here we go.
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-18
Flags REG_DWORD 12 (0xc)
State REG_DWORD 0 (0x0)
RefCount REG_DWORD 1 (0x1)
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1521258866 (0xa5536e8e)
ProfileLoadTimeHigh REG_DWORD 30060795 (0x1cab0fb)
RefCount REG_DWORD 3 (0x3)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1527665116 (0xa4f1ae24)
ProfileLoadTimeHigh REG_DWORD 30060795 (0x1cab0fb)
RefCount REG_DWORD 2 (0x2)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1060284298-220523388-839522115-1000
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.TIM.000
Sid REG_BINARY 0105000000000005150000008aa7323f7ceb240d43170a32e8030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1128922386 (0xbcb602ee)
ProfileLoadTimeHigh REG_DWORD 30060790 (0x1cab0f6)
RefCount REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1060284298-220523388-839522115-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Me
Sid REG_BINARY 0105000000000005150000008aa7323f7ceb240d43170a32eb030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1585552992 (0x5e819e60)
ProfileLoadTimeHigh REG_DWORD 29987098 (0x1c9911a)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)
NextLogonCacheable REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1060284298-220523388-839522115-1004
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Matt
Sid REG_BINARY 0105000000000005150000008aa7323f7ceb240d43170a32ec030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -160008982 (0xf67674ea)
ProfileLoadTimeHigh REG_DWORD 30053466 (0x1ca945a)
RefCount REG_DWORD 0 (0x0)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1060284298-220523388-839522115-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Bonnie
Sid REG_BINARY 0105000000000005150000008aa7323f7ceb240d43170a32ed030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 260 (0x104)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 677402558 (0x286057be)
ProfileLoadTimeHigh REG_DWORD 29987102 (0x1c9911e)
RefCount REG_DWORD 0 (0x0)
RunLogonScriptSync REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1060284298-220523388-839522115-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\TT
Sid REG_BINARY 0105000000000005150000008aa7323f7ceb240d43170a32ee030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 4 (0x4)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1031772550 (0xc280667a)
ProfileLoadTimeHigh REG_DWORD 29987174 (0x1c99166)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1060284298-220523388-839522115-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\tjt
Sid REG_BINARY 0105000000000005150000008aa7323f7ceb240d43170a32ef030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 572556542 (0x222084fe)
ProfileLoadTimeHigh REG_DWORD 30060798 (0x1cab0fe)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)
NextLogonCacheable REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1060284298-220523388-839522115-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Mom
Sid REG_BINARY 0105000000000005150000008aa7323f7ceb240d43170a32f1030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 4 (0x4)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 2060025254 (0x7ac97da6)
ProfileLoadTimeHigh REG_DWORD 30020951 (0x1ca1557)
RefCount REG_DWORD 0 (0x0)
RunLogonScriptSync REG_DWORD 0 (0x0)
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
Certificate REG_BINARY 01000000010000000100000006005c005253413148000000000200003f00000001000100e35b80991d5c630adc910cb705fcaeb11b3e2ede10cd65dcd0ef5c2ccc16f710930a600f5f6e23cfc0c6548d059ed6767bb708d16d7dd16979d6ece3f1ae5bb0000000000000000008004800b24a733dee1b1ad3019512b6117356aaf02b2a6fcfd7a6d289a9308bbeb5a2764f5b63acdb483b2909b7d31b6c442137a174fd52c3634cf44e27a9ae38e63e6c0000000000000000
User name HelpAssistant
Full Name Remote Desktop Help Assistant Account
Comment Account for Providing Remote Assistance
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 2/18/2010 6:01 PM
Password expires Never
Password changeable 2/18/2010 6:01 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 2/18/2010 6:01 PM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.
ComboFix 10-02-18.09 - tjt 02/19/2010 9:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2897 [GMT -6:00]
Running from: c:\documents and settings\tjt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tjt\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.
2010-02-19 13:50 . 2010-02-19 13:50 41 ----a-w- C:\fixme.bat
2010-02-19 13:47 . 2010-02-19 13:47 77312 ----a-w- C:\mbr.exe
2010-02-08 15:00 . 2009-02-26 11:39 143360 ----a-w- c:\windows\system32\RTInstaller32.exe
2010-02-03 16:14 . 2010-01-14 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-03 16:09 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-03 16:08 . 2010-02-03 16:09 -------- d-----w- c:\program files\Microsoft Security Essentials
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 03:57 . 2009-09-15 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-11 23:59 . 2009-03-11 18:01 -------- d-----w- c:\program files\Microsoft Streets and Trips
2010-02-09 14:01 . 2009-02-18 01:39 24328 -c--a-w- c:\documents and settings\tjt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 01:13 . 2009-06-11 17:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-03 15:07 . 2009-02-17 17:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-26 14:41 . 2009-12-08 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 14:40 . 2010-01-04 21:19 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 20:56 . 2010-01-14 20:56 -------- d-----w- c:\documents and settings\tjt\Application Data\Media Player Classic
2010-01-13 20:19 . 2010-01-13 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-01-13 15:44 . 2009-02-17 16:18 -------- d-----w- c:\program files\Realtek
2010-01-13 15:44 . 2009-02-17 15:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 15:22 . 2010-01-13 15:22 -------- d-----w- c:\documents and settings\tjt\Application Data\DeviceDoctorSoftware
2010-01-13 15:22 . 2010-01-13 15:22 -------- d-----w- c:\program files\Device Doctor
2010-01-13 14:55 . 2010-01-13 14:54 -------- d-----w- c:\program files\MSI
2010-01-13 14:16 . 2010-01-13 14:16 -------- d-----w- c:\documents and settings\Matt\Application Data\Malwarebytes
2010-01-08 14:53 . 2010-01-08 14:53 -------- d-----w- c:\program files\Trend Micro
2010-01-07 22:07 . 2009-12-08 19:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-08 19:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:41 . 2010-01-02 22:44 -------- d-----w- c:\program files\CCleaner
2010-01-05 10:00 . 2001-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-02-17 15:39 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2001-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-02 17:36 . 2009-02-18 22:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-30 14:52 . 2009-02-19 01:46 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-29 18:00 . 2009-12-29 18:00 -------- d-----w- c:\documents and settings\tjt\Application Data\Hotbar_Icons
2009-12-29 17:54 . 2009-12-29 17:54 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 15:19 . 2009-12-29 15:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-28 22:54 . 2009-12-28 22:54 -------- d-----w- c:\documents and settings\tjt\Application Data\uniblue
2009-12-28 22:53 . 2009-12-28 22:53 -------- d-----w- c:\program files\Uniblue
2009-12-26 17:28 . 2009-02-19 03:25 34 ----a-w- c:\windows\system32\BD2040.DAT
2009-12-26 00:19 . 2009-12-25 23:40 -------- d-----w- c:\program files\PCPitstop
2009-12-25 23:45 . 2009-12-25 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-11-21 15:51 . 2001-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-19_13.40.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 15:10 . 2010-02-19 15:10 16384 c:\windows\Temp\Perflib_Perfdata_b84.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-17 17880576]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
2003-03-04 12:49 86100 ----a-w- c:\program files\Lexmark X5100 Series\lxbabmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/13/2010 9:30 AM 1684736]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]
.
.
------- Supplementary Scan -------
.
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\tjt\Application Data\Mozilla\Firefox\Profiles\m9kd5gw1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-19 09:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A3DED0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> 0x89a3ded0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC -> SendCompleteHandler -> 0x89b59690
PacketIndicateHandler -> NDIS.sys @ 0xb9e13a21
SendHandler -> NDIS.sys @ 0xb9df187b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\ati\\atidrv\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-02-19 09:12:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-19 15:12
ComboFix2.txt 2010-02-19 13:41
Pre-Run: 9,374,646,272 bytes free
Post-Run: 9,405,820,928 bytes free
- - End Of File - - A7F4C1AFEFF66F1174F73997B67F4E33
OTL logfile created on: 2/19/2010 9:20:29 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\tjt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 8.78 Gb Free Space | 44.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 54.99 Gb Total Space | 35.18 Gb Free Space | 63.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TIM
Current User Name: tjt
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/02/19 09:16:48 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tjt\Desktop\OTL.exe
PRC - [2010/01/02 09:42:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/04/17 17:24:54 | 017,880,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/07/03 21:12:02 | 000,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/04/13 18:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/02/28 00:28:34 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/02/28 00:25:59 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
========== Modules (SafeList) ========== MOD - [2010/02/19 09:16:48 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tjt\Desktop\OTL.exe
========== Win32 Services (SafeList) ========== SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/01/13 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/07/03 21:12:02 | 000,561,152 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/28 00:28:34 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/09/02 00:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/06/18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/04/20 23:13:30 | 005,070,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/27 00:33:42 | 000,130,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/04 00:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 02:21:50 | 000,017,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Ntaccess.sys -- (NTACCESS)
DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/11 19:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/09 00:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/02/22 07:03:28 | 000,031,273 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2001/08/18 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-220523388-839522115-1007\S-1-5-21-1060284298-220523388-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/04 14:51:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/02 09:42:12 | 000,000,000 | ---D | M]
[2009/12/29 11:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Mozilla\Extensions
[2010/01/02 11:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Mozilla\Firefox\Profiles\m9kd5gw1.default\extensions
[2009/12/29 11:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/02/19 09:10:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1060284298-220523388-839522115-1007\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-220523388-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-220523388-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-220523388-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-220523388-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1060284298-220523388-839522115-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/microsoftupdat...b?1262452518156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdat...b?1262452504609 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E}
http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7}
http://www.photodex.com/pxplay.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/17 08:52:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/17 02:38:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg:
Lexmark X5100 Series - hkey= - key= - C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe (Lexmark International, Inc.)
MsConfig - StartUpReg:
MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\MOBILEV.ACM ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 30 Days ========== [2010/02/19 09:16:48 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tjt\Desktop\OTL.exe
[2010/02/19 08:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tjt\Desktop\SWRegfolder
[2010/02/19 07:37:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/19 07:36:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/19 07:36:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/19 07:36:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/19 07:36:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/19 07:36:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/19 07:35:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/16 10:07:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tjt\Recent
[2010/02/08 09:00:14 | 000,143,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTInstaller32.exe
[2010/02/03 10:14:30 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/03 10:09:12 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/03 10:09:12 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/03 10:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/02/03 10:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/03 09:58:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/03 09:58:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/03 09:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/03 09:30:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/02/19 09:16:48 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tjt\Desktop\OTL.exe
[2010/02/19 09:14:55 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/19 09:10:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/19 09:10:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/19 09:10:03 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/19 09:09:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/19 09:09:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 09:09:06 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\tjt\ntuser.dat
[2010/02/19 09:08:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\tjt\ntuser.ini
[2010/02/19 09:08:39 | 003,489,980 | -H-- | M] () -- C:\Documents and Settings\tjt\Local Settings\Application Data\IconCache.db
[2010/02/19 09:01:41 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\ha.bat
[2010/02/19 07:50:26 | 000,000,041 | ---- | M] () -- C:\fixme.bat
[2010/02/19 07:47:36 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/02/19 07:37:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/19 07:35:24 | 003,865,026 | R--- | M] () -- C:\Documents and Settings\tjt\Desktop\ComboFix.exe
[2010/02/19 07:29:01 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\rkill.pif
[2010/02/19 07:05:57 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2010/02/18 20:24:08 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/18 15:24:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\gmer.zip
[2010/02/18 15:20:59 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\dds.scr
[2010/02/18 15:08:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tjt\defogger_reenable
[2010/02/18 15:06:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\Defogger.exe
[2010/02/17 14:36:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/02/11 18:03:53 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\tjt\My Documents\Welcome to Florida.doc
[2010/02/09 17:19:17 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\Microsoft Office Excel 2003 (2).lnk
[2010/02/09 08:01:51 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\tjt\My Documents\cc_20100209_080146.reg
[2010/02/09 08:01:05 | 000,024,328 | ---- | M] () -- C:\Documents and Settings\tjt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/09 08:00:43 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/04 08:59:31 | 000,016,563 | ---- | M] () -- C:\Documents and Settings\tjt\My Documents\rptPercentage2years 02042010.pdf
[2010/02/03 19:13:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/03 14:47:28 | 000,004,790 | ---- | M] () -- C:\Documents and Settings\tjt\My Documents\cc_20100203_144725.reg
[2010/02/03 10:08:57 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/02/03 09:38:33 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\tjt\My Documents\cc_20100203_093829.reg
[2010/02/03 08:34:16 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\CCleaner.lnk
[2010/01/30 08:50:39 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\tjt\Desktop\Microsoft Streets & Trips.lnk
[2010/01/26 09:23:03 | 000,007,464 | ---- | M] () -- C:\Documents and Settings\tjt\My Documents\cc_20100126_092259.reg
[2010/01/26 07:52:46 | 000,029,672 | ---- | M] () -- C:\Documents and Settings\tjt\My Documents\cc_20100126_075241.reg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/02/19 09:01:41 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\tjt\Desktop\ha.bat
[2010/02/19 07:50:26 | 000,000,041 | ---- | C] () -- C:\fixme.bat
[2010/02/19 07:47:36 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/02/19 07:37:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/19 07:37:14 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/19 07:36:14 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/19 07:36:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/19 07:36:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/19 07:36:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/19 07:36:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/19 07:35:16 | 003,865,026 | R--- | C] () -- C:\Documents and Settings\tjt\Desktop\ComboFix.exe
[2010/02/19 07:28:58 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\tjt\Desktop\rkill.pif
[2010/02/18 15:24:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\tjt\Desktop\gmer.zip
[2010/02/18 15:20:57 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\tjt\Desktop\dds.scr
[2010/02/18 15:08:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tjt\defogger_reenable
[2010/02/18 15:06:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\tjt\Desktop\Defogger.exe
[2010/02/11 18:03:53 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\tjt\My Documents\Welcome to Florida.doc
[2010/02/09 08:01:49 | 000,002,264 | ---- | C] () -- C:\Documents and Settings\tjt\My Documents\cc_20100209_080146.reg
[2010/02/04 08:59:31 | 000,016,563 | ---- | C] () -- C:\Documents and Settings\tjt\My Documents\rptPercentage2years 02042010.pdf
[2010/02/03 14:47:26 | 000,004,790 | ---- | C] () -- C:\Documents and Settings\tjt\My Documents\cc_20100203_144725.reg
[2010/02/03 10:14:04 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/03 10:08:56 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/02/03 09:38:30 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\tjt\My Documents\cc_20100203_093829.reg
[2010/01/26 09:23:01 | 000,007,464 | ---- | C] () -- C:\Documents and Settings\tjt\My Documents\cc_20100126_092259.reg
[2010/01/26 07:52:43 | 000,029,672 | ---- | C] () -- C:\Documents and Settings\tjt\My Documents\cc_20100126_075241.reg
[2009/09/15 16:00:46 | 000,000,158 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/31 22:20:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/03/03 07:55:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/20 11:07:01 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\tjt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 19:22:18 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/18 16:35:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/17 19:11:44 | 000,000,410 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2008/12/19 08:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 10:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 10:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 10:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 10:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 09:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 04:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/02/01 08:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/02/28 00:33:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBALCNP.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/21 07:55:26 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbacoin.ini
========== LOP Check ========== [2009/06/07 19:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldMine
[2010/01/13 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/25 17:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/12/18 09:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/12/29 09:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/08 17:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\DeepBurner Pro
[2010/01/13 09:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\DeviceDoctorSoftware
[2009/12/16 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\GetRightToGo
[2009/12/29 12:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Hotbar_Icons
[2009/12/18 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Netscape
[2009/02/18 17:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\OfficeUpdate12
[2009/12/28 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\uniblue
[2010/02/19 09:14:55 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. >[2009/02/18 07:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/09/08 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/02/17 09:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/06/07 19:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldMine
[2009/12/08 13:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/03 10:09:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/01/13 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/18 09:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/02/18 16:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/12/25 17:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/12/18 09:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/02/17 21:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/29 09:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/17 09:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2010/01/26 08:40:48 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
< %APPDATA%\*. >[2009/07/25 13:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Adobe
[2009/03/11 06:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Ahead
[2009/02/17 19:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\ATI
[2009/02/23 17:36:32 | 000,000,000 | R--D | M] -- C:\Documents and Settings\tjt\Application Data\Brother
[2009/09/08 17:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\DeepBurner Pro
[2010/01/13 09:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\DeviceDoctorSoftware
[2009/12/16 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\GetRightToGo
[2009/12/29 12:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Hotbar_Icons
[2009/02/17 19:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Identities
[2009/02/17 19:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Macromedia
[2009/12/08 13:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Malwarebytes
[2010/01/14 14:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Media Player Classic
[2010/02/18 20:20:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\tjt\Application Data\Microsoft
[2009/06/02 20:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Move Networks
[2009/12/18 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Mozilla
[2009/12/18 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Netscape
[2009/02/18 17:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\OfficeUpdate12
[2009/06/20 10:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\Sun
[2009/12/28 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tjt\Application Data\uniblue
< %APPDATA%\*.exe /s >[2009/09/29 07:03:46 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\tjt\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
< %SYSTEMDRIVE%\*.exe >[2010/02/19 07:47:36 | 000,077,312 | ---- | M] () -- C:\mbr.exe
< MD5 for: AGP440.SYS >[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/17 10:00:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/02/17 10:00:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/17 10:00:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/02/17 10:00:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/18 06:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2001/08/18 06:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 2/19/2010 9:20:29 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\tjt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 8.78 Gb Free Space | 44.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 54.99 Gb Total Space | 35.18 Gb Free Space | 63.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TIM
Current User Name: tjt
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1060284298-220523388-839522115-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"6321:TCP" = 6321:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3535:TCP" = 3535:TCP:*:Enabled:Services
"7019:TCP" = 7019:TCP:*:Enabled:Services
"2630:TCP" = 2630:TCP:*:Enabled:Services
"4769:TCP" = 4769:TCP:*:Enabled:Services
"5442:TCP" = 5442:TCP:*:Enabled:Services
"6879:TCP" = 6879:TCP:*:Enabled:Services
"5144:TCP" = 5144:TCP:*:Enabled:Services
"4675:TCP" = 4675:TCP:*:Enabled:Services
"2332:TCP" = 2332:TCP:*:Enabled:Services
"2613:TCP" = 2613:TCP:*:Enabled:Services
"7363:TCP" = 7363:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{071B2530-DE3C-736C-E803-C2FC71B5FCC6}" = CCC Help English
"{091A013B-889B-DB85-3ED0-C2BB233F8062}" = CCC Help Thai
"{0926FCAB-78EE-22C8-BA2B-6711239A64AB}" = Catalyst Control Center Localization Spanish
"{16F1E7AA-3E4A-BAE1-5952-3511303CBF2A}" = CCC Help Chinese Traditional
"{1D3BFC7B-30BF-3687-8F69-C985F5E11B8A}" = Catalyst Control Center Localization Swedish
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{388181F4-8B46-3014-F565-86B483FC7F8F}" = CCC Help Norwegian
"{3C077648-DFED-519D-1D68-0F708C9A18C0}" = Catalyst Control Center Localization French
"{3C61FA6E-484E-1041-13C5-C045E63CD26E}" = ccc-core-static
"{4566ECCC-7E0F-13DF-57FF-46572D5C88D6}" = Catalyst Control Center Localization Thai
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{49D23949-485F-5237-A29D-4A437879A764}" = CCC Help Swedish
"{4ECA41F3-1746-E75C-C755-36B15E0CBFE5}" = CCC Help Korean
"{4F024C0E-72BC-11CA-2CC6-E27BF958D289}" = CCC Help Russian
"{54B6EB6F-60E2-40A8-1A59-DE81A20D71D4}" = CCC Help Finnish
"{67FD1065-9AB7-E3BF-2BC8-E6874F26C1E4}" = Catalyst Control Center Localization Greek
"{69364417-1721-2120-939E-3F0656984E8C}" = Catalyst Control Center Localization Polish
"{6D2DBCFC-22B1-5361-21AB-66BF7739904D}" = Catalyst Control Center Localization Finnish
"{6D442500-7D5D-F45B-940F-CF03ED854E88}" = ccc-utility
"{6E718153-1BE6-935F-F269-2E52893C926A}" = Catalyst Control Center Localization Turkish
"{6EEA1E34-96B6-7DDF-F566-ABCF65DD65C6}" = Catalyst Control Center Localization Japanese
"{71108A84-CD9E-F621-0E2E-FB436AF6ED53}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7617D8EF-B234-0EB9-A772-37CC9D64C7CE}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F0D4B6-CA19-1D28-AD0B-12EC980BB43F}" = CCC Help Hungarian
"{78B87CB6-2549-2ED7-522B-92BD7336B7AE}" = Catalyst Control Center Graphics Full New
"{8061C156-B1EC-ADCA-D639-0AA8DB908040}" = ccc-core-preinstall
"{806B5F54-AC5F-3A89-B4A6-902091281D22}" = Catalyst Control Center Localization Chinese Standard
"{86B8A984-70F0-D69F-C12E-F0C05B1AB92C}" = Catalyst Control Center Localization Norwegian
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3530FD-5E75-545C-D712-E91FE37EEF94}" = CCC Help French
"{8D74BDB3-005F-DA77-B265-E9B419F64263}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907C5E3C-8968-A7DC-0A4D-28D7BE0160E4}" = CCC Help Turkish
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96228425-7274-B574-55CE-50E59E033481}" = Catalyst Control Center Graphics Light
"{9978BA43-526E-B363-5951-BF1C9C442151}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CE072D3-AE52-769C-8C7E-3CC3CB187602}" = Catalyst Control Center Localization Italian
"{9D87CAA2-5DA2-CDA7-EBE0-EED718065CB0}" = CCC Help Italian
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAAF3330-05A9-6F21-E212-00F8535C854F}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B0874A9F-BAD6-FC1F-17CD-D733E16EF865}" = Catalyst Control Center Localization German
"{B0D4409A-2E6E-3C9C-89FD-6D2CC44A819A}" = CCC Help German
"{B19C2B54-C4FA-7077-D617-1C975F84F060}" = Catalyst Control Center Graphics Full Existing
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B476A489-864B-3859-5F86-3D7D7D8967D2}" = CCC Help Dutch
"{B4FC556B-D07A-AA91-E1FD-564023ACB63B}" = Catalyst Control Center Core Implementation
"{BA55BEB2-A531-1A7F-1360-3B05002D60EF}" = Catalyst Control Center Localization Danish
"{BAD58CBB-7F63-2E8B-8299-BE039EA022B0}" = CCC Help Greek
"{BC3A0A2C-BF3A-4717-1A9A-C3988E25DF2B}" = Catalyst Control Center Localization Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09FF913-6A12-8750-59ED-F4DC2F866DA3}" = CCC Help Spanish
"{D10DE2E6-C670-05DD-57AD-21E6E561B226}" = Catalyst Control Center Localization Czech
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D9DCAE50-FDC6-652D-F31D-A3FF49D81F5A}" = Catalyst Control Center Localization Portuguese
"{DD6F1F54-29A6-434E-97F9-EB978A9D225B}" = GoldMine 5.7
"{DDFAC722-4351-D8FE-0002-97ED0CF55294}" = CCC Help Japanese
"{E31B55E1-3168-1FEA-2F2B-FD1DF6810EC8}" = Catalyst Control Center Localization Russian
"{E69B9FA2-E456-CFB7-711B-B1B3F9A12727}" = Catalyst Control Center Localization Hungarian
"{E790D4DB-3418-482A-D703-89C50EC2FF81}" = CCC Help Czech
"{E9C2567D-F0E7-C47F-7C91-F43F5D3367EB}" = Skins
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9CA0C53-EE6B-B5FB-D735-95F822A87522}" = Catalyst Control Center Localization Dutch
"{FCA257D5-ABC8-440F-BCE0-AA9EFA383C87}" = Catalyst Control Center - Branding
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark X5100 Series" = Lexmark X5100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RTNUninstXPPCIE" = Realtek PCIE Network Adapter Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XP Codec Pack" = XP Codec Pack
"Zune" = Zune
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2/4/2010 1:00:43 PM | Computer Name = TIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module unknown, version 0.0.0.0, fault address 0x016a95b9.
Error - 2/4/2010 1:14:19 PM | Computer Name = TIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module unknown, version 0.0.0.0, fault address 0x016b95b9.
Error - 2/4/2010 3:37:40 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/6/2010 10:11:38 AM | Computer Name = TIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module unknown, version 0.0.0.0, fault address 0x01c395b9.
Error - 2/6/2010 1:20:49 PM | Computer Name = TIM | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Streets and Trips 2004 -- Error 1706.No valid source
could be found for product Microsoft Streets and Trips 2004. The Windows Installer
cannot continue.
Error - 2/8/2010 9:41:05 AM | Computer Name = TIM | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Streets and Trips 2004 -- Error 1706.No valid source
could be found for product Microsoft Streets and Trips 2004. The Windows Installer
cannot continue.
Error - 2/8/2010 10:23:54 AM | Computer Name = TIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module unknown, version 0.0.0.0, fault address 0x014c95b9.
Error - 2/8/2010 10:59:31 AM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/8/2010 1:03:00 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/16/2010 7:07:20 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 2/17/2010 7:09:34 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/18/2010 10:41:03 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/18/2010 11:58:23 AM | Computer Name = TIM | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 2/18/2010 11:58:28 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/18/2010 11:58:29 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 2/18/2010 5:03:38 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/18/2010 5:11:19 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/18/2010 7:59:46 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/18/2010 8:37:13 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/19/2010 11:09:53 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
< End of report >
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A3DED0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89a3ded0
NDIS: Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC -> SendCompleteHandler -> 0x89b59690
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
Windows IP Configuration
Host Name . . . . . . . . . . . . : tim
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC
Physical Address. . . . . . . . . : 00-21-85-5D-7A-4C
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Friday, February 19, 2010 4:50:14 AM
Lease Expires . . . . . . . . . . : Saturday, February 20, 2010 4:50:14 AM
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.47.99, 74.125.47.103, 74.125.47.104, 74.125.47.105
74.125.47.106, 74.125.47.147
Pinging google.com [74.125.47.106] with 32 bytes of data:
Reply from 74.125.47.106: bytes=32 time=57ms TTL=46
Reply from 74.125.47.106: bytes=32 time=72ms TTL=46
Ping statistics for 74.125.47.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 72ms, Average = 64ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 85 5d 7a 4c ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
Thanks Thanks Thanks did not have to change any browser settings to set up as specified.