Can't run any exe files or "RUN" or regedit in infected acnt

astro3ron · June 27, 2010

Was logged in to an admin account and was infected by Rogue.DefenseCenter (Trojan.FakeAV!gen31) and Worm.Prolaco.M Also discovered that I couldn't run TaskManager or ANY other exe file, nor could I run any command from the "Start/Run", cmd, msconfig etc....

I let MBAM complete and rebooted into the infected account and ran gpedit.msc to change setting to allow me to run Task Manager. Limited apps were running!

However I could log into other accounts, limited and admin prevs and could run those apps denied me in the infected account. Now if logged into the previous infected account, when I try to execute ANY file with exe type, I get the Windows pop up screen asking me which application to use.... even when I type CMD in the "RUN" window this happens. Can't run msconfig nor regedit.

Norton AV ran and caught and removed the Trojan.FakeAV!gen31

At the time of infection, I ran MBAM in the infected account and got the following response. Subsequent running of MBAM showed no other trojan or virus. Also have HijackThis file

MBAM info

Memory Processes Infected:

C:\Documents and Settings\adminron\Application Data\SystemProc\lsass.exe (Worm.Prolaco) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Worm.Prolaco) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\adminron\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\adminron\Application Data\SystemProc\lsass.exe (Worm.Prolaco) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3242676782-1459987966-1782763977-1010\Dc68.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3242676782-1459987966-1782763977-1010\Dc69.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3242676782-1459987966-1782763977-1010\Dc52\loadx1[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.

mbam_log_2010_06_26__11_51_29_.txt

jwang01 · June 27, 2010

Hello astro3ron and welcome to the forums.

I am jwang01 and I will be assisting you with your issue.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

Let's see whats going on here.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scan box paste this in
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

astro3ron · June 27, 2010

Hello astro3ron and welcome to the forums.
I am jwang01 and I will be assisting you with your issue.
When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.
Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.
Let's see whats going on here.
Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scan box paste this in
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

jwang01,

I'm including the two files requested, otl.txt and extras.txt. I ran otl in an admin account (Fulladmin) that allows me to run exe files and all the other apps I used to run in the bad account, adminron , where I got infected. I also ran otl in the infected account, adminron, and an otl.txt file was generated but no file extras.txt was generated, I suspect due to the .exe issue. However, I generated a diff file on the otl.txt files using Beyond Comapre 2, which I can include as an attachment later if you'd like. Although I suspect you have diff tools as well. Is it easier to upload these as attachments, or just inline copy?

I'll send two parts, Part 1 contains OTL.txt and extras.txt file run out of the good account. Then I'll send the bad otl.txt file in part 2

OTL.txt file run out of the good account, Fulladmin:

OTL.txt

OTL logfile created on: 6/27/2010 11:38:48 AM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\adminfull\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 572.00 Mb Available Physical Memory | 56.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 73.84 Gb Total Space | 19.59 Gb Free Space | 26.53% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 75.17 Gb Total Space | 67.18 Gb Free Space | 89.37% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RON3000

Current User Name: adminfull

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\adminfull\Desktop\OTL.com (OldTimer Tools)

PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision)

PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\Program Files\ISS\BlackICE\blackice.exe (Internet Security Systems, Inc.)

PRC - C:\Program Files\ISS\BlackICE\Vpatch.exe (Internet Security Systems, Inc.)

PRC - C:\Program Files\ISS\BlackICE\RapApp.exe (Internet Security Systems, Inc.)

PRC - C:\Program Files\ISS\BlackICE\blackd.exe (Internet Security Systems, Inc.)

PRC - C:\Program Files\cisco systems\vpn client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\WINDOWS\SYSTEM32\ntvdm.exe (Microsoft Corporation)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)

PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Conversions Plus\FormatM.exe (DataViz Inc.)

PRC - C:\Program Files\WinPoET Broadband Connection\WROS.exe (iVasion, a Routerware Company)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\adminfull\Desktop\OTL.com (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (vsmon) -- File not found

SRV - (VPatch) -- File not found

SRV - (RapApp) -- File not found

SRV - (Iomega Activity Disk2) -- File not found

SRV - (BlackICE) -- File not found

SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (GhostStartService) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Symantec Corporation)

SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)

SRV - (Pml Driver HPH11) -- C:\WINDOWS\SYSTEM32\hphipm11.exe (HP)

SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)

SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)

SRV - (MacFormatService) -- C:\Program Files\Conversions Plus\FORMATM.EXE (DataViz Inc.)

SRV - (WinPPPoverEthernet) -- C:\Program Files\WinPoET Broadband Connection\WROS.exe (iVasion, a Routerware Company)

========== Driver Services (SafeList) ==========

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100626.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100626.002\NAVENG.SYS (Symantec Corporation)

DRV - (CdaC15BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaC15BA.SYS ()

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (BLACK) -- C:\WINDOWS\SYSTEM32\DRIVERS\Blackcat.sys (Internet Security Systems, Inc.)

DRV - (MakoNT) -- C:\WINDOWS\system32\drivers\MakoNT.sys (Internet Security Systems, Inc.)

DRV - (rap) -- C:\WINDOWS\SYSTEM32\DRIVERS\RapDrv.sys (Internet Security Systems, Inc.)

DRV - (CVPNDRVA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (CVirtA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)

DRV - (MxlW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys (MusicMatch, Inc.)

DRV - (DNE) -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)

DRV - (AFS2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS (Oak Technology Inc.)

DRV - (MXOPSWD) -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys (Maxtor Corp.)

DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)

DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)

DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)

DRV - (GhPciScan) -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys (Symantec Corporation)

DRV - (Aspi32) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)

DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\SYSTEM32\DRIVERS\MXOFX.SYS (Cypress Semiconductor)

DRV - (MaxtorFrontPanel1) -- C:\WINDOWS\SYSTEM32\DRIVERS\mxofwfp.sys (Maxtor Corp.)

DRV - (RapNet) -- C:\WINDOWS\SYSTEM32\DRIVERS\RapNet.sys (Internet Security Systems, Inc.)

DRV - (RapFile) -- C:\WINDOWS\SYSTEM32\DRIVERS\RapFile.sys (Internet Security Systems, Inc.)

DRV - (Dot4 HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid411.sys (HP)

DRV - (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k11.sys (Hewlett-Packard)

DRV - (Dot4Usb HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphius11.sys (HP)

DRV - (Dot4Print HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr11.sys (HP)

DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)

DRV - (PQNTDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\PQNTDRV.sys (PowerQuest Corporation)

DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)

DRV - (MacOpen) -- C:\WINDOWS\SYSTEM32\DRIVERS\MacOpen.sys (DataViz Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)

DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

DRV - (EL90X) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS (3Com Corporation)

DRV - (WrKPoET2000) -- C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/08 23:56:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 14:38:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 14:38:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/26 06:36:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/08 22:18:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.01\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/06/16 19:36:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.01\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/19 20:19:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/06/16 19:36:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/19 20:19:55 | 000,000,000 | ---D | M]

[2010/06/26 11:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/26 21:50:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe (HP)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [MacLicense] C:\Program Files\Conversions Plus\MacLic.exe (DataViz Inc.)

O4 - HKLM..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe (Sunbelt Software)

O4 - HKLM..\Run: [Vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - Startup: C:\Documents and Settings\adminfull\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk = File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\Program Files\cisco systems\vpn client\vpngui.exe (Cisco Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\ISS\BlackICE\IBE\ICELSP_8.0.675.0.dll (Internet Security Systems, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\ISS\BlackICE\IBE\ICELSP_8.0.675.0.dll (Internet Security Systems, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\ISS\BlackICE\IBE\ICELSP_8.0.675.0.dll (Internet Security Systems, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\ISS\BlackICE\IBE\ICELSP_8.0.675.0.dll (Internet Security Systems, Inc.)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcenter.samsung.com/content/...trolLite_EN.cab (DjVuCtl Class)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1261437161937 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1261437142515 (MUWebControl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8046.9385069444 (Reg Error: Key error.)

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls.../20/SassCln.CAB (SassCln Object)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.0_01)

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_02)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)

O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 12:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2004/05/28 19:55:33 | 000,000,177 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/02/20 22:20:14 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: Ip6FwHlp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/27 11:33:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adminfull\Desktop\OTL.com

[2010/06/26 21:49:17 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2010/06/26 21:47:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP

[2010/06/26 21:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/06/26 21:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/06/26 18:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adminfull\My Documents\CoffeeCup Software

[2010/06/26 18:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adminfull\Application Data\CoffeeCup Software

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/27 11:33:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adminfull\Desktop\OTL.com

[2010/06/27 11:08:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/27 10:29:17 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\adminfull\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk

[2010/06/27 05:10:56 | 015,487,048 | ---- | M] () -- C:\Dir0627-0500.lis

[2010/06/26 23:09:03 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\adminfull\NTUSER.DAT

[2010/06/26 21:49:41 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\adminfull\Desktop\SpyHunter.lnk

[2010/06/26 21:37:22 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\adminfull\Application Data\wklnhst.dat

[2010/06/26 19:57:59 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/06/26 18:10:28 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc

[2010/06/26 18:08:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/26 16:24:36 | 000,520,570 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/26 16:24:36 | 000,440,488 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2010/06/26 16:24:36 | 000,070,588 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2010/06/26 16:19:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/26 16:19:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/06/26 16:19:34 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/26 16:18:44 | 000,056,836 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2010/06/26 15:57:31 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\adminfull\ntuser.pol

[2010/06/26 15:51:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\adminfull\NTUSER.INI

[2010/06/23 20:07:14 | 000,007,113 | ---- | M] () -- C:\WINDOWS\GWSPRO.INI

[2010/06/14 18:05:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/10 11:09:25 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\wininet_dll.iss

[2010/06/10 11:09:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss

[2010/06/10 11:09:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\url_dll.iss

[2010/06/10 11:07:17 | 000,762,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/10 10:53:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/06 19:02:55 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\MSCOMM32.oca

[2010/06/06 19:02:54 | 000,000,059 | ---- | M] () -- C:\WINDOWS\VBADDIN.INI

[2010/06/01 19:59:12 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/27 10:29:16 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\adminfull\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk

[2010/06/27 05:08:24 | 015,487,048 | ---- | C] () -- C:\Dir0627-0500.lis

[2010/06/27 05:03:35 | 000,000,545 | ---- | C] () -- C:\WINDOWS\TXTPAD.PIF

[2010/06/26 21:49:41 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\adminfull\Desktop\SpyHunter.lnk

[2010/06/26 15:57:31 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\adminfull\ntuser.pol

[2010/06/26 15:37:00 | 1072,762,880 | -HS- | C] () -- C:\hiberfil.sys

[2010/06/06 19:02:55 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\MSCOMM32.oca

[2009/10/12 21:48:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CDMP_RtfViewer.INI

[2009/10/12 13:08:52 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CDMP_HtmlViewer.INI

[2009/10/11 20:21:03 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI

[2009/10/03 20:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini

[2009/09/01 19:12:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/02/28 21:55:46 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS

[2009/02/16 22:10:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini

[2009/01/22 22:28:40 | 000,000,395 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2009/01/15 20:39:05 | 000,000,453 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI

[2008/11/18 20:44:02 | 000,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2008/09/28 21:10:59 | 000,004,018 | ---- | C] () -- C:\WINDOWS\logos20.ini

[2008/03/30 18:14:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2008/03/16 13:28:18 | 000,299,454 | ---- | C] () -- C:\WINDOWS\ALLSIM.INI

[2008/03/16 13:28:18 | 000,061,268 | ---- | C] () -- C:\WINDOWS\BIUTILSM.INI

[2008/03/16 13:28:18 | 000,057,969 | ---- | C] () -- C:\WINDOWS\SIMSIM.INI

[2008/03/16 13:28:18 | 000,000,580 | ---- | C] () -- C:\WINDOWS\Common.ini

[2008/03/16 13:28:17 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\ngprtserv.dll

[2008/03/16 13:28:13 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini

[2008/01/08 22:16:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2007/03/18 18:57:38 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\bdacfb3_s.dll

[2007/03/05 22:52:56 | 000,000,070 | ---- | C] () -- C:\WINDOWS\etrack.ini

[2007/03/05 22:37:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2007/02/27 18:07:57 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\tdbgpp.dll

[2007/02/24 09:42:42 | 000,005,557 | ---- | C] () -- C:\WINDOWS\POWERUP.INI

[2007/01/21 22:42:33 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL

[2007/01/21 22:42:31 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS

[2007/01/21 22:40:59 | 000,001,383 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI

[2006/12/21 21:45:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI

[2006/11/21 21:41:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BWW.INI

[2006/10/18 22:06:54 | 000,000,776 | ---- | C] () -- C:\WINDOWS\CLARIS.INI

[2006/10/18 22:05:08 | 000,001,169 | ---- | C] () -- C:\WINDOWS\ALCHUPDT.INI

[2006/09/08 19:54:34 | 000,000,052 | ---- | C] () -- C:\WINDOWS\cool.ini

[2006/09/08 19:50:46 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wordpad.ini

[2006/08/28 18:10:58 | 000,000,458 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2006/08/01 20:22:52 | 000,001,417 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini

[2006/08/01 20:22:51 | 000,000,792 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/08/01 20:22:51 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2006/08/01 20:22:49 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI

[2006/08/01 20:22:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI

[2006/02/14 21:30:10 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2006/01/13 22:08:20 | 000,000,052 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI

[2005/12/28 21:06:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005/11/03 20:44:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI

[2005/11/03 20:43:47 | 000,003,784 | ---- | C] () -- C:\WINDOWS\prspro.ini

[2005/09/03 18:57:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2005/06/10 20:59:54 | 000,177,152 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2005/06/10 20:53:52 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2005/02/10 23:10:06 | 000,000,076 | ---- | C] () -- C:\WINDOWS\ccard100.ini

[2005/02/10 23:09:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI

[2005/02/10 23:09:10 | 000,007,128 | ---- | C] () -- C:\WINDOWS\MSACC20.INI

[2004/11/28 21:22:14 | 000,000,229 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2004/09/14 21:59:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SafeGuard20.INI

[2004/06/30 15:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll

[2004/06/27 20:29:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.adminron.ini

[2004/06/27 20:17:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini

[2004/06/27 17:38:12 | 000,000,281 | ---- | C] () -- C:\WINDOWS\MATLAB.INI

[2004/05/28 19:55:33 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\f90SQLDVF.dll

[2004/05/20 22:56:53 | 000,000,163 | ---- | C] () -- C:\WINDOWS\ed4w.ini

[2004/05/20 22:06:03 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PTMail.INI

[2004/05/19 19:58:13 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\aecrm.dll

[2004/05/19 19:47:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI

[2004/05/07 22:24:41 | 000,000,009 | ---- | C] () -- C:\WINDOWS\WINHLP32.INI

[2004/05/07 22:24:40 | 000,000,009 | ---- | C] () -- C:\WINDOWS\WINHELP.INI

[2004/05/04 20:32:27 | 000,007,113 | ---- | C] () -- C:\WINDOWS\GWSPRO.INI

[2004/05/01 22:54:35 | 000,000,177 | ---- | C] () -- C:\WINDOWS\Winamp.ini

[2004/05/01 19:23:48 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup

[2004/04/28 21:24:11 | 000,000,120 | ---- | C] () -- C:\WINDOWS\setihome.ini

[2004/04/28 11:19:43 | 000,000,131 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2004/04/28 11:09:54 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini

[2004/04/28 11:09:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2004/03/07 13:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll

[2004/03/02 01:36:06 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2004/03/02 00:14:53 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI

[2004/02/29 22:56:33 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmbi.sys

[2004/02/20 23:02:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/02/20 22:54:59 | 000,001,315 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/02/20 22:50:53 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini

[2004/02/20 22:39:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/02/20 22:39:02 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/02/20 22:23:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2003/10/16 14:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2003/08/13 21:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2002/11/22 11:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll

[2002/05/29 06:50:02 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2001/11/09 14:27:16 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll

[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

[1998/05/18 01:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI

[1998/04/24 01:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1997/05/11 07:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll

[1996/11/14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2002/09/03 12:36:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001

[2004/05/28 19:55:33 | 000,000,177 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/01/26 09:39:08 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI

[2002/09/03 12:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS

[2007/03/05 22:48:20 | 000,000,003 | ---- | M] () -- C:\chkm01.dll

[2002/09/03 12:36:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2004/02/20 22:29:50 | 000,006,078 | RH-- | M] () -- C:\DELL.SDR

[2010/06/27 05:10:56 | 015,487,048 | ---- | M] () -- C:\Dir0627-0500.lis

[2007/12/31 19:48:12 | 000,185,344 | ---- | M] () -- C:\Dir1231-09-10.xls

[2007/12/31 19:33:32 | 000,072,748 | ---- | M] () -- C:\Dir1231-0900.txt

[2007/12/31 19:36:10 | 000,132,608 | ---- | M] () -- C:\Dir1231-0900.xls

[2007/12/31 19:39:18 | 000,031,295 | ---- | M] () -- C:\Dir1231-1000.txt

[2007/12/31 19:49:51 | 000,065,536 | ---- | M] () -- C:\Dir1231-1000.xls

[2009/05/10 07:45:01 | 014,956,258 | ---- | M] () -- C:\dirlisAll.lis

[2009/05/13 21:21:52 | 000,565,118 | ---- | M] () -- C:\dirlisH.lis

[2009/05/10 07:41:06 | 000,177,228 | ---- | M] () -- C:\dirlisSH.lis

[2007/12/28 21:26:00 | 000,000,998 | ---- | M] () -- C:\DirList1-BadExe.lis

[2007/12/22 14:48:05 | 000,042,396 | ---- | M] () -- C:\DirSort-Space-Exes.lis

[2007/12/23 15:46:24 | 000,001,209 | ---- | M] () -- C:\DirSort-Space-Files.lis

[2007/12/29 08:41:50 | 000,155,842 | ---- | M] () -- C:\DirSort2-12-28.lis

[2010/02/09 17:09:33 | 000,010,065 | ---- | M] () -- C:\DlgTest.log

[2006/12/27 20:10:38 | 000,056,357 | ---- | M] () -- C:\EasyShare.dmp

[2004/06/27 20:11:46 | 000,529,963 | ---- | M] () -- C:\EasyShareInstall.log

[2010/06/26 16:19:34 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys

[2004/06/27 20:35:03 | 000,000,560 | ---- | M] () -- C:\hpfr5550.xml

[2004/06/27 20:35:03 | 000,000,937 | ---- | M] () -- C:\hph7350.log

[2002/09/03 12:36:02 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2006/10/15 17:22:21 | 000,001,214 | -H-- | M] () -- C:\IPH.PH

[2006/12/28 17:26:04 | 000,124,928 | ---- | M] () -- C:\KdgnCert-VA501.DOC

[2002/09/03 12:36:02 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2008/01/11 22:34:11 | 011,225,941 | ---- | M] () -- C:\New-CdriveDir.lis

[2006/09/02 19:20:50 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2006/09/02 19:20:50 | 000,250,032 | RHS- | M] () -- C:\NTLDR

[2008/01/09 21:38:24 | 010,999,930 | ---- | M] () -- C:\Old-CdriveDir.lis

[2008/01/09 23:18:49 | 011,000,148 | ---- | M] () -- C:\OldCdrive-Sort.lis

[2010/06/26 16:19:32 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

[2007/03/05 22:46:02 | 000,000,003 | ---- | M] () -- C:\qzym01.dll

[2010/06/26 21:50:05 | 000,000,392 | ---- | M] () -- C:\sh4_service.log

[2008/03/20 20:26:36 | 000,000,004 | ---- | M] () -- C:\ss_nb.dat

[2008/03/20 20:26:34 | 000,000,004 | ---- | M] () -- C:\ss_udp.dat

[2008/03/20 20:26:34 | 000,000,004 | ---- | M] () -- C:\ss_udp2.dat

[2004/02/20 22:53:45 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

[2007/04/19 19:34:46 | 027,262,976 | ---- | M] () -- C:\VIRTPART.DAT

[2005/09/03 18:43:58 | 000,008,056 | -H-- | M] () -- C:\_NavCClt.Log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2004/08/03 22:51:12 | 000,068,768 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\mmsystem.dll

[2002/08/29 04:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\SHELL.DLL

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2002/09/03 12:22:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV

[2002/09/03 12:22:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV

[2002/09/03 12:22:52 | 000,397,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >

[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\SYSTEM32\user32.dll

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >

[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\SYSTEM32\ws2_32.dll

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

------------------ Ent otl.txt file ------------------------

extras.txt file:

OTL Extras logfile created on: 6/27/2010 11:38:48 AM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\adminfull\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 572.00 Mb Available Physical Memory | 56.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 73.84 Gb Total Space | 19.59 Gb Free Space | 26.53% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 75.17 Gb Total Space | 67.18 Gb Free Space | 89.37% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RON3000

Current User Name: adminfull

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.inf [@ = TextPad.inf] -- C:\Program Files\TextPad\TXTPAD32.EXE (Helios Software Solutions)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\ISS\BlackICE\blackice.exe" = C:\Program Files\ISS\BlackICE\blackice.exe:LocalSubNet:Enabled:BlackICE PC Protection -- (Internet Security Systems, Inc.)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

"C:\Ziphold\Pwr-9258\ipEdit-1.exe" = C:\Ziphold\Pwr-9258\ipEdit-1.exe:*:Enabled:ipEdit IPCam Scan Utility -- (Aviosys Inc.)

"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)

"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Setup Wizard of WAP54G -- File not found

"C:\Program Files\Symantec AntiVirus\VPC32.exe" = C:\Program Files\Symantec AntiVirus\VPC32.exe:LocalSubNet:Enabled:Symantec AntiVirus -- (Symantec Corporation)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004

"{059AE187-404C-47C5-B846-097DAF59DC44}" = Adobe Stock Photos 1.0

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{085FE193-B676-11D4-82BC-00A0C993905F}" = Thomas Bros. Street Guide Digital Edition

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0AD5AD99-6172-4385-8765-385FBE3A1013}" = Sunbelt CounterSpy

"{0F819909-B465-4F8D-B271-EBB1C7E03696}" = CDMenuPro V5

"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin

"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver

"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004

"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch

"{2554D4F3-CB25-4917-863F-198E897D25C6}" = CDMenuPro V6

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{29D135E8-59AB-4B92-8E7B-9F29D9CC914D}" = Canvas 7

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word

"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3A3521B3-5910-4941-A0F6-65E089DA5E85}" = Grade Machine

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40F3846A-55FB-41BF-8B57-345DFB29B674}" = Screen Shot Deluxe 5.0

"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support

"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH

astro3ron · June 27, 2010

Hello astro3ron and welcome to the forums.
I am jwang01 and I will be assisting you with your issue.
When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.
Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.
Let's see whats going on here.
Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scan box paste this in
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

jwang01,

Here is part two that contains the otl.txt file run out of the bad account where the virus infection occurred. In a previous post I sent you the otl and extras.txt files run out of the good admin account.

Here's the otl.txt run from the bad account. Recall that otl did not generate an extras.txt file in the bad account.

Otl.txt from bad account:

OTL logfile created on: 6/27/2010 11:57:20 AM - Run 2

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\adminron\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 489.00 Mb Available Physical Memory | 48.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 73.84 Gb Total Space | 19.54 Gb Free Space | 26.46% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 75.17 Gb Total Space | 67.18 Gb Free Space | 89.37% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RON3000

Current User Name: adminron

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\adminron\Desktop\OTL.com (OldTimer Tools)