02/20 15:36:34 | 00,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll [color="#E56717"]========== LOP Check ==========[/color] [2007/04/06 09:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore [2007/04/01 07:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus [2008/10/11 19:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media [2010/01/02 21:51:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla [2007/02/06 11:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2009/11/19 20:50:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\motorola [2007/02/10 14:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera [2007/02/06 11:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2009/05/09 10:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SanDisk [2009/04/07 18:13:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uniblue [2010/01/02 17:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2007/04/14 07:02:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint [2007/03/18 10:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2007/03/08 17:58:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2009/06/16 22:15:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep [2009/11/19 20:50:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\motorola [2007/02/06 11:53:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2007/02/06 11:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service [2008/10/16 21:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/02/18 08:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/12/12 12:11:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32} [2010/01/10 12:07:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010/01/14 12:09:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2010/01/13 18:09:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2010/01/14 00:09:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2010/01/14 06:09:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2010/01/13 12:11:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2007/02/20 23:45:02 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job [2009/12/15 01:14:39 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2010/01/01 01:00:24 | 00,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D6C864 < End of report >
  5. Here is the Kaspersky log. Malwarebytes found nothing. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, January 13, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Wednesday, January 13, 2010 08:56:09 Records in database: 3303405 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Objects scanned: 100540 Threats found: 6 Infected objects found: 19 Suspicious objects found: 9 Scan duration: 05:54:36 File name / Threat / Threats count C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 4 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\leather.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\leather.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\leather.exe Infected: not-a-virus:AdWare.Win32.WebRebates.r 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\leather.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p 3 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ultrashockr.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ultrashockr.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ultrashockr.exe Infected: not-a-virus:AdWare.Win32.WebRebates.r 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ultrashockr.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p 3 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ushockb.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ushockb.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ushockb.exe Infected: not-a-virus:AdWare.Win32.WebRebates.r 1 C:\Documents and Settings\Administrator\Desktop\Recover-1\Documents and Settings\Owner\My Documents\My Install Programs\Themes\ushockb.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p 3 C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Administrator\My Documents\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 4 C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-7985b8be Infected: Trojan-Downloader.Java.OpenStream.ad 1 Selected area has been scanned.
  6. [quote name='casey_boy' post='115167' date='Jan 10 2010, 02:32 PM']Hi, Yes rootkits are a bit notorious at affecting security scanning software. Have you had help removing it? Casey[/quote] Im working with Rorschach112 to get rid of it. I think we almost have it. My question is what good is a program thats supposed to remove malware if it can be sabotaged by that same malware? I count on programs like Ad-Aware, Spybot and Malwarebytes to help keep my system clean. Ad-Aware just isnt keeping up its end it seems.
  7. [quote name='visitor' post='115079' date='Jan 7 2010, 11:25 AM']Moderator casey_boy got this user up and running: [url="http://www.lavasoftsupport.com/index.php?showtopic=27963"]http://www.lavasoftsupport.com/index.php?showtopic=27963[/url] - Try updating Ad-Aware by GUI, tray icon, or start menu (if one doesn't work, try the others). - If no joy, uninstall Ad-Aware using Revo Uninstaller. - install the latest C++ runtime. - reinstall Ad-Aware[/quote] Ive had the same issues but my scan always hangs when it starts in on the tracking cookies. At the time the program stops responding there are 165 objects found and the scan had been running for 70 minutes. I have reinstalled Ad-Aware 8.1.3 and I even have the latest C++ runtime installed. I have been working on removing a rootkit which may or may not be affecting the scan. Jeff
  8. Here is the OTM log followed by the VirScan log All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== c:\program files\temp01 moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 191872 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0.00 mb OTM by OldTimer - Version 3.1.5.0 log created on 01102010_133230 Files moved on Reboot... Registry entries deleted on Reboot... VirSCAN.org Scanned Report : Scanned time : 2010/01/10 13:39:50 (EST) Scanner results: Scanners did not find malware! File Name : iaStor.svs File Size : 246784 byte File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit MD5 : 019cf5f31c67030841233c545a0e217a SHA1 : 57f164f409a35520f4cb43556d5330887879e984 Online report : [url="http://virscan.org/report/32cf67f83ecf183ab021d517827e1a1a.html"]http://virscan.org/report/32cf67f83ecf183a...17827e1a1a.html[/url] Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20100110180442 2010-01-10 5.36 - AhnLab V3 2010.01.09.02 2010.01.09 2010-01-09 3.36 - AntiVir 8.2.1.134 7.10.2.152 2010-01-10 0.06 - Antiy 2.0.18 20100108.3621411 2010-01-08 0.12 - Arcavir 2009 201001091222 2010-01-09 0.05 - Authentium 5.1.1 201001101452 2010-01-10 2.04 - AVAST! 4.7.4 100110-0 2010-01-10 0.02 - AVG 8.5.288 270.14.132/2611 2010-01-10 0.36 - BitDefender 7.81008.4850632 7.29819 2010-01-11 4.17 - CA (VET) 35.1.0 7225 2010-01-07 17.58 - ClamAV 0.95.2 10276 2010-01-09 0.05 - Comodo 3.13.579 3409 2010-01-10 1.34 - CP Secure 1.3.0.5 2010.01.10 2010-01-10 0.07 - Dr.Web 4.44.0.9170 2010.01.10 2010-01-10 8.46 - F-Prot 4.4.4.56 20100110 2010-01-10 1.95 - F-Secure 7.02.73807 2010.01.10.05 2010-01-10 0.11 - Fortinet 11.355- 11.355 2010-01-09 0.21 - GData 19.9889/19.669 20100110 2010-01-10 10.87 - ViRobot 20100108 2010.01.08 2010-01-08 0.64 - Ikarus T3.1.01.80 2010.01.10.74933 2010-01-10 4.89 - JiangMin 13.0.900 2010.01.09 2010-01-09 11.75 - Kaspersky 5.5.10 2010.01.10 2010-01-10 0.07 - KingSoft 2009.2.5.15 2010.1.10.22 2010-01-10 0.62 - McAfee 5.3.00 5857 2010-01-10 3.37 - Microsoft 1.5302 2010.01.10 2010-01-10 6.73 - Norman 6.01.09 6.01.00 2010-01-09 4.02 - Panda 9.05.01 2010.01.09 2010-01-09 1.89 - Trend Micro 9.120-1004 6.760.05 2010-01-10 0.03 - Quick Heal 10.00 2010.01.09 2010-01-09 1.49 - Rising 20.0 22.29.06.04 2010-01-10 1.04 - Sophos 3.03.0 4.49 2010-01-11 3.02 - Sunbelt 3.9.2389.2 5610 2010-01-10 2.39 - Symantec 1.3.0.24 20100102.020 2010-01-02 0.05 - nProtect 20100110.01 6839932 2010-01-10 4.55 - The Hacker 6.5.0.3 v00145 2010-01-10 0.82 - VBA32 3.12.12.1 20100108.2153 2010-01-08 2.43 - VirusBuster 4.5.11.10 10.118.27/2007503 2010-01-10 2.49 -
  9. [quote name='Rorschach112' post='115154' date='Jan 10 2010, 09:30 AM']run combofix once more for me[/quote] Much better. Here is the log ComboFix 10-01-04.01 - Administrator 01/10/2010 10:17:47.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.421 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-254246324-2262204382-3327037887-500 C:\s c:\windows\pthreadGC2.dll c:\windows\system32\11478.exe c:\windows\system32\11942.exe c:\windows\system32\15724.exe c:\windows\system32\16827.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\23281.exe c:\windows\system32\24464.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\28145.exe c:\windows\system32\29358.exe c:\windows\system32\2995.exe c:\windows\system32\32391.exe c:\windows\system32\4827.exe c:\windows\system32\491.exe c:\windows\system32\5436.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\9961.exe c:\windows\system32\Data c:\windows\system32\Data\CT0060W.DAT c:\windows\system32\Data\CTEAPSW.DAT c:\windows\system32\Data\CTEDSP2W.DAT c:\windows\system32\Data\CTEDSPKW.DAT c:\windows\system32\Data\CTEDSPLW.DAT c:\windows\system32\Data\CTEDSPPW.DAT c:\windows\system32\Data\CTEDSPTW.DAT c:\windows\system32\Data\CTEDSPUW.DAT c:\windows\system32\Data\CTEDSPW.DAT c:\windows\system32\Data\CTP0060W.DAT c:\windows\system32\Data\CTP0061W.DAT c:\windows\system32\Data\CTP0070W.DAT c:\windows\system32\Data\CTP0073W.DAT c:\windows\system32\Data\CTP0090W.DAT c:\windows\system32\Data\CTP0091W.DAT c:\windows\system32\Data\CTP0092W.DAT c:\windows\system32\Data\CTP0095W.DAT c:\windows\system32\Data\CTP0100W.DAT c:\windows\system32\Data\CTP0101W.DAT c:\windows\system32\Data\CTP0102W.DAT c:\windows\system32\Data\CTP0103W.DAT c:\windows\system32\Data\CTP0105W.DAT c:\windows\system32\Data\CTP0150W.DAT c:\windows\system32\Data\CTP0161W.DAT c:\windows\system32\Data\CTP0162W.DAT c:\windows\system32\Data\CTP0170W.DAT c:\windows\system32\Data\CTP017AW.DAT c:\windows\system32\Data\CTP017BW.DAT c:\windows\system32\Data\CTP017CW.DAT c:\windows\system32\Data\CTP017DW.DAT c:\windows\system32\Data\CTP017EW.DAT c:\windows\system32\Data\CTP017FW.DAT c:\windows\system32\Data\CTP017GW.DAT c:\windows\system32\Data\CTP017HW.DAT c:\windows\system32\Data\CTP0191W.DAT c:\windows\system32\Data\CTP0192W.DAT c:\windows\system32\Data\CTP0221W.DAT c:\windows\system32\Data\CTP0222W.DAT c:\windows\system32\Data\CTP0230W.DAT c:\windows\system32\Data\CTP0231W.DAT c:\windows\system32\Data\CTP0232W.DAT c:\windows\system32\Data\CTP0238W.DAT c:\windows\system32\Data\CTP0240W.DAT c:\windows\system32\Data\CTP0242W.DAT c:\windows\system32\Data\CTP0243W.DAT c:\windows\system32\Data\CTP0244W.DAT c:\windows\system32\Data\CTP0245W.DAT c:\windows\system32\Data\CTP0249W.DAT c:\windows\system32\Data\CTP0280W.DAT c:\windows\system32\Data\CTP0320W.DAT c:\windows\system32\Data\CTP0350W.DAT c:\windows\system32\Data\CTP0352W.DAT c:\windows\system32\Data\CTP0360W.DAT c:\windows\system32\Data\CTP0380W.DAT c:\windows\system32\Data\CTP0400W.DAT c:\windows\system32\Data\CTP0530L.DAT c:\windows\system32\Data\CTP0530W.DAT c:\windows\system32\Data\CTP0600W.DAT c:\windows\system32\Data\CTP0610W.DAT c:\windows\system32\Data\CTP1140W.DAT c:\windows\system32\Data\CTP4620W.DAT c:\windows\system32\Data\CTP4670W.DAT c:\windows\system32\Data\CTP4760W.DAT c:\windows\system32\Data\CTP4780W.DAT c:\windows\system32\Data\CTP4790W.DAT c:\windows\system32\Data\CTP4820W.DAT c:\windows\system32\Data\CTP4830W.DAT c:\windows\system32\Data\CTP4831W.DAT c:\windows\system32\Data\CTP4832W.DAT c:\windows\system32\Data\CTP4840W.DAT c:\windows\system32\Data\CTP4850W.DAT c:\windows\system32\Data\CTP4870W.DAT c:\windows\system32\Data\CTP4871W.DAT c:\windows\system32\Data\CTP4872W.DAT c:\windows\system32\Data\CTP4875W.DAT c:\windows\system32\Data\CTP4890W.DAT c:\windows\system32\Data\CTP4891W.DAT c:\windows\system32\Data\CTP4893W.DAT c:\windows\system32\Data\CTPDXW.DAT c:\windows\system32\Data\CTPM002W.DAT c:\windows\system32\WORK.DAT Infected copy of c:\windows\system32\DRIVERS\IASTOR.SYS was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 ))))))))))))))))))))))))))))))) . 2010-01-09 19:27 . 2010-01-09 19:27 -------- d-----w- C:\_OTL 2010-01-05 04:08 . 2010-01-05 04:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2010-01-04 06:38 . 2010-01-04 06:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-01-04 06:37 . 2010-01-04 06:37 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AOL 2010-01-04 06:36 . 2010-01-04 06:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\utbaxe 2010-01-04 03:40 . 2010-01-05 04:07 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe 2010-01-03 18:55 . 2010-01-03 18:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-03 18:53 . 2010-01-03 18:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-01-03 18:50 . 2010-01-03 18:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-01-03 18:48 . 2010-01-03 18:48 -------- d-----w- c:\windows\ie8updates 2010-01-03 18:46 . 2010-01-03 18:46 -------- dc-h--w- c:\windows\ie8 2010-01-03 18:43 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-03 18:43 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-03 18:43 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-03 18:43 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-03 18:43 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-01-03 18:43 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-01-03 18:43 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-01-02 13:20 . 2010-01-02 13:20 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-12-26 13:47 . 2009-12-26 13:47 199234 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2009-12-25 22:05 . 2009-12-25 22:05 -------- d-----w- c:\program files\Microsoft Help 2009-12-25 21:31 . 2009-12-25 21:31 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-25 21:31 . 2009-12-25 21:32 -------- d-----w- c:\program files\Microsoft SQL Server 2009-12-25 21:31 . 2009-12-25 22:05 571712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2009-12-25 21:29 . 2009-12-25 21:29 -------- d-----w- c:\program files\Microsoft ASP.NET 2009-12-25 21:29 . 2009-12-25 21:29 -------- d-----w- c:\program files\IIS 2009-12-25 21:23 . 2009-12-25 22:02 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2009-12-25 20:36 . 2009-12-25 21:17 -------- d-----w- C:\2852f4bb49be5243a4 2009-12-25 20:08 . 2009-12-25 20:30 -------- d-----w- C:\8b7e351b8623cb5991034646 2009-12-25 18:48 . 2009-12-25 18:48 -------- d-----w- C:4f5b3e7d96ff326b 2009-12-25 18:48 . 2009-12-25 21:32 -------- d-----w- c:\program files\Microsoft SDKs 2009-12-25 18:03 . 2009-12-25 18:03 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5 2009-12-20 03:13 . 2009-12-22 15:12 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-12-20 03:13 . 2009-12-22 15:12 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-12-20 03:13 . 2009-12-22 15:12 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-12-20 03:13 . 2009-12-22 15:12 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-12-20 03:13 . 2009-12-22 15:12 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-12-20 03:13 . 2009-12-22 15:12 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-12-20 03:12 . 2010-01-07 15:12 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-12-20 03:12 . 2009-12-22 15:12 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-12-20 03:12 . 2009-12-22 15:12 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-12-20 03:12 . 2009-12-22 15:12 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-12-20 03:12 . 2009-12-22 15:12 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-12-20 03:12 . 2009-12-22 15:12 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-12-20 03:12 . 2009-12-22 15:12 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-12-15 06:17 . 2010-01-07 19:04 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-12-14 23:20 . 2009-12-14 23:20 -------- d-----w- c:\program files\Trend Micro 2009-12-13 07:07 . 2009-12-13 07:07 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData 2009-12-13 03:12 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-12-13 03:11 . 2009-12-13 03:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2009-12-13 03:11 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-10 15:24 . 2007-12-25 13:32 -------- d-----w- c:\program files\BOINC 2010-01-10 04:29 . 2009-11-20 00:59 -------- d-----w- c:\program files\Motorola Media Link 2010-01-09 19:28 . 2007-02-06 16:32 246784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS 2010-01-09 19:28 . 2007-02-06 16:32 246784 ----a-w- c:\windows\system32\drivers\iaStor.svs 2010-01-09 15:58 . 2008-04-16 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-01-06 11:37 . 2009-04-22 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 11:37 . 2009-06-28 02:06 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-04 06:46 . 2007-02-06 16:42 -------- d-----w- c:\program files\Google 2010-01-04 03:22 . 2007-09-15 12:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org2 2010-01-03 02:51 . 2008-10-16 00:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla 2010-01-02 22:39 . 2008-07-04 19:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2010-01-02 13:21 . 2007-04-01 12:30 -------- d-----w- c:\program files\DivX 2009-12-30 19:55 . 2009-04-22 22:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 19:54 . 2009-04-22 22:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-25 21:04 . 2007-02-06 16:52 -------- d-----w- c:\program files\Microsoft.NET 2009-12-25 17:51 . 2007-02-06 17:00 -------- d-----w- c:\program files\McAfee 2009-12-13 03:11 . 2008-08-31 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-12-13 03:11 . 2007-02-11 23:50 -------- d-----w- c:\program files\Lavasoft 2009-12-13 03:08 . 2007-02-12 02:15 -------- d-----w- c:\program files\BFG 2009-12-12 17:11 . 2009-04-07 22:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32} 2009-12-12 17:05 . 2007-02-06 16:55 -------- d-----w- c:\program files\Common Files\AOL 2009-12-12 17:05 . 2007-02-06 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-12-11 19:34 . 2007-02-11 23:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-08 23:25 . 2009-11-20 01:43 185768 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-26 15:24 . 2007-02-12 00:24 -------- d-----w- c:\program files\Rhapsody 2009-11-26 14:16 . 2007-02-10 19:52 -------- d-----w- c:\program files\Opera 2009-11-20 01:50 . 2009-11-20 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\motorola 2009-11-20 01:50 . 2009-11-20 01:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\motorola 2009-11-20 00:59 . 2009-11-20 00:59 -------- d-----w- c:\program files\Common Files\Nero 2009-11-20 00:59 . 2009-11-20 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-11-20 00:57 . 2009-11-20 00:57 -------- d-----w- c:\program files\Motorola 2009-11-20 00:57 . 2009-11-20 00:57 -------- d-----w- c:\program files\Common Files\Motorola Shared 2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll 2009-11-04 11:39 . 2009-11-04 11:39 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-04 11:39 . 2009-11-04 11:39 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-10-29 07:45 . 2006-06-01 03:17 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2006-06-01 03:17 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2006-06-01 03:16 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2006-06-01 03:16 270336 ----a-w- c:\windows\system32\oakley.dll 2008-10-12 00:11 . 2008-10-12 00:11 0 ----a-w- c:\program files\temp01 2007-07-15 16:46 . 2007-02-11 15:18 848 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SansaDispatch"="c:\documents and settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-09 79872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-06 169984] "Gateway Extended Warranty"="c:\program files\Gateway\GWCares\GWCares.exe" [2004-02-09 73728] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "CTHelper"="CTHELPER.EXE" [2005-06-18 16384] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-05 7393280] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2003-10-21 886272] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-17 1164912] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-17 1941784] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "nwiz"="nwiz.exe" [2006-01-05 1519616] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2007-11-13 4141056] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\ElectricSheep.scr"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Motorola Media Link\\MML.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2009 10:12 PM 64288] R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [10/19/2009 3:48 PM 87336] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/27/2009 1:02 PM 93320] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [12/1/2009 9:12 PM 91392] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/18/2008 8:16 AM 24652] R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2/6/2007 11:32 AM 40448] S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [10/7/2009 2:44 AM 129856] S2 gupdate1c8e153d3322c38;Google Update Service (gupdate1c8e153d3322c38);c:\program files\Google\Update\GoogleUpdate.exe [7/8/2008 6:39 PM 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [10/7/2009 2:44 AM 752984] . Contents of the 'Scheduled Tasks' folder 2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42] 2010-01-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-17 12:38] 2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-08 09:18] 2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-08 09:18] 2007-02-21 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2006-06-01 00:12] 2009-12-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-12 16:22] 2010-01-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-12 16:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530S uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html LSP: c:\program files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\353uunsr.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Lively\nplively.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) AddRemove-Excel Join (Merge, Match) Two Tables Software_is1 - c:\program files\Excel Join (Merge ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-01-10 10:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\documents and settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?daterInstall&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_con scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2659559808-3399992883-3418510418-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,b9,cf,c2,49,5c,21,4a,b0,49,37,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,b9,cf,c2,49,5c,21,4a,b0,49,37,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}*] "S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50, 9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8472BA1A-B0FA-88F3-90386E614F860D47}\{66D81DF1-2E53-4A0F-1B744E2CE8CEDA56}\{65C0E586-2284-7A2C-F227063A6BD7FEE6}*] "S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50, 9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*] "S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50, 9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1008) c:\windows\system32\relog_ap.dll c:\program files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll . Completion time: 2010-01-10 10:26:55 ComboFix-quarantined-files.txt 2010-01-10 15:26 Pre-Run: 47,453,405,184 bytes free Post-Run: 47,414,259,712 bytes free - - End Of File - - 5A5BC79F87A1574FF93C535DE6C393B6
  10. [quote name='Rorschach112' post='115034' date='Jan 6 2010, 09:32 AM']I know what your issue is, its a typical rootkit Only people with this infection get this routine[/quote] OK, OTL was run with no problems. I then ran Combofix and it did its thing. I left the room while it was running and when I came back a few minutes later my machine had been rebooted. I can not find a log named C:\Combofix.txt. There is a folder named C:\Combofix but it just lists all my drives. I searched my system for it and it wasn't found. Also, I was unable to shut down McAfee before Combofix ran. There doesnt seem to be a way to do that. Is a reboot normal after a Combofix run? Whats next?
  11. Before I continue on with this do you have some inkling as to what the issue is or is this the same procedure everyone gets?
  12. OTL Extras logfile created on: 1/3/2010 5:15:22 PM - Run 1 OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,021.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.80 Gb Total Space | 36.38 Gb Free Space | 25.12% Space Free | Partition Type: NTFS Drive D: | 4.23 Gb Total Space | 1.53 Gb Free Space | 36.10% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JEFF001 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#E56717"]========== Extra Registry (SafeList) ==========[/color] [color="#E56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .ini [@ = UltraEdit.ini] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.) .txt [@ = UltraEdit.txt] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [color="#E56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color="#E56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color="#E56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\FileZilla\FileZilla.exe" = C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla -- File not found "C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) "C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\WINDOWS\system32\ElectricSheep.scr" = C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep -- () "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) "C:\Program Files\Motorola Media Link\MML.exe" = C:\Program Files\Motorola Media Link\MML.exe:*:Enabled:Motorola Media Link main -- (Nero corporation) [color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02D29CDE-779D-3082-85C9-4086A49A9390}" = Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006 "{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300 "{11DE2361-9F73-47B3-B638-2F267927E307}" = Ipswitch WS_FTP Home 2007 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway "{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(tm) 6 Update 17 "{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library "{2DE38C17-DD7E-41BA-88BC-0A2387D29657}" = Lively by Google "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(tm) SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(tm) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(tm) 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}" = BOINC "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}" = OpenOffice.org 2.2 "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40653574-F426-36BB-A1DC-3AD075E1EB3C}" = Microsoft Help 3.0 Beta 2 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0 "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home "{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32 "{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader "{53FA14B9-A754-4568-819E-BE4270FDEE13}" = SQL Server 2008 R2 Management Objects "{57EC5BFE-7CB7-3057-8385-C9D72918511C}" = Microsoft .NET Framework 4 Client Profile Beta 2 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5EFFD8C8-BE42-3A47-A5A6-1B3985FD1EC0}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1 "{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10 "{6E405B40-3879-3C9B-9286-8D5E71258C35}" = Microsoft .NET Framework 4 Extended Beta 2 "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0 "{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{838F0053-8744-4B63-8819-CC44C06308AC}" = Visualizer Photo Resize "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A737E831-9ECF-456F-81EA-EEEB5B9922A7}" = Microsoft ASP.NET MVC 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA74ED37-681C-4AE8-8D1D-5485EBB3ED3D}" = SQL Server System CLR Types "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BFD36C6B-D6A2-3487-BD98-90FABA5D5266}" = Microsoft Visual Web Developer 2010 Express Beta 2 - ENU "{C084BC61-E537-11DE-8616-005056806466}" = Google Earth "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3 "{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E165168F-0604-45E4-9C28-B9544406E3D0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools "{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool "{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch "{FC2C89A7-76E2-32F1-A2C2-428B480F570E}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Beta 2 "{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service "{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}" = Netscape Web Accelerator "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIM Toolbar" = AIM Toolbar 5.0 "AIM_6" = AIM 6 "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver "Azureus" = Azureus "BFG-Animal Agents" = Animal Agents "BFGC" = Big Fish Games Client "Canon iP4300 User Registration" = Canon iP4300 User Registration "Canon Setup Utility 2.3" = Canon Setup Utility 2.3 "CanonMyPrinter" = Canon My Printer "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP "DivX Content Uploader" = DivX Content Uploader "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Easy Mail" = Easy Mail 3.1.42 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "ElectricSheep" = ElectricSheep 2.6.6 "Electricsheep Screensaver" = Electricsheep Screensaver 2.7b17 "Excel Join (Merge, Match) Two Tables Software_is1" = Excel Join (Merge, Match) Two Tables Software 7.0 "FastStone Image Viewer" = FastStone Image Viewer 3.1 Beta 2 "FileZilla Client" = FileZilla Client 3.1.4 "Google Desktop" = Google Desktop "Google Updater" = Google Updater "gtw_logo" = gtw_logo "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library "InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader "InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX "InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX "InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX "InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1 "Lexmark Supplies Monitor" = Lexmark Supplies Monitor "Lexmark Z65" = Lexmark Z65 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Uninstall Utility" = McAfee Uninstall Wizard "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile Beta 2" = Microsoft .NET Framework 4 Client Profile Beta 2 "Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2 "Microsoft Help 3.0 Beta 2" = Microsoft Help 3.0 Beta 2 "Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU "Microsoft Visual Web Developer 2010 Express Beta 2 - ENU" = Microsoft Visual Web Developer 2010 Express Beta 2 - ENU "Money2007b" = Microsoft Money 2007 "Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16) "Mozilla Firefox (3.6b5)" = Mozilla Firefox (3.6b5) "MSC" = McAfee SecurityCenter "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "Port Magic" = Pure Networks Port Magic "ProScan Client_is1" = ProScan Client 1.7 Build 5 "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "Rhapsody" = Rhapsody "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "StreetPlugin" = Learn2 Player (Uninstall Only) "Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009 "ViewpointMediaPlayer" = Viewpoint Media Player "WGA" = Windows Genuine Advantage Validation Tool "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Toolbar" = Yahoo! Toolbar [color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Sansa Updater" = Sansa Updater "uTorrent" = µTorrent [color="#E56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/29/2009 11:13:01 AM | Computer Name = JEFF001 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12/30/2009 8:35:37 PM | Computer Name = JEFF001 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x0001b841. Error - 12/31/2009 11:53:36 PM | Computer Name = JEFF001 | Source = Google Update | ID = 20 Description = Error - 1/1/2010 12:54:39 AM | Computer Name = JEFF001 | Source = Google Update | ID = 20 Description = Error - 1/2/2010 9:24:54 AM | Computer Name = JEFF001 | Source = Application Error | ID = 1000 Description = Faulting application divx player.exe, version 7.2.0.19, faulting module dmfplaybackmodule3.dll, version 3.0.0.195, fault address 0x0000e807. Error - 1/2/2010 5:54:37 PM | Computer Name = JEFF001 | Source = Google Update | ID = 20 Description = Error - 1/2/2010 8:44:37 PM | Computer Name = JEFF001 | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 3772 (0xebc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\Engine\5301.4018\config.dat by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 1/3/2010 1:52:32 PM | Computer Name = JEFF001 | Source = Application Error | ID = 1000 Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module gmer.exe, version 1.0.15.15281, fault address 0x0005c887. Error - 1/3/2010 1:54:57 PM | Computer Name = JEFF001 | Source = nview_info | ID = 11141121 Description = Error - 1/3/2010 1:55:13 PM | Computer Name = JEFF001 | Source = nview_info | ID = 11141121 Description = [ System Events ] Error - 1/2/2010 9:24:51 PM | Computer Name = JEFF001 | Source = Dhcp | ID = 1002 Description = The IP address lease 70.188.161.227 for the Network Card with network address 0019D13D4F15 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error - 1/2/2010 9:25:51 PM | Computer Name = JEFF001 | Source = DCOM | ID = 10010 Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout. Error - 1/2/2010 9:37:29 PM | Computer Name = JEFF001 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 0019D13D4F15 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error - 1/2/2010 9:38:01 PM | Computer Name = JEFF001 | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 0019D13D4F15. Error - 1/3/2010 1:58:29 PM | Computer Name = JEFF001 | Source = Print | ID = 19 Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer. Error - 1/3/2010 1:59:10 PM | Computer Name = JEFF001 | Source = DCOM | ID = 10010 Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout. Error - 1/3/2010 2:37:45 PM | Computer Name = JEFF001 | Source = Service Control Manager | ID = 7034 Description = The DeviceMonitorService service terminated unexpectedly. It has done this 1 time(s). Error - 1/3/2010 2:37:46 PM | Computer Name = JEFF001 | Source = Service Control Manager | ID = 7031 Description = The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 1/3/2010 2:37:46 PM | Computer Name = JEFF001 | Source = Service Control Manager | ID = 7031 Description = The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 1/3/2010 2:39:45 PM | Computer Name = JEFF001 | Source = DCOM | ID = 10010 Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout. < End of report >
  13. OTL logfile created on: 1/3/2010 5:15:22 PM - Run 1 OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,021.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.80 Gb Total Space | 36.38 Gb Free Space | 25.12% Space Free | Partition Type: NTFS Drive D: | 4.23 Gb Total Space | 1.53 Gb Free Space | 36.10% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JEFF001 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2010/01/03 17:13:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2009/11/09 11:40:10 | 00,273,664 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009/11/01 03:46:30 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009/10/19 15:48:54 | 00,087,336 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/05/09 10:20:34 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe PRC - [2008/11/05 21:59:00 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/13 13:44:44 | 04,141,056 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe PRC - [2007/11/13 13:39:08 | 00,704,512 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe PRC - [2007/07/10 00:39:15 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe PRC - [2007/02/06 11:59:04 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/10/16 20:17:16 | 01,941,784 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2006/10/16 20:13:32 | 00,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2006/10/16 20:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2006/10/16 20:12:20 | 01,164,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2006/07/06 10:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006/07/06 10:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006/03/21 20:30:00 | 01,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2006/01/05 04:28:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005/12/09 21:44:40 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe PRC - [2005/06/18 17:01:42 | 00,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE PRC - [2005/01/12 06:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe PRC - [2004/04/06 15:04:38 | 00,053,248 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe PRC - [2003/10/21 12:28:10 | 00,886,272 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE PRC - [2003/10/21 11:31:44 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE PRC - [2003/10/21 11:26:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2010/01/03 17:13:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2006/01/05 04:28:00 | 01,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006/01/05 04:28:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll MOD - [2005/06/18 17:01:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/12/19 22:12:29 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/19 15:48:54 | 00,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/10/07 05:31:18 | 00,035,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state) SRV - [2009/10/07 02:44:58 | 00,752,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2009/10/07 02:44:58 | 00,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32) SRV - [2009/10/07 02:44:58 | 00,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009/03/24 07:38:08 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/08/29 04:18:40 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c8e153d3322c38) Google Update Service (gupdate1c8e153d3322c38) SRV - [2007/02/06 11:59:04 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/10/16 20:13:28 | 00,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006/07/06 10:14:30 | 00,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/01/05 04:28:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2004/04/06 15:04:38 | 00,053,248 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc) SRV - [2003/10/21 11:31:44 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS) SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - [2010/01/01 16:56:05 | 00,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor) DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP) DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/02/20 21:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/03/27 02:55:32 | 00,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2007/03/27 02:55:32 | 00,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2007/03/18 09:29:16 | 00,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2007/03/18 09:29:16 | 00,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2007/03/18 09:29:14 | 00,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2007/02/11 19:26:04 | 00,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM) DRV - [2007/02/06 11:56:21 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM) DRV - [2006/10/06 17:59:06 | 00,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2006/07/19 17:42:16 | 00,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel® DRV - [2006/01/05 04:28:00 | 03,620,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005/11/29 02:07:58 | 00,040,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IAMTXP.sys -- (IAMTXP) Driver for Intel® DRV - [2005/06/18 16:53:28 | 00,438,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2005/06/18 16:53:28 | 00,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2005/06/18 16:53:16 | 00,751,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2005/06/18 16:53:16 | 00,178,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2005/06/18 16:53:16 | 00,153,088 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2005/06/18 16:53:14 | 00,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/06/18 16:53:08 | 00,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/06/18 16:53:08 | 00,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2005/06/18 16:53:04 | 00,501,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2005/06/08 00:00:16 | 00,340,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2005/03/17 11:51:16 | 01,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/03/17 11:50:36 | 00,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2005/03/17 11:50:32 | 00,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/08/04 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/03/17 14:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530S"]http://www.gateway.com/g/startpage.html?Ch...TP&M=FX530S[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/" FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/27 21:55:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/25 12:56:20 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/02 08:21:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [2009/12/25 13:03:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [2010/01/02 08:21:18 | 00,000,000 | ---D | M] [2008/06/29 19:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010/01/01 22:27:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\353uunsr.default\extensions [2008/10/24 10:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\353uunsr.default\extensions\[email protected] [2009/12/02 12:45:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll (planetscott.ca) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html () O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries0000000001 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries0000000002 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries0000000003 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries0000000009 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [url="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/05/31 22:32:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/31 22:31:35 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: aawservice - Reg Error: Value error. SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: aawservice - Reg Error: Value error. SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {57EC5BFE-7CB7-3057-8385-C9D72918511C} - .NET Framework ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) [color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/01/03 17:13:28 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/01/03 13:53:56 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2010/01/03 13:50:40 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2010/01/03 13:48:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/01/03 13:47:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010/01/03 13:46:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/01/03 13:43:44 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010/01/03 13:43:44 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010/01/03 13:43:42 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010/01/03 13:43:41 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010/01/03 10:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer [2010/01/03 10:17:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/01/03 10:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\erunt [2010/01/03 09:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13 [2010/01/02 08:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2009/12/25 17:05:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Help [2009/12/25 16:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2009/12/25 16:31:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2009/12/25 16:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2010 [2009/12/25 16:29:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET [2009/12/25 16:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\IIS [2009/12/25 16:23:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2009/12/25 15:36:50 | 00,000,000 | ---D | C] -- C:\2852f4bb49be5243a4 [2009/12/25 15:08:26 | 00,000,000 | ---D | C] -- C:\8b7e351b8623cb5991034646 [2009/12/25 13:48:39 | 00,000,000 | ---D | C] -- C:4f5b3e7d96ff326b [2009/12/25 13:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2009/12/25 13:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.6 Beta 5 [2009/12/14 18:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/12 22:12:15 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/12/12 22:11:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2009/09/25 06:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2009/05/27 19:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/02/06 15:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/01/14 06:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2008/04/30 17:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2007/09/18 18:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/06/09 08:55:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2007/02/12 05:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera [2007/02/10 19:26:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2007/02/06 12:17:48 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2006/05/31 22:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2006/05/31 22:32:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#E56717"]========== Files - Modified Within 30 Days ==========[/color] [2010/01/03 17:13:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/01/03 16:51:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/01/03 16:12:23 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/01/03 14:31:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/01/03 13:52:27 | 00,043,805 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/01/03 13:51:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/03 13:51:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/01/03 13:51:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/01/03 13:51:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/01/03 13:51:20 | 00,033,671 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2010/01/03 13:51:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/03 13:50:41 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/01/03 13:50:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/03 13:50:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/03 13:50:20 | 10,704,28160 | -HS- | M] () -- C:\hiberfil.sys [2010/01/03 13:49:24 | 00,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/03 13:49:24 | 00,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/03 13:49:24 | 00,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/03 13:49:24 | 00,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/03 13:49:24 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000008-10211102}.rfx [2010/01/03 13:49:24 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010/01/03 13:49:24 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010/01/03 13:49:01 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/01/03 13:49:01 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/01/03 13:48:42 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000000-00001102-00000008-10211102}.CDF [2010/01/03 13:48:42 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000000-00001102-00000008-10211102}.BAK [2010/01/03 13:48:13 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/03 13:07:10 | 00,008,296 | ---- | M] () -- C:\WINDOWS\uedit32.INI [2010/01/03 10:18:00 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip [2010/01/03 10:15:44 | 00,513,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\erunt.zip [2010/01/03 09:55:37 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip [2010/01/02 08:21:20 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2010/01/02 08:21:10 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2010/01/02 08:20:04 | 00,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk [2010/01/01 16:56:05 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys [2010/01/01 01:00:24 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/12/29 19:43:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/25 16:10:29 | 00,583,962 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/25 16:10:29 | 00,505,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/25 16:10:29 | 00,088,392 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/25 15:29:22 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Install Microsoft Visual Web Developer 2008 Express Edition with SP1.lnk [2009/12/25 13:03:56 | 00,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 5.lnk [2009/12/19 16:57:38 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/12/17 17:29:39 | 00,001,359 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2009/12/17 17:27:24 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/12/15 01:17:12 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/12/15 01:14:39 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/14 18:21:00 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/12/12 22:11:21 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/12/12 12:05:56 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini [2009/12/12 12:04:57 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2010/01/03 10:17:59 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip [2010/01/03 10:15:44 | 00,513,320 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\erunt.zip [2010/01/03 09:55:37 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip [2009/12/26 08:47:03 | 00,199,234 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2009/12/25 15:01:33 | 00,000,938 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Install Microsoft Visual Web Developer 2008 Express Edition with SP1.lnk [2009/12/25 13:03:56 | 00,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 5.lnk [2009/12/19 22:14:24 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2009/12/19 22:14:24 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2009/12/19 22:14:24 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2009/12/19 22:14:22 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2009/12/19 16:57:38 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/12/15 01:17:12 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/12/14 18:21:00 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/12/12 22:11:21 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/12/12 12:04:57 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/12/12 11:02:59 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/19 20:43:52 | 00,185,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/06/05 02:01:06 | 09,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll [2009/06/05 02:01:06 | 00,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll [2009/06/05 02:01:06 | 00,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll [2009/06/05 02:01:06 | 00,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll [2009/05/10 11:18:42 | 00,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll [2009/05/10 11:17:16 | 00,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll [2009/05/09 14:57:14 | 00,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll [2008/10/11 19:11:58 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01 [2008/05/24 14:00:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007/11/04 07:22:53 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/09/23 12:14:47 | 00,021,365 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/03/01 17:43:56 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/02/24 10:25:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxallcnp.dll [2007/02/24 08:03:27 | 00,008,296 | ---- | C] () -- C:\WINDOWS\uedit32.INI [2007/02/11 10:18:32 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/02/10 22:33:59 | 00,000,054 | ---- | C] () -- C:\WINDOWS\me101.dll [2007/02/06 12:17:52 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2007/02/06 12:17:50 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2007/02/06 12:17:48 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2007/02/06 12:17:16 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/02/06 12:17:15 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/02/06 12:17:13 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/02/06 12:17:09 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/02/06 12:17:02 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007/02/06 11:57:25 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll [2007/02/06 11:56:51 | 00,046,593 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2007/02/06 11:56:51 | 00,000,193 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007/02/06 11:52:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/02/06 11:52:16 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2006/06/30 05:27:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/31 22:17:16 | 00,001,232 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/05/31 22:17:16 | 00,000,516 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2004/02/20 15:36:34 | 00,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\*.exe >[/color] [color="#A23BEC"]< MD5 for: AGP440.SYS >[/color] [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 08:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color="#A23BEC"]< MD5 for: ATAPI.SYS >[/color] [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 01:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups07\DriverFiles\i386\atapi.sys [color="#A23BEC"]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 21:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color="#A23BEC"]< MD5 for: IASTOR.SYS >[/color] [2006/07/06 09:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2006/07/06 08:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\I386\DRV\SCS\iastor.sys [2010/01/01 16:56:05 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys [2006/07/06 08:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\ReinstallBackups13\DriverFiles\iaStor.sys [2006/07/06 10:01:32 | 00,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [color="#A23BEC"]< MD5 for: NETLOGON.DLL >[/color] [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 21:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color="#A23BEC"]< MD5 for: SCECLI.DLL >[/color] [2004/08/04 21:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color="#A23BEC"]< %systemroot%\*. /mp /s >[/color] [color="#A23BEC"]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009/07/17 14:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\atl.dll [2009/10/29 02:45:33 | 11,069,952 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ieframe.dll [8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color="#A23BEC"]< %PROGRAMFILES%\*. >[/color] [2007/03/18 09:29:02 | 00,000,000 | ---D | M] -- C:\Program Files\Acronis [2007/02/06 11:53:54 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe [2008/02/18 08:18:41 | 00,000,000 | ---D | M] -- C:\Program Files\AIM6 [2008/02/18 08:16:36 | 00,000,000 | ---D | M] -- C:\Program Files\AOL [2007/09/04 16:40:38 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2007/03/31 22:54:55 | 00,000,000 | ---D | M] -- C:\Program Files\Azureus [2009/12/12 22:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\BFG [2008/10/11 19:11:57 | 00,000,000 | ---D | M] -- C:\Program Files\bfgclient [2009/06/09 19:35:25 | 00,000,000 | ---D | M] -- C:\Program Files\BigFix [2010/01/03 17:21:34 | 00,000,000 | ---D | M] -- C:\Program Files\BOINC [2008/05/24 14:01:11 | 00,000,000 | ---D | M] -- C:\Program Files\Canon [2007/03/08 17:58:39 | 00,000,000 | -H-D | M] -- C:\Program Files\CanonBJ [2010/01/02 08:20:06 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files [2006/05/31 22:29:18 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2007/02/06 11:35:38 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT [2007/02/11 10:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\Corel [2007/02/06 11:59:14 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink [2007/02/06 11:50:40 | 00,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader [2010/01/02 08:21:30 | 00,000,000 | ---D | M] -- C:\Program Files\DivX [2009/06/16 22:15:06 | 00,000,000 | ---D | M] -- C:\Program Files\Electricsheep Screensaver [2009/03/13 09:00:05 | 00,000,000 | ---D | M] -- C:\Program Files\Excel Join (Merge, Match) Two Tables Software [2007/04/04 20:40:30 | 00,000,000 | ---D | M] -- C:\Program Files\FastStone Image Viewer [2008/12/13 15:33:11 | 00,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) [2008/10/15 20:12:21 | 00,000,000 | ---D | M] -- C:\Program Files\FileZilla [2008/10/15 19:49:46 | 00,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client [2007/02/06 12:00:44 | 00,000,000 | ---D | M] -- C:\Program Files\Gateway [2009/02/06 17:11:24 | 00,000,000 | ---D | M] -- C:\Program Files\Google [2007/02/06 11:57:25 | 00,000,000 | ---D | M] -- C:\Program Files\gtw_logo [2007/02/10 22:33:56 | 00,000,000 | ---D | M] -- C:\Program Files\Home Plan Software [2009/12/25 16:29:12 | 00,000,000 | ---D | M] -- C:\Program Files\IIS [2007/03/18 16:01:28 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2007/02/06 11:55:33 | 00,000,000 | ---D | M] -- C:\Program Files\Intel [2010/01/03 13:50:17 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2007/03/18 16:01:28 | 00,000,000 | ---D | M] -- C:\Program Files\Ipswitch [2009/11/04 06:40:52 | 00,000,000 | ---D | M] -- C:\Program Files\Java [2009/12/12 22:11:03 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft [2007/02/06 11:56:32 | 00,000,000 | ---D | M] -- C:\Program Files\Learn2.com [2009/12/07 21:16:33 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/25 12:51:38 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee [2007/02/12 06:22:11 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com [2008/09/20 07:44:49 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger [2007/02/06 11:51:59 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync [2009/12/25 16:29:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ASP.NET [2006/05/31 22:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage [2009/12/25 17:05:39 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Help [2007/02/17 07:42:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2007 [2007/02/06 11:52:16 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2009/12/25 16:32:16 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs [2009/12/25 16:31:53 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2009/12/25 16:32:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server [2009/12/25 17:02:38 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 10.0 [2007/02/10 22:17:39 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8 [2009/12/25 16:04:03 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2008/12/13 15:33:11 | 00,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) [2009/11/19 19:57:52 | 00,000,000 | ---D | M] -- C:\Program Files\Motorola [2010/01/03 13:50:33 | 00,000,000 | ---D | M] -- C:\Program Files\Motorola Media Link [2008/09/20 07:41:45 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2009/12/25 13:00:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2009/12/25 13:03:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 3.6 Beta 5 [2009/04/07 17:52:01 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild [2006/05/31 22:28:30 | 00,000,000 | ---D | M] -- C:\Program Files\MSN [2006/05/31 22:28:46 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone [2007/02/12 21:19:19 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2007/02/06 11:53:53 | 00,000,000 | ---D | M] -- C:\Program Files\Napster [2008/09/20 07:39:26 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2007/02/06 11:42:58 | 00,000,000 | ---D | M] -- C:\Program Files\Netscape Internet Service [2006/05/31 22:28:55 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services [2007/09/15 07:30:49 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.2 [2009/11/26 09:16:33 | 00,000,000 | ---D | M] -- C:\Program Files\Opera [2009/08/13 02:02:29 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2009/10/30 16:25:23 | 00,000,000 | ---D | M] -- C:\Program Files\ProScan Client [2008/07/06 07:20:31 | 00,000,000 | ---D | M] -- C:\Program Files\Pure Networks [2007/09/04 16:41:17 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime [2007/02/11 19:25:11 | 00,000,000 | ---D | M] -- C:\Program Files\Real [2009/04/07 17:51:53 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2009/11/26 10:24:49 | 00,000,000 | ---D | M] -- C:\Program Files\Rhapsody [2008/12/13 15:33:11 | 00,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy) [2007/02/06 11:55:16 | 00,000,000 | ---D | M] -- C:\Program Files\SigmaTel [2009/12/11 14:34:45 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy [2008/12/13 15:33:11 | 00,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy) [2009/12/14 18:20:59 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro [2008/10/18 09:59:09 | 00,000,000 | ---D | M] -- C:\Program Files\UltraEdit [2009/04/07 18:10:54 | 00,000,000 | ---D | M] -- C:\Program Files\Uniblue [2006/05/31 22:36:31 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2008/07/04 14:13:45 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent [2008/02/18 08:16:35 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint [2009/02/28 11:53:15 | 00,000,000 | ---D | M] -- C:\Program Files\Visualizer Photo Resize [2007/06/09 08:44:40 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2 [2008/09/20 07:39:24 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2008/09/20 07:39:24 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT [2006/05/31 22:30:39 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2006/05/31 22:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\xerox [2007/02/10 16:15:31 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! [2007/03/03 09:20:23 | 00,000,000 | ---D | M] -- C:\Program Files\ZAR [color="#A23BEC"]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-08 21:14:24 [color="#E56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D6C864 < End of report >
  14. A little over a week ago I noticed that random web pages were popping up by themselves. This was happing in IE, FireFox and Opera. Sometimes the new page would reference a site I just opened or sometimes it was a fake newspaper article. I scanned my system with McAfee, Malwarebytes and Spybot. All reported no infections. I downloaded Ad-Aware 8.1.3 and scanned my system. It did find an object but the scan never completed. Ive not been able to get any Ad-Aware scans to complete. I think it may have something to do with whatever is on my system. Ive also notices some strange behavior if I go to site dealing with removing malware. I would often get directed somewhere else. Ive attached the GMER and HiJack this logs. Hopefully this will help someone figure out what in plaguing my system. Thanks. Jeff
  15. [quote name='swami7774' post='114643' date='Dec 21 2009, 09:10 PM']That's the problem: I can't tell. It quits before identifying what it is. The program just freezes up and I have to force-quit the thing.[/quote] I too am having this same issue. I recently started having random web pages popping up in my browser. I ran Spybot, Malwarebytes and McAfee and they all reported no problems. I ran an older version of Ad-aware and it didnt find anything either. I decided to download Ad-aware 8.1.3 and immediately started having issues. First it would take up to a minute to load. Once loaded it would find an object but would eventually just stop running(without identifying what it found). I would have to manually force the program closed. This has happened many times now. I do know that the object is in the Critical Objects section of the scan but I cant get AA to only run that section. It wants to run that AND all files which is when it usually hangs. It does get past the 'enumerating clsids' which Ive read was an issue. Is it possible that whatever object AA finds might itself be causing AA to hang? Jeff