Jump to content

bizerkly

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. bizerkly
    Awesome. Thanks! So if I have Spybot Search & Destroy and AdAware and Malwarebytes installed am I good as for virus protection? Or should I get something like McAfee? Thanks SOooooo much for all your help. Blake
  2. bizerkly
    great! It seemed to have worked. I can run malwarebytes now. Thanks so much! While I've got you on this thread, do you have suggestions for what software to have to keep this from happening again? I'm buying malwarebytes, should I get anything else? Also I dont' think I have a firewall on my computer....which one should I get? I need one, right? THanks again!
  3. bizerkly
    Scanning Report Friday, April 16, 2010 00:58:07 - 03:36:57 Computer name: PAULMCDOWELL Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- No malware found -------------------------------------------------------------------------------- Statistics Scanned: Files: 35960 System: 3012 Not scanned: 7 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\DOCUMENTS AND SETTINGS\MARGERIE\LOCAL SETTINGS\TEMP\HSPERFDATA_MARGERIE\1744 -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright
  4. bizerkly
    ComboFix Log - ComboFix 10-04-14.04 - margerie 04/15/2010 14:18:12.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.586 [GMT -4:00] Running from: c:\documents and settings\margerie\Desktop\ComboFix.exe FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\explorer(2).exe c:\windows\system32\edca.sys c:\windows\system32\ffccaceec.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_edca -------\Service_edca ((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 ))))))))))))))))))))))))))))))) . 2010-04-15 16:26 . 2010-04-15 16:26 -------- d-----w- C:\_OTL 2010-04-12 03:37 . 2010-04-12 03:37 0 ----a-w- c:\documents and settings\margerie\settings.dat 2010-04-05 23:11 . 2010-04-05 23:12 -------- d-----w- c:\windows\system32\scripting 2010-04-05 23:11 . 2010-04-05 23:11 -------- d-----w- c:\windows\l2schemas 2010-04-05 23:11 . 2010-04-05 23:11 -------- d-----w- c:\windows\system32\en 2010-04-05 23:11 . 2010-04-05 23:11 -------- d-----w- c:\windows\system32\bits 2010-04-04 04:12 . 2010-04-04 04:13 -------- d-----w- c:\documents and settings\margerie\Local Settings\Application Data\Temp 2010-04-04 04:12 . 2010-04-04 04:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-04-04 04:08 . 2010-04-04 04:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-04-04 02:40 . 2010-04-04 03:16 -------- d-----w- C:\9995b02d10423c8fe943 2010-04-04 02:16 . 2010-04-04 03:15 -------- dc-h--w- c:\windows\ie8 2010-04-04 02:07 . 2010-04-04 02:08 -------- d-----w- C:\8b3474b5a1766aedbd7d47b1 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-07 00:20 . 2006-04-13 13:56 61424 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-05 23:23 . 2005-08-17 17:20 94943 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-04 04:07 . 2006-04-13 13:41 -------- d-----w- c:\program files\Google 2010-04-04 01:40 . 2007-10-25 00:11 -------- d-----w- c:\program files\Common Files\Apple 2010-04-04 01:35 . 2007-02-23 00:09 -------- d-----w- c:\program files\DivX 2010-04-04 01:35 . 2007-03-09 05:36 -------- d-----w- c:\documents and settings\margerie\Application Data\Vso 2010-04-04 01:35 . 2007-03-09 05:36 87608 -c--a-w- c:\documents and settings\margerie\Application Data\ezpinst.exe 2010-04-04 01:35 . 2007-03-09 05:36 87608 -c--a-w- c:\documents and settings\margerie\Application Data\ezpinst.exe 2010-04-04 01:35 . 2007-03-09 05:36 47360 -c--a-w- c:\documents and settings\margerie\Application Data\pcouffin.sys 2010-04-04 01:35 . 2007-03-09 05:36 47360 -c--a-w- c:\documents and settings\margerie\Application Data\pcouffin.sys 2010-04-04 00:13 . 2006-04-13 12:47 -------- d-----w- c:\program files\HPQ 2010-04-04 00:13 . 2006-04-13 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-03 23:26 . 2007-02-23 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2010-04-03 23:08 . 2010-01-06 09:43 -------- d-----w- c:\program files\QuickTime 2010-04-03 23:06 . 2006-04-13 13:44 -------- d-----w- c:\program files\Quicken 2010-03-11 12:38 . 2004-08-10 15:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2009-02-09 07:09 78336 ------w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2004-08-10 15:00 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2004-08-10 15:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2004-08-10 15:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 13:10 . 2004-08-10 15:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-10 15:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-10 15:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 15:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-05 03:08 . 2010-01-07 19:22 119312 ----a-w- c:\program files\mozilla firefox\components\cdecbbcccebbf.dll 2006-09-19 07:47 . 2006-09-19 07:47 22 -csha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-11 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/21/2007 11:33 PM 24652] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2010 12:07 AM 135664] S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [12/27/2008 1:45 AM 29824] S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [12/27/2008 1:45 AM 41344] S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [12/27/2008 1:45 AM 39936] S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [12/27/2008 1:45 AM 59776] . Contents of the 'Scheduled Tasks' folder 2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 04:07] 2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 04:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\margerie\Application Data\Mozilla\Firefox\Profiles\ga3v3v3w.default\ FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\ApcMain.exe HKCU-Run-PC SpeedScan Pro - c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe SafeBoot-klmdb.sys AddRemove-InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79} - c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe AddRemove-InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} - c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-15 14:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(888) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2728) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\dllhost.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\eHome\ehmsas.exe c:\progra~1\hpq\Shared\HPQTOA~1.EXE . ************************************************************************** . Completion time: 2010-04-15 14:44:29 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-15 18:44 Pre-Run: 15,222,595,584 bytes free Post-Run: 15,098,257,408 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 3A29811732DEA6DEB97020FD3CDADC68 THANKS!
  5. bizerkly
    Ok. Here is the OTL Moved Files report - All processes killed ========== OTL ========== No active process named ave.exe was found! Error: Unable to stop service edca! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\edca deleted successfully. File move failed. C:\WINDOWS\system32\edca.sys scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A77D3539-581D-450C-9E44-A84C415A6172}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlphaAV deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AlphaAV deleted successfully. ========== FILES ========== File\Folder C:\Program Files\AlphaAV not found. C:\WINDOWS\System32\dllcache\SET28.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET29.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET2A.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET2B.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET2C.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET2D.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET2E.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET2F.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET30.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET31.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET32.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET33.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET34.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET35.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET36.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET37.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET38.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET39.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET3A.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET3B.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET3C.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET3D.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET3E.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET3F.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET40.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET41.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET42.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET43.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET44.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET45.tmp moved successfully. C:\WINDOWS\System32\dllcache\SET46.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETAA.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETAB.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETAC.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETAD.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETAE.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETAF.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB0.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB1.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB2.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB3.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB4.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB5.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB6.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB7.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB8.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETB9.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETBA.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETBB.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETBC.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETBD.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETBE.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETBF.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC0.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC1.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC2.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC3.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC4.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC5.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC6.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC7.tmp moved successfully. C:\WINDOWS\System32\dllcache\SETC8.tmp moved successfully. C:\WINDOWS\System32\41-v5.exe.tmp moved successfully. C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\System32\msnaoladdon.dll.tmp moved successfully. C:\WINDOWS\System32\drivers\tsk4.tmp moved successfully. C:\WINDOWS\003117_.tmp moved successfully. C:\Documents and Settings\margerie\My Documents\~WRL0002.tmp moved successfully. C:\Documents and Settings\All Users\Application Data\8s32 moved successfully. C:\Documents and Settings\margerie\Local Settings\Application Data\8s32 moved successfully. File\Folder C:\Documents and Settings\margerie\Local Settings\Application Data\ave.exe not found. File move failed. C:\WINDOWS\System32\edca.sys scheduled to be moved on reboot. File move failed. C:\WINDOWS\System32\ffccaceec.dll scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 23902747 bytes User: margerie ->Temp folder emptied: 166422520 bytes ->Temporary Internet Files folder emptied: 419538881 bytes ->Java cache emptied: 741674 bytes ->FireFox cache emptied: 28282369 bytes ->Flash cache emptied: 12194 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 94186795 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18316908 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 205813 bytes RecycleBin emptied: 284915 bytes Total Files Cleaned = 717.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.1.1 log created on 04152010_122624 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\edca.sys scheduled to be moved on reboot. File move failed. C:\WINDOWS\System32\ffccaceec.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... Thanks!
  6. bizerkly
    Ok. Here it is. Extras.txt - OTL Extras logfile created on: 4/13/2010 1:39:28 PM - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\margerie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 57.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 60.79 Gb Total Space | 13.69 Gb Free Space | 22.52% Space Free | Partition Type: NTFS Drive D: | 12.71 Gb Total Space | 0.77 Gb Free Space | 6.06% Space Free | Partition Type: FAT32 Drive E: | 253.72 Mb Total Space | 234.92 Mb Free Space | 92.59% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-727A0A4E7C Current User Name: margerie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" = C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found "C:\Program Files\Common Files\AOL\1157628867\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1157628867\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found "C:\Program Files\Common Files\AOL\1157628867\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1157628867\ee\aim6.exe:*:Enabled:AIM -- File not found "C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- File not found "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" = C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- File not found "C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- File not found "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1 "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0 "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025 "{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder "{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1 "{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" = "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder "{BB05BD70-4605-4829-93FC-AD80D8CC5B66}" = Performance Center "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update "{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C85C2248-CF17-441F-972B-428F8AC37087}" = PC SpeedScan Pro "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1 "{D1357DFC-662B-4D5D-A650-63523A41D2FD}" = PC ScanAndSweep "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "CNXT_AUDIO" = Conexant AC-Link Audio "CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP "HP Rhapsody" = HP Rhapsody "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "LG USB Drivers" = LG USB Drivers "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SynTPDeinstKey" = Synaptics Pointing Device Driver "Viewpoint Manager" = Viewpoint Manager (Remove Only) "Viewpoint Toolbar" = Viewpoint Toolbar "ViewpointMediaPlayer" = Viewpoint Media Player "VZAccess Manager" = VZAccess Manager "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/5/2010 3:38:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 4/5/2010 3:38:29 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00fdf7a0. Error - 4/5/2010 4:19:05 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20 Description = Error - 4/5/2010 5:19:05 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20 Description = Error - 4/5/2010 8:58:15 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/5/2010 8:58:20 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/5/2010 8:58:20 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/5/2010 8:58:24 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/6/2010 8:22:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002 Description = Hanging application ave.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/13/2010 1:48:00 AM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002 Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 4/11/2010 11:04:03 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Cdrom eabfiltr Fips Imapi IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss redbook Tcpip Error - 4/11/2010 11:04:24 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 4/11/2010 11:04:47 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 4/11/2010 11:05:02 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 4/11/2010 11:34:28 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 4/11/2010 11:37:30 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 4/12/2010 12:32:04 AM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the OfficeScan NT Listener service to connect. Error - 4/12/2010 12:32:04 AM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000 Description = The OfficeScan NT Listener service failed to start due to the following error: %%1053 Error - 4/12/2010 3:58:54 PM | Computer Name = YOUR-727A0A4E7C | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A5BA501B. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 4/13/2010 7:07:36 AM | Computer Name = YOUR-727A0A4E7C | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A5BA501B. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. < End of report > And OTL.txt - OTL logfile created on: 4/13/2010 1:39:28 PM - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\margerie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 57.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 60.79 Gb Total Space | 13.69 Gb Free Space | 22.52% Space Free | Partition Type: NTFS Drive D: | 12.71 Gb Total Space | 0.77 Gb Free Space | 6.06% Space Free | Partition Type: FAT32 Drive E: | 253.72 Mb Total Space | 234.92 Mb Free Space | 92.59% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-727A0A4E7C Current User Name: margerie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/13 13:34:20 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\margerie\Desktop\OTL.exe PRC - [2010/04/04 00:05:55 | 000,201,216 | -HS- | M] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\ave.exe PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/25 01:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe PRC - [2007/09/11 18:54:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2005/12/22 11:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe PRC - [2005/12/08 16:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe ========== Modules (SafeList) ========== MOD - [2010/04/13 13:34:20 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\margerie\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (stllssvr) SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9) SRV - File not found [Auto | Stopped] -- -- (Roxio Upnp Server 9) SRV - File not found [On_Demand | Stopped] -- -- (Roxio UPnP Renderer 9) SRV - File not found [On_Demand | Stopped] -- -- (IDriverT) SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2007/05/08 00:45:24 | 000,796,280 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBAAPL) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra) DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tifm21) DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx) DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810) DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3) DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u) DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GEARAspiWDM) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray) DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint) DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx) DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x) DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m) DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/04/03 21:56:11 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\edca.sys -- (edca) DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD) DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP) DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP) DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup) DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem) DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched) DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394) DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394) DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint) DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394) DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci) DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan) DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb) DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic) DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy) DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk) DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde) DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi) DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc) DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk) DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/13 14:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus) DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia) DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008/04/13 14:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2008/04/13 14:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt) DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips) DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor) DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2008/03/11 18:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN) DRV - [2008/03/11 18:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp) DRV - [2008/03/11 18:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm) DRV - [2008/03/11 18:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus) DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/03/09 01:36:23 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin) DRV - [2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb) DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd) DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf) DRV - [2006/07/24 04:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005/09/27 23:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005/08/02 06:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA) DRV - [2005/08/02 05:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD) DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2005/06/19 16:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2005/05/05 13:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2005/05/05 13:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004/08/10 14:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV) DRV - [2004/08/10 11:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk) DRV - [2004/08/10 11:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2004/08/10 11:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2004/08/10 11:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio) DRV - [2004/08/10 11:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/10 11:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) DRV - [2004/08/10 11:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004/08/10 11:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt) DRV - [2004/08/10 11:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC) DRV - [2004/08/10 11:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd) DRV - [2004/08/10 11:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/10 11:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload) DRV - [2004/08/10 11:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD) DRV - [2004/08/10 11:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd) DRV - [2004/08/10 11:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep) DRV - [2004/08/10 11:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null) DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2004/03/17 00:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/18 00:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde) DRV - [2001/08/17 17:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub) DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/04 23:08:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 05:52:33 | 000,000,000 | ---D | M] [2009/10/02 14:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\margerie\Application Data\Mozilla\Extensions [2009/10/02 14:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\margerie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/10/02 14:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\margerie\Application Data\Mozilla\Firefox\Profiles\ga3v3v3w.default\extensions [2009/10/21 04:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/10/02 14:20:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/21 04:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2009/08/24 16:15:25 | 000,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/08/24 16:15:26 | 000,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/02/04 23:08:39 | 000,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\cdecbbcccebbf.dll [2009/08/24 16:15:27 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/01/06 05:52:29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/01/06 05:52:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/01/06 05:52:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/01/06 05:52:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/01/06 05:52:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/01/06 05:52:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/01/06 05:52:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/08/24 14:45:46 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/08/24 14:45:46 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/08/24 14:45:46 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/08/24 14:45:46 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/08/24 14:45:46 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/08/24 14:45:46 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/08/24 14:45:46 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2004/08/10 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation) O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AlphaAV] C:\Program Files\AlphaAV\AlphaAV.exe File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKCU..\Run: [AlphaAV] C:\Program Files\AlphaAV\alpha.exe File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe File not found O4 - HKCU..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1156985549216 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ffccaceec: DllName - C:\WINDOWS\system32\ffccaceec.dll - C:\WINDOWS\system32\ffccaceec.dll () O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\margerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\margerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010/04/05 14:56:52 | 000,000,000 | -H-- | M] () - E:\autorun.inf -- [ FAT ] O33 - MountPoints2\{dfdd9f23-38c0-11db-a4a9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{dfdd9f23-38c0-11db-a4a9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dfdd9f23-38c0-11db-a4a9-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/13 07:38:43 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 30 Days ========== [2010/04/13 13:37:20 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\margerie\Desktop\OTL.exe [2010/04/13 02:04:30 | 004,875,560 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\margerie\Desktop\mbam-rules.exe [2010/04/12 00:40:21 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\margerie\Desktop\RootRepeal.exe [2010/04/06 22:44:25 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\margerie\Desktop\mbam-setup.exe [2010/04/05 20:47:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010/04/05 19:11:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2010/04/05 19:11:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010/04/05 19:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2010/04/05 19:11:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010/04/05 18:29:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010/04/05 16:30:22 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\margerie\Desktop\HJTInstall.exe [2010/04/05 14:57:00 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\margerie\Desktop\TDSSKiller.exe [2010/04/04 00:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\margerie\Local Settings\Application Data\Temp [2010/04/04 00:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/04/04 00:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/04/03 22:40:28 | 000,000,000 | ---D | C] -- C:\9995b02d10423c8fe943 [2010/04/03 22:16:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/04/03 22:07:42 | 000,000,000 | ---D | C] -- C:\8b3474b5a1766aedbd7d47b1 [2007/12/06 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/06/11 15:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2007/04/06 00:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint [2007/03/09 01:36:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\margerie\Application Data\pcouffin.sys [2007/02/22 20:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio [2006/04/13 08:43:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2006/04/13 08:43:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2006/04/13 08:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [62 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\margerie\My Documents\*.tmp files -> C:\Documents and Settings\margerie\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/04/13 13:34:20 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\margerie\Desktop\OTL.exe [2010/04/13 13:23:47 | 000,015,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8s32 [2010/04/13 13:23:46 | 000,015,492 | -HS- | M] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\8s32 [2010/04/13 13:19:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/04/13 02:01:40 | 004,875,560 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\margerie\Desktop\mbam-rules.exe [2010/04/13 00:19:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/04/12 00:40:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\margerie\Desktop\settings.dat [2010/04/12 00:30:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/12 00:29:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/12 00:29:19 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys [2010/04/11 23:37:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\margerie\settings.dat [2010/04/11 23:00:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\margerie\ntuser.ini [2010/04/11 23:00:18 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\margerie\NTUSER.DAT [2010/04/11 23:00:09 | 005,885,242 | -H-- | M] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\IconCache.db [2010/04/11 22:55:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/06 20:13:11 | 000,001,789 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/06 18:26:22 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\margerie\Desktop\mbam-setup.exe [2010/04/05 21:26:06 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/05 21:26:06 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/05 21:26:03 | 000,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/05 21:17:34 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/05 21:04:26 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\margerie\Desktop\fix.inf [2010/04/05 21:03:40 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\margerie\Desktop\fix.reg [2010/04/05 19:57:08 | 002,430,631 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2010/04/05 18:44:48 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/04/05 16:40:30 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\margerie\Desktop\exefix.reg [2010/04/05 16:21:50 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\margerie\Desktop\HJTInstall.exe [2010/04/04 10:22:00 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\margerie\Desktop\FixExe.reg [2010/04/04 00:36:51 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010/04/04 00:05:55 | 000,201,216 | -HS- | M] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\ave.exe [2010/04/03 21:56:11 | 000,074,752 | ---- | M] () -- C:\WINDOWS\System32\edca.sys [2010/04/03 21:35:10 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\margerie\Application Data\ezpinst.exe [2010/04/03 21:35:10 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\margerie\Application Data\pcouffin.sys [2010/04/03 21:35:10 | 000,007,824 | ---- | M] () -- C:\Documents and Settings\margerie\Application Data\pcouffin.cat [2010/04/03 21:35:10 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\margerie\Application Data\pcouffin.inf [2010/04/03 19:06:34 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2010/04/03 18:04:42 | 000,001,136 | -HS- | M] () -- C:\hpqp.ini [2010/04/03 18:03:44 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini [2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\margerie\Desktop\TDSSKiller.exe [62 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\margerie\My Documents\*.tmp files -> C:\Documents and Settings\margerie\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/13 01:47:06 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\margerie\Desktop\gmer.exe [2010/04/12 00:40:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\margerie\Desktop\settings.dat [2010/04/12 00:29:19 | 1071,894,528 | -HS- | C] () -- C:\hiberfil.sys [2010/04/11 23:37:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\margerie\settings.dat [2010/04/05 21:13:57 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\margerie\Desktop\fix.reg [2010/04/05 21:13:56 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\margerie\Desktop\fix.inf [2010/04/05 16:42:44 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\margerie\Desktop\exefix.reg [2010/04/04 10:29:06 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\margerie\Desktop\FixExe.reg [2010/04/04 06:02:17 | 000,015,492 | -HS- | C] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\8s32 [2010/04/04 06:02:17 | 000,015,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8s32 [2010/04/04 00:36:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/04/04 00:07:55 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/04/04 00:07:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/04/04 00:05:55 | 000,201,216 | -HS- | C] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\ave.exe [2010/04/03 21:56:11 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\edca.sys [2009/11/11 10:22:58 | 000,276,992 | ---- | C] () -- C:\WINDOWS\System32\ffccaceec.dll [2009/02/25 07:02:01 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2007/03/09 01:36:41 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\margerie\Application Data\pcouffin.log [2007/03/09 01:36:23 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\margerie\Application Data\ezpinst.exe [2007/03/09 01:36:23 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\margerie\Application Data\pcouffin.cat [2007/03/09 01:36:23 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\margerie\Application Data\pcouffin.inf [2007/03/08 03:26:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2007/02/23 00:21:25 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\margerie\Application Data\DMX.bmk [2007/02/22 23:30:10 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2007/02/22 21:03:21 | 001,954,092 | ---- | C] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\rx_image.Cache [2007/02/22 20:25:46 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt [2006/11/17 11:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll [2006/10/04 21:09:22 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/09/07 15:04:18 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/09/07 07:31:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/09/05 16:36:00 | 000,012,902 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2006/08/31 03:43:01 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\margerie\Local Settings\Application Data\fusioncache.dat [2006/08/31 03:42:58 | 004,194,304 | ---- | C] () -- C:\Documents and Settings\margerie\NTUSER.DAT [2006/08/31 03:42:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\margerie\ntuser.dat.LOG [2006/08/31 03:42:58 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\margerie\ntuser.ini [2006/08/31 03:41:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2006/08/30 20:54:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/08/16 14:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/04/13 09:44:10 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/04/13 09:42:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2006/04/13 09:25:04 | 000,000,716 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/04/13 08:59:36 | 000,002,405 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2005/08/17 13:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/17 13:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007/05/26 04:06:21 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.bak [2007/05/26 04:06:21 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf [2007/05/26 04:06:21 | 000,000,424 | ---- | M] () -- C:\albumImagesTable.bak [2007/05/26 04:06:21 | 000,007,680 | ---- | M] () -- C:\albumImagesTable.cdx [2007/05/26 04:06:21 | 000,000,424 | ---- | M] () -- C:\albumImagesTable.dbf [2007/05/26 04:06:21 | 000,000,584 | ---- | M] () -- C:\albumTable.bak [2007/05/26 04:06:21 | 000,004,608 | ---- | M] () -- C:\albumTable.cdx [2007/05/26 04:06:21 | 000,000,584 | ---- | M] () -- C:\albumTable.dbf [2006/08/31 03:41:41 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2007/02/22 20:54:49 | 001,048,576 | -H-- | M] () -- C:\cache.dmx [2007/05/26 04:06:21 | 000,000,000 | ---- | M] () -- C:\CB_Server_Errors.txt [2007/02/20 17:38:51 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT [2007/05/26 04:06:21 | 000,000,488 | ---- | M] () -- C:\EXIFTable.bak [2007/05/26 04:06:21 | 000,003,072 | ---- | M] () -- C:\EXIFTable.cdx [2007/05/26 04:06:21 | 000,000,488 | ---- | M] () -- C:\EXIFTable.dbf [2010/04/12 00:29:19 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys [2010/04/03 18:04:42 | 000,001,136 | -HS- | M] () -- C:\hpqp.ini [2007/05/26 04:06:21 | 000,000,936 | ---- | M] () -- C:\imageTable.bak [2007/05/26 04:06:21 | 000,009,216 | ---- | M] () -- C:\imageTable.cdx [2007/05/26 04:06:21 | 000,000,936 | ---- | M] () -- C:\imageTable.dbf [2007/05/26 04:06:21 | 000,000,512 | ---- | M] () -- C:\imageTable.fpk [2007/05/26 04:06:21 | 000,000,512 | ---- | M] () -- C:\imageTable.fpt [2007/03/12 11:20:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/08/31 16:20:39 | 000,002,812 | -H-- | M] () -- C:\IPH.PH [2007/05/26 04:06:21 | 000,000,360 | ---- | M] () -- C:\keywordImagesTable.bak [2007/05/26 04:06:21 | 000,006,144 | ---- | M] () -- C:\keywordImagesTable.cdx [2007/05/26 04:06:21 | 000,000,360 | ---- | M] () -- C:\keywordImagesTable.dbf [2007/05/26 04:06:21 | 000,000,456 | ---- | M] () -- C:\keywordTable.bak [2007/05/26 04:06:21 | 000,004,608 | ---- | M] () -- C:\keywordTable.cdx [2007/05/26 04:06:21 | 000,000,456 | ---- | M] () -- C:\keywordTable.dbf [2007/05/26 04:06:21 | 000,000,360 | ---- | M] () -- C:\managedFolderTable.bak [2007/05/26 04:06:21 | 000,000,360 | ---- | M] () -- C:\managedFolderTable.dbf [2007/03/12 11:20:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/10 11:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com [2010/04/05 18:44:48 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/04/12 00:28:42 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007/05/26 04:06:21 | 000,000,424 | ---- | M] () -- C:\pathnameTable.bak [2007/05/26 04:06:21 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx [2007/05/26 04:06:21 | 000,000,424 | ---- | M] () -- C:\pathnameTable.dbf [2007/05/26 04:06:21 | 000,000,456 | ---- | M] () -- C:\propertiesTable.bak [2007/05/26 04:06:21 | 000,003,072 | ---- | M] () -- C:\propertiesTable.cdx [2007/05/26 04:06:21 | 000,000,456 | ---- | M] () -- C:\propertiesTable.dbf [2007/05/26 04:06:21 | 000,000,360 | ---- | M] () -- C:\ROFImagesTable.bak [2007/05/26 04:06:21 | 000,006,144 | ---- | M] () -- C:\ROFImagesTable.cdx [2007/05/26 04:06:21 | 000,000,360 | ---- | M] () -- C:\ROFImagesTable.dbf [2007/05/26 04:06:21 | 000,000,392 | ---- | M] () -- C:\ROFTable.bak [2007/05/26 04:06:21 | 000,003,072 | ---- | M] () -- C:\ROFTable.cdx [2007/05/26 04:06:21 | 000,000,392 | ---- | M] () -- C:\ROFTable.dbf [2010/04/12 00:07:14 | 000,000,950 | ---- | M] () -- C:\RootRepeal report 04-12-10 (00-07-14).txt [2010/04/12 01:09:37 | 000,001,072 | ---- | M] () -- C:\RootRepeal report 04-12-10 (01-09-37).txt [2010/04/05 14:59:04 | 000,030,290 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_05.04.2010_14.57.47_log.txt [2010/04/05 16:00:21 | 000,022,754 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_05.04.2010_15.59.36_log.txt [2010/04/05 16:06:04 | 000,019,476 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_05.04.2010_16.06.03_log.txt [2010/04/05 16:49:19 | 000,019,476 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_05.04.2010_16.49.17_log.txt [2010/04/05 20:51:32 | 000,019,476 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_05.04.2010_20.51.27_log.txt [2010/04/06 20:14:37 | 000,019,476 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_06.04.2010_20.14.36_log.txt [2010/04/12 01:22:58 | 000,019,476 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_12.04.2010_01.22.55_log.txt [2008/08/14 21:55:40 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini [2010/04/03 18:03:44 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini < MD5 for: AGP440.SYS > [2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004/08/10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010/04/05 18:29:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010/04/05 18:29:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2010/04/05 18:29:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004/08/10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010/04/05 18:29:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010/04/05 18:29:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2010/04/05 18:29:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2010/04/05 16:01:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EDCA.SYS > [2010/04/03 21:56:11 | 000,074,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\edca.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/10 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004/08/10 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/10 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2005/08/17 05:43:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005/08/17 05:43:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav < %systemroot%\system32\*.dll /lockedfiles > [2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [2009/11/11 10:22:58 | 000,276,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ffccaceec.dll [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < End of report > As for what is wrong, when I try to install mbam-setup a pop up window comes up asking me language I want to use. I choose English and then nothing happens, nothing at all. I've done this in regular and safe mode. I've renamed mbam-setup and I've changed the file extension from .exe Nothing works. I can't install HJTInstall.exe either. I've added.fix.reg to my registries - it doesn't help. Any advice? I'm trying to get rid of XP Antimalware and then probably some other crap lurking around. But I need get rid of this one first, I think. Oh, I've also run TDSSKiller.exe which did find some stuff and remove it, but now it just says their is nothing for it to remove. Thanks!
  7. bizerkly
    Here is the text from my ROOTREPEAL Report. I followed the directions from here - http://forums.malwarebytes.org/index.php?showtopic=12709 But something doesn't seem right. Bizerkly ROOTREPEAL
  8. bizerkly
    Here is the report from GMER - GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-13 11:23:15 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\margerie\LOCALS~1\Temp\agtyqfow.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\edca.sys The process cannot access the file because it is being used by another process. ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp edca.sys ---- EOF - GMER 1.0.15 ----
  9. bizerkly
    Here is the text from my ROOTREPEAL Report. I followed the directions from here - http://forums.malwarebytes.org/index.php?showtopic=12709 But something doesn't seem right. Bizerkly ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/04/12 00:57 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: d:\system volume information\_restore{bfaa719b-281f-45b6-9e39-9d4bb578c2a4}\rp315\change.log.3 Status: Allocation size mismatch (API: 32768, Raw: 20480) ==EOF==
  10. bizerkly
    Fair enough. But, I can't even get mbam-setup to install and I'm just wondering if anyone else had this problem and found a solution. bizerkly
  11. bizerkly
    When I try to install mbam-setup a pop up window comes up asking me language I want to use. I choose English and then nothing happens, nothing at all. I've done this in regular and safe mode. I've renamed mbam-setup and I've changed the file extension from .exe Nothing works. I can't install HJTInstall.exe either. I've added.fix.reg to my registries - it doesn't help. Any advice? I'm trying to get rid of XP Antimalware and then probably some other crap lurking around. But I need get rid of this one first, I think. Oh, I've also run TDSSKiller.exe which did find some stuff and remove it, but now it just says their is nothing for it to remove. Help!!!! bizerkly
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.