Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with browser redirect, maybe directrdr.com?


  • This topic is locked This topic is locked
17 replies to this topic

#1 blss

blss

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 06 December 2009 - 04:07 PM

Family computer infected. Have run symantec and skybot S&D. Symantec identified two viruses two years ago and quarantined them. Skybot, which I ran for the first time to address this problem identified four more and quarantined them. Both programs indicated that they could not remove the viruses they quarantined. I have attached a screen capture of the symantec report. Quarantining of these files has not fixed the problem.


So, ran HJT earlier today (I tried to run DDS, but could not get the report to be legible. I think it was related to script blocking that I do not know how to disable.) Anyway, here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:11 PM, on 12/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1547161642-1682526488-1202660629-1006\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Alyssa')
O4 - HKUS\S-1-5-21-1547161642-1682526488-1202660629-1007\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Megan')
O4 - HKUS\S-1-5-21-1547161642-1682526488-1202660629-1008\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Kelly')
O4 - HKUS\S-1-5-18\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Start Green eKeySetup....lnk = C:\Program Files\eKeys\eKeys.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://motophoto.lifepics.com/net/Uploader...geUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://merillat.view22.com/release_3_9_177/View22RTEv4.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 9270 bytes


Since I could not get DDS to run, I could not create the requested Attach.txt file. Therefore I am attaching the Startuplist.txt and Uninstall_list.txt files that HJT recommended I create. Do not know if one of these are comparable to the Attach.txt file or not.

Anyway, will appreciate any assistance here.

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:37 PM

Posted 20 December 2009 - 01:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 blss

blss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 21 December 2009 - 09:57 AM

Thanks for the response. Look forward to getting rid of this problem. Anyway, here are the two reports you requested. We have another stand alone computer we have been using for our internet connection so we have stayed off line with this machine since my first post (except to run these reports). Question: do you need the DSS report in lieu of the HJT report I included in my first post? Please advise. Also, let me know if you need anything else. thx again.


OTL logfile created on: 12/21/2009 9:11:40 AM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

318.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 23.00% Memory free
680.00 Mb Paging File | 89.00 Mb Available in Paging File | 13.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 0.76 Gb Free Space | 4.09% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OEMCOMPUTER
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/14 15:43:06 | 03,217,368 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/10/14 15:42:38 | 00,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/08/12 14:19:32 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/25 12:58:12 | 00,356,352 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2008/11/25 12:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/02/14 05:44:30 | 00,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2007/12/22 17:30:48 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/06/13 06:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 19:52:16 | 00,936,960 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2007/05/11 15:20:04 | 02,061,816 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2006/11/30 21:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2004/08/04 12:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ntvdm.exe
PRC - [2004/08/04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002/08/28 13:12:06 | 00,077,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2001/08/17 22:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\SYSTEM32\pctspk.exe
PRC - [1999/09/05 05:23:22 | 00,053,317 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKCALREM.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2006/08/25 11:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 15:42:38 | 00,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/12 14:19:32 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/11/25 12:48:38 | 00,991,232 | ---- | M] () [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2001/08/17 22:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2009/12/18 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091218.003\navex15.sys -- (NAVEX15)
DRV - [2009/12/18 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091218.003\naveng.sys -- (NAVENG)
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/10/16 21:05:02 | 00,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 12:00:00 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV05NT.sys -- (iAimFP2)
DRV - [2004/01/08 23:45:12 | 00,256,896 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrv8k51.sys -- (W8100PCI)
DRV - [2002/06/19 19:57:14 | 00,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002/06/19 19:57:12 | 00,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 00,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\S-1-5-21-1547161642-1682526488-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\S-1-5-21-1547161642-1682526488-1202660629-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\S-1-5-21-1547161642-1682526488-1202660629-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\S-1-5-21-1547161642-1682526488-1202660629-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (358509 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12308 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKCALREM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Green eKeySetup....lnk = C:\Program Files\eKeys\eKeys.exe (BTC Korea Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus G\AIRPLUS.exe (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-20\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7934.5152546296 (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://motophoto.lifepics.com/net/Uploader...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://66.242.36.104/app/view22RTE.cab (View22RTE Class)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-its51 {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/06/08 17:00:00 | 00,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2005/01/09 10:05:44 | 00,000,261 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2005/01/09 10:05:44 | 00,000,261 | -H-- | M] () - C:\Autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/21 09:10:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2009/12/06 14:58:15 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\default\Desktop\RootRepeal.exe
[2009/12/06 12:55:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\Hijack this
[2009/12/06 12:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/06 12:44:36 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\default\Desktop\HijackThisInstaller.exe
[2009/12/06 12:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/06 12:19:25 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2009/12/06 12:19:25 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2009/12/06 12:19:24 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2009/12/06 12:19:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/06 12:18:56 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/11/26 09:01:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/26 09:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/21 17:00:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\Book Fair Order Form Original
[2005/10/16 15:45:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/16 15:45:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\default\My Documents\*.tmp files -> C:\Documents and Settings\default\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2009/12/21 09:03:04 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2009/12/21 08:30:44 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\default\My Documents\_922 Log.doc
[2009/12/21 08:08:54 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/21 08:05:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/21 08:05:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/21 08:05:10 | 33,402,4704 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 02:52:34 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\default\ntuser.dat
[2009/12/16 02:52:34 | 00,000,248 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2009/12/09 21:39:42 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft Excel.lnk
[2009/12/09 20:37:36 | 00,305,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 20:37:36 | 00,037,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 20:37:32 | 00,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 03:13:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 06:55:28 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft Word.lnk
[2009/12/06 15:56:34 | 00,133,632 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Screen capture of quarantined viruses 091206.ppt
[2009/12/06 15:54:06 | 00,002,469 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft PowerPoint.lnk
[2009/12/06 14:58:42 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\default\Desktop\settings.dat
[2009/12/06 14:58:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\default\Desktop\RootRepeal.exe
[2009/12/06 14:56:06 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2009/12/06 13:52:40 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\default\My Documents\5 December 09.doc
[2009/12/06 12:51:12 | 00,009,271 | ---- | M] () -- C:\Documents and Settings\default\My Documents\hijackthis 091206
[2009/12/06 12:46:02 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\default\Desktop\HijackThis.lnk
[2009/12/06 12:44:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\default\Desktop\HijackThisInstaller.exe
[2009/12/06 12:19:36 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/05 23:00:02 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2009/12/04 13:31:50 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Dad's finances 091204.doc
[2009/12/04 12:00:44 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Albert's Phone Guide 091204.doc
[2009/12/04 10:23:20 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Dad's House - to do list 091204.doc
[2009/11/30 20:54:22 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\default\My Documents\28 November 09.doc
[2009/11/29 10:38:06 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\default\My Documents\922_Project Mgmt and Budget 091018.doc
[2009/11/29 08:50:58 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Math 1.doc
[2009/11/26 09:01:48 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2009/11/21 17:01:14 | 00,591,872 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Order Form Original.xls
[2009/11/21 15:04:56 | 00,000,214 | ---- | M] () -- C:\Documents and Settings\default\Desktop\PBS KIDS . Games.url
[2009/11/21 10:43:56 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\default\My Documents\21 November 09.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\default\My Documents\*.tmp files -> C:\Documents and Settings\default\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/06 15:56:33 | 00,133,632 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Screen capture of quarantined viruses 091206.ppt
[2009/12/06 14:58:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\default\Desktop\settings.dat
[2009/12/06 14:56:04 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2009/12/06 12:51:11 | 00,009,271 | ---- | C] () -- C:\Documents and Settings\default\My Documents\hijackthis 091206
[2009/12/06 12:46:00 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\default\Desktop\HijackThis.lnk
[2009/12/06 12:19:34 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/04 17:20:55 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\default\My Documents\5 December 09.doc
[2009/12/04 12:37:36 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Dad's finances 091204.doc
[2009/12/04 11:54:40 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Albert's Phone Guide 091204.doc
[2009/12/04 09:09:27 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Dad's House - to do list 091204.doc
[2009/11/29 08:50:56 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Math 1.doc
[2009/11/28 10:39:05 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\default\My Documents\28 November 09.doc
[2009/11/26 09:01:47 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2009/11/21 17:01:09 | 00,591,872 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Order Form Original.xls
[2009/11/21 10:43:54 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\default\My Documents\21 November 09.doc
[2009/11/11 03:09:07 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/26 08:56:45 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2006/09/13 15:08:08 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/12 17:09:14 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/11/09 10:09:00 | 00,000,448 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/10/16 21:17:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/16 16:12:05 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/16 16:07:07 | 00,003,133 | ---- | C] () -- C:\WINDOWS\WPR.INI
[2005/10/16 16:07:07 | 00,000,932 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2005/10/16 16:07:07 | 00,000,728 | ---- | C] () -- C:\WINDOWS\PTCOUNTY.INI
[2005/10/16 16:07:07 | 00,000,642 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/16 16:07:07 | 00,000,395 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/10/16 16:07:07 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005/10/16 16:07:07 | 00,000,199 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/16 16:07:07 | 00,000,184 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/10/16 16:07:07 | 00,000,169 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2005/10/16 16:07:07 | 00,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/10/16 16:07:07 | 00,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2005/10/16 16:07:07 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005/10/16 16:07:07 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRINTSERVER.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/10/16 16:07:06 | 00,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005/10/16 16:07:06 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005/10/16 16:07:06 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2005/10/16 16:07:06 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005/10/16 16:07:06 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005/10/16 16:07:06 | 00,000,174 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2005/10/16 16:07:06 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005/10/16 16:07:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005/10/16 16:07:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/01/07 19:39:13 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/08/03 22:59:44 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/04/08 22:01:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\default\Application Data\dm.ini
[2002/09/03 22:22:11 | 00,007,432 | ---- | C] () -- C:\Program Files\Fyu60B3.exe
[2002/09/03 22:21:48 | 00,007,432 | ---- | C] () -- C:\Program Files\Idd5302.exe
[2002/09/03 22:09:28 | 00,007,432 | ---- | C] () -- C:\Program Files\Tmw91C0.exe
[2002/09/02 23:23:11 | 00,007,432 | ---- | C] () -- C:\Program Files\Uqe70B3.exe
[2002/09/02 23:21:02 | 00,007,432 | ---- | C] () -- C:\Program Files\Ipt5023.exe
[2002/09/02 23:16:22 | 00,007,432 | ---- | C] () -- C:\Program Files\Tgu160.exe
[2002/09/02 18:27:28 | 00,007,432 | ---- | C] () -- C:\Program Files\XuB1C4.exe
[2002/09/02 18:20:54 | 00,007,432 | ---- | C] () -- C:\Program Files\Rd4355.exe
[2002/08/30 20:30:23 | 00,007,432 | ---- | C] () -- C:\Program Files\VhdE175.exe
[2002/08/30 09:00:31 | 00,007,432 | ---- | C] () -- C:\Program Files\Pee1F1.exe
[2002/08/30 08:44:16 | 00,007,432 | ---- | C] () -- C:\Program Files\ArC101.exe
[2002/08/28 13:10:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/08/28 07:07:15 | 00,007,432 | ---- | C] () -- C:\Program Files\Kgb70E3.exe
[2002/08/27 23:02:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Hbc2054.exe
[2002/08/27 22:57:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Urw9052.exe
[2002/08/27 22:51:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Cgg3050.exe
[2002/08/27 22:39:40 | 00,007,432 | ---- | C] () -- C:\Program Files\Jtn7285.exe
[2002/08/27 22:35:25 | 00,007,432 | ---- | C] () -- C:\Program Files\Xg3193.exe
[2002/08/27 22:18:10 | 00,007,432 | ---- | C] () -- C:\Program Files\Pgv20A0.exe
[2002/08/27 22:14:51 | 00,007,432 | ---- | C] () -- C:\Program Files\DjtE325.exe
[2002/08/26 23:06:16 | 00,007,432 | ---- | C] () -- C:\Program Files\Fi6103.exe
[2002/08/26 22:58:16 | 00,007,432 | ---- | C] () -- C:\Program Files\SobA104.exe
[2002/08/26 22:50:25 | 00,007,432 | ---- | C] () -- C:\Program Files\Gvj2191.exe
[2002/08/24 22:18:50 | 00,007,432 | ---- | C] () -- C:\Program Files\Le2322.exe
[2001/12/15 07:47:50 | 00,446,976 | ---- | C] () -- C:\Program Files\cp1setup.exe
[2001/10/02 22:59:20 | 00,003,373 | ---- | C] () -- C:\Documents and Settings\default\Application Data\dw.log
[2001/08/25 11:30:41 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\aecrm.dll
[2001/08/12 21:25:16 | 00,048,128 | ---- | C] () -- C:\WINDOWS\System32\HPFPNP.DLL
[2001/05/15 15:08:25 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\IGFXDGPS.DLL
[2001/05/15 14:14:08 | 00,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
< End of report >






OTL Extras logfile created on: 12/21/2009 9:11:40 AM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

318.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 23.00% Memory free
680.00 Mb Paging File | 89.00 Mb Available in Paging File | 13.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 0.76 Gb Free Space | 4.09% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OEMCOMPUTER
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1421C0-5610-46D4-8283-82F3CA755FDB}" = Roxio PhotoSuite 5
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{84ED14E7-A574-4A6F-80D9-CF07872F6B6A}" = eMachines Green eKey Setup 1.0
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning ROM
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5749E57-AD4A-4B1B-ABC5-885FDBC286C9}" = D-Link AirPlus G Wireless LAN Adapter
"{CF055C57-A988-42E6-BDAF-E3D94C6973A8}" = LeapFrog Connect
"{E1521F97-FDA4-460A-8A51-0F512552E42A}" = LeapFrog Didj Plugin
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Architectural CD" = Architectural CD
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"Encarta Encyclopedia 2000 A" = Microsoft Encarta Encyclopedia 2000
"Food Force" = Food Force 1.0
"HijackThis" = HijackThis 2.0.2
"HP DeskJet 930C Series" = HP DeskJet 930C Series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD (Ahead Software)
"Installing HSP56 MicroModem Drivers" = HSP56 MR Drivers
"JSTD2001" = JumpStart Toddlers 2001
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"MSNMS" = MSN Explorer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = NeroMediaPlayer
"Photags Music Express" = iConcepts Music Express
"PhotoRecord" = Canon PhotoRecord
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"Ready for Math with Pooh" = Disney's Ready for Math with Pooh
"RealPlayer 6.0" = RealOne Player
"Registry Mechanic_is1" = Registry Mechanic 9.0
"RemoteCapture" = Canon Utilities RemoteCapture 2.1
"Shockwave" = Shockwave
"UPCShell" = LeapFrog Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2009 9:55:51 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/10/2009 5:42:32 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

Error - 12/12/2009 1:22:24 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:26 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/15/2009 3:35:51 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000aebdc.

Error - 12/16/2009 3:50:14 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

[ Application Events ]
Error - 12/9/2009 9:55:51 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/10/2009 5:42:32 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

Error - 12/12/2009 1:22:24 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:26 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/15/2009 3:35:51 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000aebdc.

Error - 12/16/2009 3:50:14 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

[ System Events ]
Error - 12/16/2009 4:03:59 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/16/2009 4:03:59 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/19/2009 4:33:16 AM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 12/19/2009 4:33:16 AM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/19/2009 4:43:24 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/19/2009 4:43:24 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/21/2009 9:03:17 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/21/2009 9:05:34 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/21/2009 9:05:34 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/21/2009 9:15:36 AM | Computer Name = OEMCOMPUTER | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.


< End of report >

#4 blss

blss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 21 December 2009 - 10:44 AM

UPDATE to previous post: After reviewing my last post, I realized the report only looked at the last 30 days. I know the problem began more than 30 days ago, so I re-ran the OTL scans for the last 90 days instead. The results are below. Also, in the extras.txt report you will note a number of errors in the last 30 days or so. Those are primarily related to a number of hard reboots I have had to conduct due to performance problems (which I am guessing is related to this malware problem). Also, at the end of this reply, I included an updated HJT log.



OTL logfile created on: 12/21/2009 10:20:12 AM - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

318.00 Mb Total Physical Memory | 76.00 Mb Available Physical Memory | 24.00% Memory free
680.00 Mb Paging File | 156.00 Mb Available in Paging File | 23.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 0.71 Gb Free Space | 3.79% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OEMCOMPUTER
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2009/10/14 15:43:06 | 03,217,368 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/10/14 15:42:38 | 00,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/08/12 14:19:32 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/25 12:58:12 | 00,356,352 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2008/11/25 12:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/02/14 05:44:30 | 00,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2007/12/22 17:30:48 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/06/13 06:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 19:52:16 | 00,936,960 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2007/05/11 15:20:04 | 02,061,816 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2006/11/30 21:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2004/08/04 12:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ntvdm.exe
PRC - [2004/08/04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002/08/28 13:12:06 | 00,077,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2001/08/17 22:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\SYSTEM32\pctspk.exe
PRC - [1999/09/05 05:23:22 | 00,053,317 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKCALREM.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2006/08/25 11:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 15:42:38 | 00,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/12 14:19:32 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/11/25 12:48:38 | 00,991,232 | ---- | M] () [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2001/08/17 22:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2009/12/18 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091218.003\navex15.sys -- (NAVEX15)
DRV - [2009/12/18 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091218.003\naveng.sys -- (NAVENG)
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/10/16 21:05:02 | 00,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 12:00:00 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV05NT.sys -- (iAimFP2)
DRV - [2004/01/08 23:45:12 | 00,256,896 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrv8k51.sys -- (W8100PCI)
DRV - [2002/06/19 19:57:14 | 00,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002/06/19 19:57:12 | 00,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 00,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\S-1-5-21-1547161642-1682526488-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (358509 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12308 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKCALREM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Green eKeySetup....lnk = C:\Program Files\eKeys\eKeys.exe (BTC Korea Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus G\AIRPLUS.exe (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-20\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7934.5152546296 (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://motophoto.lifepics.com/net/Uploader...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://66.242.36.104/app/view22RTE.cab (View22RTE Class)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-its51 {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/06/08 17:00:00 | 00,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2005/01/09 10:05:44 | 00,000,261 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2005/01/09 10:05:44 | 00,000,261 | -H-- | M] () - C:\Autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2009/12/21 09:10:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2009/12/06 14:58:15 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\default\Desktop\RootRepeal.exe
[2009/12/06 12:55:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\Hijack this
[2009/12/06 12:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/06 12:44:36 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\default\Desktop\HijackThisInstaller.exe
[2009/12/06 12:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/06 12:19:25 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2009/12/06 12:19:25 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2009/12/06 12:19:24 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2009/12/06 12:19:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/06 12:18:56 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/11/26 09:01:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/26 09:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/21 17:00:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\Book Fair Order Form Original
[2009/11/01 15:16:48 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009/11/01 14:40:22 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2009/10/29 16:49:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\view22
[2009/10/29 16:48:59 | 01,706,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/10/29 16:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\View22
[2009/10/29 16:48:57 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2009/10/20 09:58:48 | 00,263,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2005/10/16 15:45:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/16 15:45:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\default\My Documents\*.tmp files -> C:\Documents and Settings\default\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2009/12/21 10:26:16 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2009/12/21 08:30:44 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\default\My Documents\_922 Log.doc
[2009/12/21 08:08:54 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/21 08:05:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/21 08:05:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/21 08:05:10 | 33,402,4704 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 02:52:34 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\default\ntuser.dat
[2009/12/16 02:52:34 | 00,000,248 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2009/12/09 21:39:42 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft Excel.lnk
[2009/12/09 20:37:36 | 00,305,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 20:37:36 | 00,037,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 20:37:32 | 00,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 03:13:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 06:55:28 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft Word.lnk
[2009/12/06 15:56:34 | 00,133,632 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Screen capture of quarantined viruses 091206.ppt
[2009/12/06 15:54:06 | 00,002,469 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft PowerPoint.lnk
[2009/12/06 14:58:42 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\default\Desktop\settings.dat
[2009/12/06 14:58:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\default\Desktop\RootRepeal.exe
[2009/12/06 14:56:06 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2009/12/06 13:52:40 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\default\My Documents\5 December 09.doc
[2009/12/06 12:51:12 | 00,009,271 | ---- | M] () -- C:\Documents and Settings\default\My Documents\hijackthis 091206
[2009/12/06 12:46:02 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\default\Desktop\HijackThis.lnk
[2009/12/06 12:44:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\default\Desktop\HijackThisInstaller.exe
[2009/12/06 12:19:36 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/05 23:00:02 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2009/12/04 13:31:50 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Dad's finances 091204.doc
[2009/12/04 12:00:44 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Albert's Phone Guide 091204.doc
[2009/12/04 10:23:20 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Dad's House - to do list 091204.doc
[2009/11/30 20:54:22 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\default\My Documents\28 November 09.doc
[2009/11/29 10:38:06 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\default\My Documents\922_Project Mgmt and Budget 091018.doc
[2009/11/29 08:50:58 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Math 1.doc
[2009/11/26 09:01:48 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2009/11/21 17:01:14 | 00,591,872 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Order Form Original.xls
[2009/11/21 15:04:56 | 00,000,214 | ---- | M] () -- C:\Documents and Settings\default\Desktop\PBS KIDS . Games.url
[2009/11/21 10:43:56 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\default\My Documents\21 November 09.doc
[2009/11/11 03:35:38 | 00,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 03:09:08 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/10 18:18:02 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Comments on Margeson paintings.doc
[2009/11/07 16:08:26 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Megan Books.doc
[2009/11/07 11:57:38 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\default\My Documents\7 November 09.doc
[2009/11/07 10:15:22 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\5 November 09.doc
[2009/11/05 18:03:16 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\default\My Documents\TheThreeLittlyPigs.doc
[2009/11/05 16:58:44 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\5 November 09 Notes.doc
[2009/11/05 16:22:04 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\4 November 09.doc
[2009/11/05 16:22:00 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\IRS letter 091104.doc
[2009/11/04 17:09:48 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\megan.doc
[2009/11/04 17:09:38 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Kelly.doc
[2009/11/02 20:04:58 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\meg's story.doc
[2009/10/30 14:24:56 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\default\My Documents\31 October 09.doc
[2009/10/30 11:13:08 | 00,637,952 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Viruses 091031.ppt
[2009/10/29 02:47:00 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/10/29 02:47:00 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/10/29 02:46:58 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/29 02:46:58 | 01,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/10/29 02:46:58 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/10/29 02:46:58 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/10/29 02:46:58 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/10/29 02:46:58 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/10/29 02:46:58 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/10/29 02:46:58 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/10/29 02:46:58 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/10/29 02:46:58 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/10/29 02:46:58 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/10/29 02:46:58 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/10/29 02:46:56 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/10/29 02:46:56 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/10/29 02:46:56 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/10/29 02:46:56 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/10/29 02:46:56 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/10/29 02:46:56 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/10/29 02:46:56 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/10/29 02:46:56 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/10/29 02:46:54 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/10/29 02:46:54 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/10/29 02:46:54 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/10/29 02:46:54 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/10/29 02:46:52 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/10/29 02:46:52 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/10/29 02:46:52 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/10/29 02:46:52 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/10/29 02:46:52 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/10/29 02:46:52 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/10/29 02:46:52 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/10/29 02:46:52 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/10/29 02:46:52 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/10/29 02:46:52 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/10/29 02:46:52 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/10/29 02:46:52 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/10/29 02:46:52 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/10/29 02:46:52 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/10/29 02:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/10/29 02:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/10/29 02:46:50 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/10/29 02:46:50 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/10/29 02:46:50 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/10/29 02:46:50 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/10/28 09:36:32 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/10/28 09:36:12 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/10/28 09:36:12 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/10/28 09:36:12 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/10/28 09:36:12 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/10/28 07:18:38 | 00,701,566 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Door Images from Millwork Book 090928.pdf
[2009/10/28 07:13:18 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\default\My Documents\26 September 09.doc
[2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/10/28 01:52:46 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/10/28 01:52:46 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/10/26 14:42:42 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Hkkhlkgjhkljjjhkhjhkjkhjtkjkfhghgghhghgdhfghfshgdfjjjjjgjllllllllldfhhghgsddasjfhdghhkjkhljklullhgjl.doc
[2009/10/25 17:28:10 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\default\My Documents\kelly to alyssa.doc
[2009/10/23 12:34:22 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\default\My Documents\writing.doc
[2009/10/23 12:25:44 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\default\My Documents\24 October 09.doc
[2009/10/22 18:30:02 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Rounding.doc
[2009/10/21 01:00:56 | 00,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/10/21 01:00:56 | 00,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/10/21 01:00:56 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2009/10/21 01:00:56 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/10/20 09:58:48 | 00,263,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/10/17 19:53:02 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\default\My Documents\17 October 09.doc
[2009/10/17 12:49:58 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\10 October 09.doc
[2009/10/13 05:53:30 | 00,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2009/10/13 05:53:30 | 00,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 08:54:18 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2009/10/12 08:54:18 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 08:54:18 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2009/10/12 08:54:18 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/10/11 13:52:26 | 00,065,776 | ---- | M] () -- C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/10 09:14:10 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\default\My Documents\MATH QIZZ.doc
[2009/10/09 13:53:56 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by color.xls
[2009/10/09 13:53:12 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by room.xls
[2009/10/09 13:49:24 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Color Scheme.xls
[2009/10/08 15:07:34 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\kelly's.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\default\My Documents\*.tmp files -> C:\Documents and Settings\default\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/06 15:56:33 | 00,133,632 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Screen capture of quarantined viruses 091206.ppt
[2009/12/06 14:58:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\default\Desktop\settings.dat
[2009/12/06 14:56:04 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2009/12/06 12:51:11 | 00,009,271 | ---- | C] () -- C:\Documents and Settings\default\My Documents\hijackthis 091206
[2009/12/06 12:46:00 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\default\Desktop\HijackThis.lnk
[2009/12/06 12:19:34 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/04 17:20:55 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\default\My Documents\5 December 09.doc
[2009/12/04 12:37:36 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Dad's finances 091204.doc
[2009/12/04 11:54:40 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Albert's Phone Guide 091204.doc
[2009/12/04 09:09:27 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Dad's House - to do list 091204.doc
[2009/11/29 08:50:56 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Math 1.doc
[2009/11/28 10:39:05 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\default\My Documents\28 November 09.doc
[2009/11/26 09:01:47 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2009/11/21 17:01:09 | 00,591,872 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Order Form Original.xls
[2009/11/21 10:43:54 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\default\My Documents\21 November 09.doc
[2009/11/11 03:09:07 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/10 18:18:00 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Comments on Margeson paintings.doc
[2009/11/07 16:08:22 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Megan Books.doc
[2009/11/07 10:22:41 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\default\My Documents\7 November 09.doc
[2009/11/05 18:03:15 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\default\My Documents\TheThreeLittlyPigs.doc
[2009/11/05 16:58:42 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\5 November 09 Notes.doc
[2009/11/05 07:55:36 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\5 November 09.doc
[2009/11/04 17:09:47 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\megan.doc
[2009/11/04 17:09:36 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Kelly.doc
[2009/11/04 16:04:37 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\IRS letter 091104.doc
[2009/11/04 15:53:17 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\4 November 09.doc
[2009/11/02 20:04:56 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\meg's story.doc
[2009/10/30 14:24:53 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\default\My Documents\31 October 09.doc
[2009/10/30 11:13:06 | 00,637,952 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Viruses 091031.ppt
[2009/10/29 18:24:50 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\kelly's.doc
[2009/10/28 07:18:35 | 00,701,566 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Door Images from Millwork Book 090928.pdf
[2009/10/26 14:42:39 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Hkkhlkgjhkljjjhkhjhkjkhjtkjkfhghgghhghgdhfghfshgdfjjjjjgjllllllllldfhhghgsddasjfhdghhkjkhljklullhgjl.doc
[2009/10/26 11:11:56 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\default\My Documents\26 September 09.doc
[2009/10/23 12:34:21 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\default\My Documents\writing.doc
[2009/10/23 10:47:15 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\default\My Documents\24 October 09.doc
[2009/10/22 19:01:09 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\default\My Documents\kelly to alyssa.doc
[2009/10/22 17:09:32 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Rounding.doc
[2009/10/17 14:22:25 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\default\My Documents\17 October 09.doc
[2009/10/17 12:14:56 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\default\My Documents\922_Project Mgmt and Budget 091018.doc
[2009/10/09 13:53:10 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by room.xls
[2009/10/09 13:49:41 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by color.xls
[2009/10/09 13:35:10 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\default\My Documents\MATH QIZZ.doc
[2009/10/09 11:23:10 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\10 October 09.doc
[2009/10/06 15:41:47 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Color Scheme.xls
[2008/12/26 08:56:45 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2006/09/13 15:08:08 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/12 17:09:14 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/11/09 10:09:00 | 00,000,448 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/10/16 21:17:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/16 16:12:05 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/16 16:07:07 | 00,003,133 | ---- | C] () -- C:\WINDOWS\WPR.INI
[2005/10/16 16:07:07 | 00,000,932 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2005/10/16 16:07:07 | 00,000,728 | ---- | C] () -- C:\WINDOWS\PTCOUNTY.INI
[2005/10/16 16:07:07 | 00,000,642 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/16 16:07:07 | 00,000,395 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/10/16 16:07:07 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005/10/16 16:07:07 | 00,000,199 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/16 16:07:07 | 00,000,184 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/10/16 16:07:07 | 00,000,169 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2005/10/16 16:07:07 | 00,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/10/16 16:07:07 | 00,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2005/10/16 16:07:07 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005/10/16 16:07:07 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRINTSERVER.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/10/16 16:07:06 | 00,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005/10/16 16:07:06 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005/10/16 16:07:06 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2005/10/16 16:07:06 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005/10/16 16:07:06 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005/10/16 16:07:06 | 00,000,174 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2005/10/16 16:07:06 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005/10/16 16:07:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005/10/16 16:07:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/01/07 19:39:13 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/08/03 22:59:44 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/04/08 22:01:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\default\Application Data\dm.ini
[2002/09/03 22:22:11 | 00,007,432 | ---- | C] () -- C:\Program Files\Fyu60B3.exe
[2002/09/03 22:21:48 | 00,007,432 | ---- | C] () -- C:\Program Files\Idd5302.exe
[2002/09/03 22:09:28 | 00,007,432 | ---- | C] () -- C:\Program Files\Tmw91C0.exe
[2002/09/02 23:23:11 | 00,007,432 | ---- | C] () -- C:\Program Files\Uqe70B3.exe
[2002/09/02 23:21:02 | 00,007,432 | ---- | C] () -- C:\Program Files\Ipt5023.exe
[2002/09/02 23:16:22 | 00,007,432 | ---- | C] () -- C:\Program Files\Tgu160.exe
[2002/09/02 18:27:28 | 00,007,432 | ---- | C] () -- C:\Program Files\XuB1C4.exe
[2002/09/02 18:20:54 | 00,007,432 | ---- | C] () -- C:\Program Files\Rd4355.exe
[2002/08/30 20:30:23 | 00,007,432 | ---- | C] () -- C:\Program Files\VhdE175.exe
[2002/08/30 09:00:31 | 00,007,432 | ---- | C] () -- C:\Program Files\Pee1F1.exe
[2002/08/30 08:44:16 | 00,007,432 | ---- | C] () -- C:\Program Files\ArC101.exe
[2002/08/28 13:10:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/08/28 07:07:15 | 00,007,432 | ---- | C] () -- C:\Program Files\Kgb70E3.exe
[2002/08/27 23:02:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Hbc2054.exe
[2002/08/27 22:57:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Urw9052.exe
[2002/08/27 22:51:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Cgg3050.exe
[2002/08/27 22:39:40 | 00,007,432 | ---- | C] () -- C:\Program Files\Jtn7285.exe
[2002/08/27 22:35:25 | 00,007,432 | ---- | C] () -- C:\Program Files\Xg3193.exe
[2002/08/27 22:18:10 | 00,007,432 | ---- | C] () -- C:\Program Files\Pgv20A0.exe
[2002/08/27 22:14:51 | 00,007,432 | ---- | C] () -- C:\Program Files\DjtE325.exe
[2002/08/26 23:06:16 | 00,007,432 | ---- | C] () -- C:\Program Files\Fi6103.exe
[2002/08/26 22:58:16 | 00,007,432 | ---- | C] () -- C:\Program Files\SobA104.exe
[2002/08/26 22:50:25 | 00,007,432 | ---- | C] () -- C:\Program Files\Gvj2191.exe
[2002/08/24 22:18:50 | 00,007,432 | ---- | C] () -- C:\Program Files\Le2322.exe
[2001/12/15 07:47:50 | 00,446,976 | ---- | C] () -- C:\Program Files\cp1setup.exe
[2001/10/02 22:59:20 | 00,003,373 | ---- | C] () -- C:\Documents and Settings\default\Application Data\dw.log
[2001/08/25 11:30:41 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\aecrm.dll
[2001/08/12 21:25:16 | 00,048,128 | ---- | C] () -- C:\WINDOWS\System32\HPFPNP.DLL
[2001/05/15 15:08:25 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\IGFXDGPS.DLL
[2001/05/15 14:14:08 | 00,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
< End of report >





EXTRAS.TXT


OTL Extras logfile created on: 12/21/2009 9:11:40 AM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

318.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 23.00% Memory free
680.00 Mb Paging File | 89.00 Mb Available in Paging File | 13.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 0.76 Gb Free Space | 4.09% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OEMCOMPUTER
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1421C0-5610-46D4-8283-82F3CA755FDB}" = Roxio PhotoSuite 5
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{84ED14E7-A574-4A6F-80D9-CF07872F6B6A}" = eMachines Green eKey Setup 1.0
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning ROM
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5749E57-AD4A-4B1B-ABC5-885FDBC286C9}" = D-Link AirPlus G Wireless LAN Adapter
"{CF055C57-A988-42E6-BDAF-E3D94C6973A8}" = LeapFrog Connect
"{E1521F97-FDA4-460A-8A51-0F512552E42A}" = LeapFrog Didj Plugin
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Architectural CD" = Architectural CD
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"Encarta Encyclopedia 2000 A" = Microsoft Encarta Encyclopedia 2000
"Food Force" = Food Force 1.0
"HijackThis" = HijackThis 2.0.2
"HP DeskJet 930C Series" = HP DeskJet 930C Series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD (Ahead Software)
"Installing HSP56 MicroModem Drivers" = HSP56 MR Drivers
"JSTD2001" = JumpStart Toddlers 2001
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"MSNMS" = MSN Explorer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = NeroMediaPlayer
"Photags Music Express" = iConcepts Music Express
"PhotoRecord" = Canon PhotoRecord
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"Ready for Math with Pooh" = Disney's Ready for Math with Pooh
"RealPlayer 6.0" = RealOne Player
"Registry Mechanic_is1" = Registry Mechanic 9.0
"RemoteCapture" = Canon Utilities RemoteCapture 2.1
"Shockwave" = Shockwave
"UPCShell" = LeapFrog Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2009 9:55:51 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/10/2009 5:42:32 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

Error - 12/12/2009 1:22:24 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:26 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/15/2009 3:35:51 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000aebdc.

Error - 12/16/2009 3:50:14 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

[ Application Events ]
Error - 12/9/2009 9:55:51 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/9/2009 9:55:52 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/10/2009 5:42:32 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

Error - 12/12/2009 1:22:24 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:26 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/12/2009 1:22:27 PM | Computer Name = OEMCOMPUTER | Source = Norton AntiVirus | ID = 16711685
Description =

Error - 12/15/2009 3:35:51 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000aebdc.

Error - 12/16/2009 3:50:14 AM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x000e4d8a.

[ System Events ]
Error - 12/16/2009 4:03:59 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/16/2009 4:03:59 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/19/2009 4:33:16 AM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 12/19/2009 4:33:16 AM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/19/2009 4:43:24 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/19/2009 4:43:24 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/21/2009 9:03:17 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/21/2009 9:05:34 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/21/2009 9:05:34 AM | Computer Name = OEMCOMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/21/2009 9:15:36 AM | Computer Name = OEMCOMPUTER | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.


< End of report >



UPDATED HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:20 AM, on 12/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\default\Desktop\OTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Start Green eKeySetup....lnk = C:\Program Files\eKeys\eKeys.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://motophoto.lifepics.com/net/Uploader...geUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://merillat.view22.com/release_3_9_177/View22RTEv4.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 8859 bytes




Look forward to your assisance.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 21 December 2009 - 10:51 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

Please post the RootRepeal log and a description of any remaining problems or symptoms you may still have please.

Please refer to this page and in step #6 and Step #7 for further instructions on downloading and running RootRepeal. If you have any problems just let me know.

Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 blss

blss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 22 December 2009 - 07:06 PM

Hi EB,

Okay, so I'm hitting a few obstacles here. I went to run RootRepeal like I did with my original post, but this time it crashed. I tried it again and even deleted and downloaded it again. Same thing happen. The crash message says it is trying to write to address: 0x00000000.

So here is my RootRepeal log from my first try in early December

==================================================
Scan Start Time: 2009/12/06 15:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF28C8000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\HIBERFIL.SYS
Status: Locked to the Windows API!

Path: c:\documents and settings\default\local settings\temporary internet files\content.ie5\0355lxhp\topic34773[1].htm
Status: Allocation size mismatch (API: 540672, Raw: 81920)

Path: c:\documents and settings\default\local settings\temporary internet files\content.ie5\8bwlmcpl\forum22[1].htm
Status: Allocation size mismatch (API: 540672, Raw: 114688)

==EOF==



EB, do you need the DDS report or can you work with the HJT log previously provided? If you need the DDS report, do you have any suggestions as to what type of programs run script blocking? Thanks in advance.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 22 December 2009 - 07:38 PM

Hello.

EB, do you need the DDS report or can you work with the HJT log previously provided? If you need the DDS report, do you have any suggestions as to what type of programs run script blocking? Thanks in advance.

Simply go ahead and run it, there should be no problem.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 blss

blss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 22 December 2009 - 09:42 PM

EB,

when I try to run DDS, my computer thinks its an AutoCad script and as a result, I get the following (attached is only a sample). This was the reason for my query about script blocking. Any ideas of what to do??

MZ   @  !L!This program cannot be run in DOS mode.

$ PE L +I  2 n h   @     0            .code     PEC2FO .rsrc    $R Pd5 d% 3PECompact2 VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF (C&{;yU2)[)g*uŊ0ʫ䜁M呎s
PKڟ}Cb{/p=_IѶ_' ֐`VSJYgĹ|_KwD ;6ИoOGS̷c7KgB-6Xfv-pĝ]PmUu ;&ƲoY-00
+=C<%#ɚxu C1y4jST)<H]nwPmq*?>?244 i)mK᪆+:@C
N>t-dDS[.^ݏ|@ِtP\R-TqLAu\hcD4fi]6nl
o@AFGo*=ܔ|Hϗ~'VR
`m۟IͬK1Ux>ARC)^M.!5 ?S& vjulB礪`2vb'
J:%Æ5,
h23g/C\.2wiL%g𞁇ji]f˓@U?@.H0߽$UwGBݜԣb]jڞe
)l Lz?j,Bћw`UE[ԃPFW'
Ӛ𜤊h2QNY2ע:ڏ"5_:fyfƈɘ2V" Gx ys{[ "}g+Zqp=sA
0 Nİ"fC0:m4g3 %۹ά͢
<WqW0Y],AlBw$
]agH(aIyց>(D P5Z{qR9*.r)791;rT5X{ ; 1
಴X̠0fTq{ 00|-_
۾%h;s?8PVz^Po?&%fKx_IPzPHi@l0Y!)ߵl=*M3| kY6m&鼦 qO͖hCܾ1=K1
T 5BIk>yI~v +:`
60-npvpT^ }}LJqScs!
FcZ4qkh/g↎5i/>!J$^`S$(]4*\Vɶq9DK3v:32XEղB7Žbk.K{ ɱ滝v8]e Mp92S -4!/M[#C~*`"_Ǥ*Qޭ9hm!I獚b ;)!ƿfWJriK̦#BϚʱv߬qNU_5&΢Z׽ S .tP7i^ țvSQ!`[@7z35dD@tqToehK$w!cDzXCUUY3P+O"%x&1IxMoh*}od6#$"~IXڷl既ΔֿUFIo`C&K49.!+(ʯ%0'g "By;OAwdž<.ªYŜlJǐ=v0/5mjtwu.5g"[/~|6}Nnf9<?Sт &.0BY D{NhٽFrqi0sl򥥼4!;xĠxug3eZrjN#h=s`U=ca]Ĵu{\ ։Ja)cpjJjW)nۧVB\k0:T6i͗|H [Tu5oPE#^
)MU\ N/Kt!yc-
֒Ī,eH/C!yI<&PK
gMefF
 XBc O 0BmBh9t腗u'j]nėz#
2{+X21z
~S=|auO'ў#pgm5;_vfVu6sh_~d2;]|R'_U
m@G?])[B+;$x44=Q(b ۗ[@UёyZ$$qBb΂zٸskrY- d5UXI(*ygkJB64ZG7b'XSIҾ]AI@HmHCXR@dM,M 7|J |HPMoO=;2ow/zi]&dTO/E-߇B?)~d#.ʉAn
k f){l! ԏÜD%6 f\T^S5wQxrnC8@m
޶0
}*ۢ8[},8Hj^+& qX dDKGc0Fsv7X@-
\<XMt f$pi}Oӝ^_2jnШXhxy=2uߋӿiz--N՝Ovq?4"
#€X^H95^7XBB[Ŀjե(?<2
z.8O^%??-0 F0^F߇Mfάd,2'^ΰR;QVV-ɝ?78Zh\cnKl[W{~8WUztCp'o*s!gS,~ ⏏{9HSI _UapM;jD%Iuj-8/P_vT[P=*2V#C%92<\*8mj%*yT% ]v{@YPx"+czP6#ְX.aʌeR0R0_L,mKBx30`2P}ud'"-,4_7Ͷ}}I|M 1cdrC^2CPM4RhӺmKao{oZ+$^2QʫlNj$
a w+bESfJ
q%߷ܥ P B
vEh?j9BLQ~ UZsWa 5Dzo$_6o|_|2f{ٷQLbPwjJ$5P> Ҹ*!
_"AsNсTW*A'):(ld`_L3EG)QWV,n:M ֗rʢs<Y D읭Gg$U㔟Hzo2t%F1(g K
Q"ۄ NIߥdUtFgIcghnXg~n[ /Ī_rξN<qGPJ,/cgߍmȭrhS.r'r6 V5S @Xal|z]\W.
&:*A .G8B9|hz}
8X=|]G0n clNS2
W}syA$2KWS@Er}g2fF3TOwrF!9zC4=Әx)uQmhf|B7doң)- ky=fo1 L)e 4(to(??v|\+TQ c
NewΧ}֩MlAw{1E!CAOd#4е#/Uۼvt JAW_IԱSS^33hAf=`WJLJ]pr䫽n»A ωBAa;h$sI&A=1ChړKZk(uʁCq{V= O^!.\'*f끻Ѐ\A M_/cbq%18>.T^* [Kte!X!ꙃ'K2fB@s3fvMH讹0 gSkl R"2Ќ*Xb) K}I@,[5>r$U2
~$^jXCw4Ta%Url\<Dz#.mD|gX ز<1L=ÖS[IH?NŭN?\lT?cpDa^GtL4C!:18_qߝ&exyCΘö6D 

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 23 December 2009 - 11:05 AM

Sorry, I understand what you mean. Let's get the OTL scan...

Download and run OTL
  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

Thanks.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 blss

blss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 December 2009 - 04:52 PM

EB,

FYI, I ran OTL as requested by Blade Zephon in Post #2. Results are located in Post #4. Do you need a new one? Just let me know.

thanks.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 23 December 2009 - 05:03 PM

Yes, please take a new scan for me.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 blss

blss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 December 2009 - 08:47 PM

EB, I'm wit's end alittle bit here. I ran OTL twice and it generated the OTL logfile each time, but did not create an extras,txt either time (even though it did create an extras.txt file when I ran it on Monday the 21st). I searched high and low for the icon or the file and cannot seem to locate it.

FYI, you had asked what kind of problems I continue to encounter. I am still having redirect problems and I have had the computer forcing shut downs on me in the last few days. Also, extremely poor (i.e. slooooow) performance.



OTL logfile created on: 12/23/2009 8:13:20 PM - Run 4
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

318.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 36.00% Memory free
595.00 Mb Paging File | 96.00 Mb Available in Paging File | 16.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 1.02 Gb Free Space | 5.46% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OEMCOMPUTER
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2009/10/14 15:43:06 | 03,217,368 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/10/14 15:42:38 | 00,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/08/12 14:19:32 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/25 12:58:12 | 00,356,352 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2008/11/25 12:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/02/14 05:44:30 | 00,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2007/12/22 17:30:48 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/06/13 06:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 19:52:16 | 00,936,960 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2007/05/11 15:20:04 | 02,061,816 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2006/11/30 21:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2004/08/04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002/08/28 13:12:06 | 00,077,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2001/08/17 22:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\SYSTEM32\pctspk.exe
PRC - [1999/09/05 05:23:22 | 00,053,317 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKCALREM.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2006/08/25 11:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 15:42:38 | 00,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/12 14:19:32 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/11/25 12:48:38 | 00,991,232 | ---- | M] () [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2001/08/17 22:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2009/12/18 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091218.003\navex15.sys -- (NAVEX15)
DRV - [2009/12/18 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091218.003\naveng.sys -- (NAVENG)
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/10/16 21:05:02 | 00,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 12:00:00 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wADV05NT.sys -- (iAimFP2)
DRV - [2004/01/08 23:45:12 | 00,256,896 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrv8k51.sys -- (W8100PCI)
DRV - [2002/06/19 19:57:14 | 00,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002/06/19 19:57:12 | 00,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 00,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\S-1-5-21-1547161642-1682526488-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\S-1-5-21-1547161642-1682526488-1202660629-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\S-1-5-21-1547161642-1682526488-1202660629-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\S-1-5-21-1547161642-1682526488-1202660629-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (358509 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12308 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKCALREM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Green eKeySetup....lnk = C:\Program Files\eKeys\eKeys.exe (BTC Korea Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus G\AIRPLUS.exe (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2005/10/20 16:00:32 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-20\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1004\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1006\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1007\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1547161642-1682526488-1202660629-1008\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7934.5152546296 (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://motophoto.lifepics.com/net/Uploader...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://motophoto.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://66.242.36.104/app/view22RTE.cab (View22RTE Class)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-its51 {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/06/08 17:00:00 | 00,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2005/01/09 10:05:44 | 00,000,261 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2005/01/09 10:05:44 | 00,000,261 | -H-- | M] () - C:\Autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2009/12/22 18:53:27 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\default\Desktop\RootRepeal.exe
[2009/12/21 09:10:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2009/12/06 12:55:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\Hijack this
[2009/12/06 12:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/06 12:44:36 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\default\Desktop\HijackThisInstaller.exe
[2009/12/06 12:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/06 12:19:25 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2009/12/06 12:19:25 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2009/12/06 12:19:24 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2009/12/06 12:19:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/06 12:18:56 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/11/26 09:01:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/26 09:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/21 17:00:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\Book Fair Order Form Original
[2009/11/01 15:16:48 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009/11/01 14:40:22 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2009/10/29 16:49:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\view22
[2009/10/29 16:48:59 | 01,706,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/10/29 16:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\View22
[2009/10/29 16:48:57 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2009/10/20 09:58:48 | 00,263,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2005/10/16 15:45:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/16 15:45:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[9 C:\Documents and Settings\default\My Documents\*.tmp files -> C:\Documents and Settings\default\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2009/12/23 20:06:10 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2009/12/23 19:42:42 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Dear Santa 091223.doc
[2009/12/23 19:35:32 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft Word.lnk
[2009/12/23 19:33:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/23 19:30:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/23 19:29:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/23 19:29:52 | 33,402,4704 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/23 19:28:28 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\default\ntuser.dat
[2009/12/23 19:28:28 | 00,000,248 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2009/12/22 22:16:54 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2009/12/22 18:53:30 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\default\Desktop\RootRepeal.exe
[2009/12/22 18:40:04 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\default\Desktop\settings.dat
[2009/12/21 16:20:54 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\default\My Documents\_922 Log.doc
[2009/12/21 09:10:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2009/12/09 21:39:42 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft Excel.lnk
[2009/12/09 20:37:36 | 00,305,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 20:37:36 | 00,037,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 20:37:32 | 00,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 03:13:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/06 15:56:34 | 00,133,632 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Screen capture of quarantined viruses 091206.ppt
[2009/12/06 15:54:06 | 00,002,469 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Microsoft PowerPoint.lnk
[2009/12/06 13:52:40 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\default\My Documents\5 December 09.doc
[2009/12/06 12:51:12 | 00,009,271 | ---- | M] () -- C:\Documents and Settings\default\My Documents\hijackthis 091206
[2009/12/06 12:46:02 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\default\Desktop\HijackThis.lnk
[2009/12/06 12:44:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\default\Desktop\HijackThisInstaller.exe
[2009/12/06 12:19:36 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/05 23:00:02 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2009/12/04 13:31:50 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Dad's finances 091204.doc
[2009/12/04 12:00:44 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Albert's Phone Guide 091204.doc
[2009/12/04 10:23:20 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Dad's House - to do list 091204.doc
[2009/11/30 20:54:22 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\default\My Documents\28 November 09.doc
[2009/11/29 10:38:06 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\default\My Documents\922_Project Mgmt and Budget 091018.doc
[2009/11/29 08:50:58 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Math 1.doc
[2009/11/26 09:01:48 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2009/11/21 17:01:14 | 00,591,872 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Order Form Original.xls
[2009/11/21 15:04:56 | 00,000,214 | ---- | M] () -- C:\Documents and Settings\default\Desktop\PBS KIDS . Games.url
[2009/11/21 10:43:56 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\default\My Documents\21 November 09.doc
[2009/11/11 03:35:38 | 00,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 03:09:08 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/10 18:18:02 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Comments on Margeson paintings.doc
[2009/11/07 16:08:26 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Megan Books.doc
[2009/11/07 11:57:38 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\default\My Documents\7 November 09.doc
[2009/11/07 10:15:22 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\5 November 09.doc
[2009/11/05 18:03:16 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\default\My Documents\TheThreeLittlyPigs.doc
[2009/11/05 16:58:44 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\5 November 09 Notes.doc
[2009/11/05 16:22:04 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\4 November 09.doc
[2009/11/05 16:22:00 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\IRS letter 091104.doc
[2009/11/04 17:09:48 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\megan.doc
[2009/11/04 17:09:38 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Kelly.doc
[2009/11/02 20:04:58 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\meg's story.doc
[2009/10/30 14:24:56 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\default\My Documents\31 October 09.doc
[2009/10/30 11:13:08 | 00,637,952 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Viruses 091031.ppt
[2009/10/29 02:47:00 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/10/29 02:47:00 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/10/29 02:46:58 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/29 02:46:58 | 01,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/10/29 02:46:58 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/10/29 02:46:58 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/10/29 02:46:58 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/10/29 02:46:58 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/10/29 02:46:58 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/10/29 02:46:58 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/10/29 02:46:58 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/10/29 02:46:58 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/10/29 02:46:58 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/10/29 02:46:58 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/10/29 02:46:56 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/10/29 02:46:56 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/10/29 02:46:56 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/10/29 02:46:56 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/10/29 02:46:56 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/10/29 02:46:56 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/10/29 02:46:56 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/10/29 02:46:56 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/10/29 02:46:54 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/10/29 02:46:54 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/10/29 02:46:54 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/10/29 02:46:54 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/10/29 02:46:52 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/10/29 02:46:52 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/10/29 02:46:52 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/10/29 02:46:52 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/10/29 02:46:52 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/10/29 02:46:52 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/10/29 02:46:52 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/10/29 02:46:52 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/10/29 02:46:52 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/10/29 02:46:52 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/10/29 02:46:52 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/10/29 02:46:52 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/10/29 02:46:52 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/10/29 02:46:52 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/10/29 02:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/10/29 02:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/10/29 02:46:50 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/10/29 02:46:50 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/10/29 02:46:50 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/10/29 02:46:50 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/10/28 09:36:32 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/10/28 09:36:12 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/10/28 09:36:12 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/10/28 09:36:12 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/10/28 09:36:12 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/10/28 07:18:38 | 00,701,566 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Door Images from Millwork Book 090928.pdf
[2009/10/28 07:13:18 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\default\My Documents\26 September 09.doc
[2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/10/28 01:52:46 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/10/28 01:52:46 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/10/26 14:42:42 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Hkkhlkgjhkljjjhkhjhkjkhjtkjkfhghgghhghgdhfghfshgdfjjjjjgjllllllllldfhhghgsddasjfhdghhkjkhljklullhgjl.doc
[2009/10/25 17:28:10 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\default\My Documents\kelly to alyssa.doc
[2009/10/23 12:34:22 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\default\My Documents\writing.doc
[2009/10/23 12:25:44 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\default\My Documents\24 October 09.doc
[2009/10/22 18:30:02 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Rounding.doc
[2009/10/21 01:00:56 | 00,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/10/21 01:00:56 | 00,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/10/21 01:00:56 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2009/10/21 01:00:56 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/10/20 09:58:48 | 00,263,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/10/17 19:53:02 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\default\My Documents\17 October 09.doc
[2009/10/17 12:49:58 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\default\My Documents\10 October 09.doc
[2009/10/13 05:53:30 | 00,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2009/10/13 05:53:30 | 00,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 08:54:18 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2009/10/12 08:54:18 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 08:54:18 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2009/10/12 08:54:18 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/10/11 13:52:26 | 00,065,776 | ---- | M] () -- C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/10 09:14:10 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\default\My Documents\MATH QIZZ.doc
[2009/10/09 13:53:56 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by color.xls
[2009/10/09 13:53:12 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by room.xls
[2009/10/09 13:49:24 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Color Scheme.xls
[2009/10/08 15:07:34 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\default\My Documents\kelly's.doc
[8 C:\Documents and Settings\default\My Documents\*.tmp files -> C:\Documents and Settings\default\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/23 19:27:19 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Dear Santa 091223.doc
[2009/12/22 22:16:52 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2009/12/06 15:56:33 | 00,133,632 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Screen capture of quarantined viruses 091206.ppt
[2009/12/06 14:58:41 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\default\Desktop\settings.dat
[2009/12/06 12:51:11 | 00,009,271 | ---- | C] () -- C:\Documents and Settings\default\My Documents\hijackthis 091206
[2009/12/06 12:46:00 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\default\Desktop\HijackThis.lnk
[2009/12/06 12:19:34 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/04 17:20:55 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\default\My Documents\5 December 09.doc
[2009/12/04 12:37:36 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Dad's finances 091204.doc
[2009/12/04 11:54:40 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Albert's Phone Guide 091204.doc
[2009/12/04 09:09:27 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Dad's House - to do list 091204.doc
[2009/11/29 08:50:56 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Math 1.doc
[2009/11/28 10:39:05 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\default\My Documents\28 November 09.doc
[2009/11/26 09:01:47 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2009/11/21 17:01:09 | 00,591,872 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Order Form Original.xls
[2009/11/21 10:43:54 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\default\My Documents\21 November 09.doc
[2009/11/11 03:09:07 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/10 18:18:00 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Comments on Margeson paintings.doc
[2009/11/07 16:08:22 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Megan Books.doc
[2009/11/07 10:22:41 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\default\My Documents\7 November 09.doc
[2009/11/05 18:03:15 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\default\My Documents\TheThreeLittlyPigs.doc
[2009/11/05 16:58:42 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\5 November 09 Notes.doc
[2009/11/05 07:55:36 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\5 November 09.doc
[2009/11/04 17:09:47 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\megan.doc
[2009/11/04 17:09:36 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Kelly.doc
[2009/11/04 16:04:37 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\IRS letter 091104.doc
[2009/11/04 15:53:17 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\4 November 09.doc
[2009/11/02 20:04:56 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\meg's story.doc
[2009/10/30 14:24:53 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\default\My Documents\31 October 09.doc
[2009/10/30 11:13:06 | 00,637,952 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Viruses 091031.ppt
[2009/10/29 18:24:50 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\default\My Documents\kelly's.doc
[2009/10/28 07:18:35 | 00,701,566 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Door Images from Millwork Book 090928.pdf
[2009/10/26 14:42:39 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Hkkhlkgjhkljjjhkhjhkjkhjtkjkfhghgghhghgdhfghfshgdfjjjjjgjllllllllldfhhghgsddasjfhdghhkjkhljklullhgjl.doc
[2009/10/26 11:11:56 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\default\My Documents\26 September 09.doc
[2009/10/23 12:34:21 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\default\My Documents\writing.doc
[2009/10/23 10:47:15 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\default\My Documents\24 October 09.doc
[2009/10/22 19:01:09 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\default\My Documents\kelly to alyssa.doc
[2009/10/22 17:09:32 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Rounding.doc
[2009/10/17 14:22:25 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\default\My Documents\17 October 09.doc
[2009/10/17 12:14:56 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\default\My Documents\922_Project Mgmt and Budget 091018.doc
[2009/10/09 13:53:10 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by room.xls
[2009/10/09 13:49:41 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Color Scheme_sort by color.xls
[2009/10/09 13:35:10 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\default\My Documents\MATH QIZZ.doc
[2009/10/09 11:23:10 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\default\My Documents\10 October 09.doc
[2009/10/06 15:41:47 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Color Scheme.xls
[2008/12/26 08:56:45 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2006/09/13 15:08:08 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/12 17:09:14 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/11/09 10:09:00 | 00,000,448 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/10/16 21:17:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/16 16:12:05 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/16 16:07:07 | 00,003,133 | ---- | C] () -- C:\WINDOWS\WPR.INI
[2005/10/16 16:07:07 | 00,000,932 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2005/10/16 16:07:07 | 00,000,728 | ---- | C] () -- C:\WINDOWS\PTCOUNTY.INI
[2005/10/16 16:07:07 | 00,000,642 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/16 16:07:07 | 00,000,395 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/10/16 16:07:07 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005/10/16 16:07:07 | 00,000,199 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/16 16:07:07 | 00,000,184 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/10/16 16:07:07 | 00,000,169 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2005/10/16 16:07:07 | 00,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/10/16 16:07:07 | 00,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2005/10/16 16:07:07 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005/10/16 16:07:07 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRINTSERVER.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2005/10/16 16:07:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/10/16 16:07:06 | 00,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005/10/16 16:07:06 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005/10/16 16:07:06 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2005/10/16 16:07:06 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005/10/16 16:07:06 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005/10/16 16:07:06 | 00,000,174 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2005/10/16 16:07:06 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005/10/16 16:07:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005/10/16 16:07:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/01/07 19:39:13 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/08/03 22:59:44 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/04/08 22:01:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\default\Application Data\dm.ini
[2002/09/03 22:22:11 | 00,007,432 | ---- | C] () -- C:\Program Files\Fyu60B3.exe
[2002/09/03 22:21:48 | 00,007,432 | ---- | C] () -- C:\Program Files\Idd5302.exe
[2002/09/03 22:09:28 | 00,007,432 | ---- | C] () -- C:\Program Files\Tmw91C0.exe
[2002/09/02 23:23:11 | 00,007,432 | ---- | C] () -- C:\Program Files\Uqe70B3.exe
[2002/09/02 23:21:02 | 00,007,432 | ---- | C] () -- C:\Program Files\Ipt5023.exe
[2002/09/02 23:16:22 | 00,007,432 | ---- | C] () -- C:\Program Files\Tgu160.exe
[2002/09/02 18:27:28 | 00,007,432 | ---- | C] () -- C:\Program Files\XuB1C4.exe
[2002/09/02 18:20:54 | 00,007,432 | ---- | C] () -- C:\Program Files\Rd4355.exe
[2002/08/30 20:30:23 | 00,007,432 | ---- | C] () -- C:\Program Files\VhdE175.exe
[2002/08/30 09:00:31 | 00,007,432 | ---- | C] () -- C:\Program Files\Pee1F1.exe
[2002/08/30 08:44:16 | 00,007,432 | ---- | C] () -- C:\Program Files\ArC101.exe
[2002/08/28 13:10:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/08/28 07:07:15 | 00,007,432 | ---- | C] () -- C:\Program Files\Kgb70E3.exe
[2002/08/27 23:02:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Hbc2054.exe
[2002/08/27 22:57:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Urw9052.exe
[2002/08/27 22:51:05 | 00,007,432 | ---- | C] () -- C:\Program Files\Cgg3050.exe
[2002/08/27 22:39:40 | 00,007,432 | ---- | C] () -- C:\Program Files\Jtn7285.exe
[2002/08/27 22:35:25 | 00,007,432 | ---- | C] () -- C:\Program Files\Xg3193.exe
[2002/08/27 22:18:10 | 00,007,432 | ---- | C] () -- C:\Program Files\Pgv20A0.exe
[2002/08/27 22:14:51 | 00,007,432 | ---- | C] () -- C:\Program Files\DjtE325.exe
[2002/08/26 23:06:16 | 00,007,432 | ---- | C] () -- C:\Program Files\Fi6103.exe
[2002/08/26 22:58:16 | 00,007,432 | ---- | C] () -- C:\Program Files\SobA104.exe
[2002/08/26 22:50:25 | 00,007,432 | ---- | C] () -- C:\Program Files\Gvj2191.exe
[2002/08/24 22:18:50 | 00,007,432 | ---- | C] () -- C:\Program Files\Le2322.exe
[2001/12/15 07:47:50 | 00,446,976 | ---- | C] () -- C:\Program Files\cp1setup.exe
[2001/10/02 22:59:20 | 00,003,373 | ---- | C] () -- C:\Documents and Settings\default\Application Data\dw.log
[2001/08/25 11:30:41 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\aecrm.dll
[2001/08/12 21:25:16 | 00,048,128 | ---- | C] () -- C:\WINDOWS\System32\HPFPNP.DLL
[2001/05/15 15:08:25 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\IGFXDGPS.DLL
[2001/05/15 14:14:08 | 00,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
< End of report >




Look forward to anything you can make of this. I am at loss about the lack of an extras.txt file. Let me know if you want me to try something else.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 23 December 2009 - 09:09 PM

Thanks for that log. At the moment Extras is not needed, I'll let you know if I need it ;)

Let's start off with Combofix.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 blss

blss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 24 December 2009 - 12:31 AM

EB, as requested, one ComboFix Log:

ComboFix 09-12-23.02 - default 12/23/2009 23:46:35.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.318.23 [GMT -5:00]
Running from: c:\documents and settings\default\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\start.exe
c:\windows\system32\clrviddc.dll
c:\windows\system32\windows.scr
c:\windows\Web\default.htt

c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-06 17:45 . 2009-12-06 17:45 -------- d-----w- c:\program files\Trend Micro
2009-12-06 17:20 . 2009-12-06 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-26 14:01 . 2009-11-26 14:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-26 14:01 . 2009-11-26 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 21:49 . 2009-10-29 21:49 -------- d-----w- c:\documents and settings\default\Application Data\view22
2009-10-29 21:49 . 2009-10-29 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\View22
2009-10-29 07:47 . 2005-10-16 20:18 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2005-10-16 20:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2005-10-16 20:14 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:00 . 2005-10-16 20:17 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2005-10-16 20:15 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 04:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2005-10-16 20:16 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2005-10-16 20:16 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54 . 2005-10-16 20:16 69632 ----a-w- c:\windows\system32\raschap.dll
2002-09-04 03:22 . 2002-09-04 03:22 7432 ----a-w- c:\program files\Fyu60B3.exe
2002-09-04 03:21 . 2002-09-04 03:21 7432 ----a-w- c:\program files\Idd5302.exe
2002-09-04 03:09 . 2002-09-04 03:09 7432 ----a-w- c:\program files\Tmw91C0.exe
2002-09-03 04:23 . 2002-09-03 04:23 7432 ----a-w- c:\program files\Uqe70B3.exe
2002-09-03 04:21 . 2002-09-03 04:21 7432 ----a-w- c:\program files\Ipt5023.exe
2002-09-03 04:16 . 2002-09-03 04:16 7432 ----a-w- c:\program files\Tgu160.exe
2002-09-02 23:27 . 2002-09-02 23:27 7432 ----a-w- c:\program files\XuB1C4.exe
2002-09-02 23:20 . 2002-09-02 23:20 7432 ----a-w- c:\program files\Rd4355.exe
2002-08-31 01:30 . 2002-08-31 01:30 7432 ----a-w- c:\program files\VhdE175.exe
2002-08-30 14:00 . 2002-08-30 14:00 7432 ----a-w- c:\program files\Pee1F1.exe
2002-08-30 13:44 . 2002-08-30 13:44 7432 ----a-w- c:\program files\ArC101.exe
2002-08-28 12:07 . 2002-08-28 12:07 7432 ----a-w- c:\program files\Kgb70E3.exe
2002-08-28 04:02 . 2002-08-28 04:02 7432 ----a-w- c:\program files\Hbc2054.exe
2002-08-28 03:57 . 2002-08-28 03:57 7432 ----a-w- c:\program files\Urw9052.exe
2002-08-28 03:51 . 2002-08-28 03:51 7432 ----a-w- c:\program files\Cgg3050.exe
2002-08-28 03:39 . 2002-08-28 03:39 7432 ----a-w- c:\program files\Jtn7285.exe
2002-08-28 03:35 . 2002-08-28 03:35 7432 ----a-w- c:\program files\Xg3193.exe
2002-08-28 03:18 . 2002-08-28 03:18 7432 ----a-w- c:\program files\Pgv20A0.exe
2002-08-28 03:14 . 2002-08-28 03:14 7432 ----a-w- c:\program files\DjtE325.exe
2002-08-27 04:06 . 2002-08-27 04:06 7432 ----a-w- c:\program files\Fi6103.exe
2002-08-27 03:58 . 2002-08-27 03:58 7432 ----a-w- c:\program files\SobA104.exe
2002-08-27 03:50 . 2002-08-27 03:50 7432 ----a-w- c:\program files\Gvj2191.exe
2002-08-25 03:18 . 2002-08-25 03:18 7432 ----a-w- c:\program files\Le2322.exe
2001-12-15 12:47 . 2001-12-15 12:47 446976 ----a-w- c:\program files\cp1setup.exe
2001-05-15 19:14 . 2001-05-15 19:14 23357 ---h--w- c:\program files\folder.htt
2008-12-25 18:12 . 2008-12-25 18:12 0 --sha-w- c:\windows\DRM\Cache\Indiv01.tmp
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2004-08-04 17:00 . 186F7A5926A2264286EF4A83637B9E03 . 95360 . . [------] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-04 122940]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-08-28 77824]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-07 936960]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-22 98304]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-04 122940]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Printing Migration"="c:\windows\system32\spool\migrate.dll" [2004-08-04 30208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-5 53317]
Start Green eKeySetup....lnk - c:\program files\eKeys\eKeys.exe [2001-6-1 319488]
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2005-10-16 294912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-12-25 374104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"CountrySelection"=pctptt.exe
"PCTVOICE"=pctvoice.exe
"LoadQM"=loadqm.exe
"TkBellExe"=c:\program files\Common Files\Real\Update_OB\evntsvc.exe -osboot
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"vptray"=c:\progra~1\NORTON~1\vptray.exe
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

S3 Ptserli;PCTEL Serial Device Driver for INTEL;c:\windows\SYSTEM32\DRIVERS\ptserli.sys [10/16/2005 3:48 PM 128286]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 21:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
------- Supplementary Scan -------
.
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://motophoto.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 00:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8274A50C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8195fc3
\Driver\ACPI -> ACPI.sys @ 0xf8108cb8
\Driver\atapi -> atapi.sys @ 0xf80c07b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(340)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(400)
c:\windows\system32\WININET.dll
.
Completion time: 2009-12-24 00:25:30
ComboFix-quarantined-files.txt 2009-12-24 05:25

Pre-Run: 1,107,345,408 bytes free
Post-Run: 3,161,587,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 122738201D72884F8E2C90D2FA897C90


Look forward to your insight. Regards, BLSS

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 24 December 2009 - 11:17 AM

Hello again.

Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users