Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SDCheck.exe/A0031440.exe Malware problem


  • This topic is locked This topic is locked
10 replies to this topic

#1 Switters73

Switters73

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 04 April 2010 - 11:14 AM

Hi,

Thanks for taking the time to look at this. Yesterday, Mcafee detected a trojan on my computer 'SDcheck.exe'. I allowed McAfee to delete the trojan and then about 10 mintues later I got another warning which detected two trojans 'A0031440.exe' and SDCHECK.EXE. The A0031440.exe was from a restore point and SDCHECK.EXE was in the spybot folder. I immediately googled the problem and one site told me to turn off the TeaTimer in Spybot, which I did. I haven't received another warning since then, but that seems like a bad fix for the problem. I would like to know if there is a better way to fix this problem. Below is my DDS log and I have attached the 'Attach.TXT' and GMER file as requested on your 'getting started site'. Thanks for your help.

Todd

DDS log----

DDS (Ver_10-03-17.01) - NTFSx86
Run by Todd at 13:20:19.57 on Sat 04/03/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.261 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.1.0\wrapper.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Todd\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dellnet.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.search.msn.com
mStart Page = hxxp://www.dellnet.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\todd\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
uPolicies-explorer: <NO NAME> =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097042096515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.6485763889
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - hxxp://centra.coe.tamu.edu/main/Install/en/US/CentraDownloader.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\todd\applic~1\mozilla\firefox\profiles\8cuwp3hg.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\documents and settings\todd\application data\mozilla\firefox\profiles\8cuwp3hg.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-20 28552]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-22 31816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-10-16 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-22 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-22 54608]
R2 SMS_v3_1_0;SMS_v3_1_0;c:\program files\rosetta stone\sms v3.1.0\wrapper.exe [2007-6-7 204800]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-10-16 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-10-16 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-10-16 174952]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2004-4-22 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2004-4-22 44928]

=============== Created Last 30 ================

2010-03-12 00:01:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll

==================== Find3M ====================

2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-07 00:19:10 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:57 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-26 05:43:57 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-26 05:43:55 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-02-26 05:43:54 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-21 20:08:34 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT

============= FINISH: 13:21:38.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:15 PM

Posted 08 April 2010 - 11:33 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then please post back here with the following:
  • log.txt
  • info.txt
  • MBAM log

Thanks

unite.jpg


#3 Switters73

Switters73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 12 April 2010 - 07:35 PM

Hi,

Thanks for the response. I have attached the files you requested

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:15 PM

Posted 13 April 2010 - 10:20 AM

Hi Switters73,

When replying with the logs please copy and paste them into the thread rather than attaching them, thanks.


Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    pci.sys
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

unite.jpg


#5 Switters73

Switters73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 13 April 2010 - 08:01 PM

Hi, thanks again for helping. I've pasted the OTL.TXT file and the Extras.TXT file

OTL logfile created on: 4/13/2010 7:46:28 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 532.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.79 Gb Free Space | 30.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 850.50 Gb Free Space | 91.30% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUFO
Current User Name: Todd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2010/04/03 09:16:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/09/30 15:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/06/10 01:21:01 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
PRC - [2008/05/22 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/05/22 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/05/22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/06/05 21:21:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/15 23:23:15 | 001,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2006/10/17 22:22:50 | 000,204,800 | ---- | M] () -- C:\Program Files\Rosetta Stone\SMS v3.1.0\wrapper.exe
PRC - [2006/09/28 14:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2001/08/31 13:44:30 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe

========== Modules (SafeList) ==========

MOD - [2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/05/22 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/05/22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/17 22:22:50 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Rosetta Stone\SMS v3.1.0\wrapper.exe -- (SMS_v3_1_0)
SRV - [2002/02/27 09:57:34 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/22 20:50:00 | 000,174,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2008/05/22 20:50:00 | 000,072,936 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2008/05/22 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2008/05/22 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys -- (mfetdik)
DRV - [2008/05/22 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2008/05/22 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/04/10 00:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/06/24 20:30:18 | 000,727,908 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USA19H2k.sys -- (USA19H)
DRV - [2003/06/24 20:21:20 | 000,044,928 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USA19H2kp.sys -- (USA19H2KP)
DRV - [2002/02/27 09:57:52 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/09/13 18:09:48 | 000,777,088 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/08/31 13:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/29 04:48:12 | 000,094,688 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\upatc.sys -- (UPATC)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/07/25 11:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 13:07:00 | 000,080,449 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\spkpnt.sys -- (SpeakerPhone)
DRV - [2001/07/18 13:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys -- (K56)
DRV - [2001/07/18 13:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 13:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 13:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys -- (Tones)
DRV - [2001/07/18 13:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys -- (Fallback)
DRV - [2001/07/18 13:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys -- (basic2)
DRV - [2001/07/18 13:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys -- (Rksample)
DRV - [2001/07/18 13:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys -- (V124)
DRV - [2001/07/11 11:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/20 17:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/sidesearch.html
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 19 66 EF FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/sidesearch.html
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 17:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 09:16:13 | 000,000,000 | ---D | M]

[2008/11/01 11:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2010/04/13 19:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions
[2009/09/05 09:43:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 21:06:18 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/05/06 21:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\moveplayer@movenetworks.com
[2010/04/12 18:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/12/22 11:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2004/10/06 00:20:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1097042096515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7871.6485763889 (Reg Error: Key error.)
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://centra.coe.tamu.edu/main/Install/en...aDownloader.cab (CentraDownloaderCtl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Todd/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 07:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/13 19:38:35 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/13 19:38:35 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\AutoRun\command - "" = a9.com
O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\explore\Command - "" = a9.com
O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\open\Command - "" = a9.com
O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2002/07/25 13:36:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~1\MICROS~4\Office10\OSA.EXE - File not found
MsConfig - StartUpReg: AHQInit - hkey= - key= - C:\Program Files\Creative\SBLive\Program\AHQINIT.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NAV Agent - hkey= - key= - C:\PROGRA~1\NORTON~1\navapw32.exe File not found
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 19:38:35 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/13 19:37:44 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2010/04/12 19:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Malwarebytes
[2010/04/12 19:20:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 19:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/12 19:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/12 19:19:47 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.45.exe
[2010/04/12 19:18:01 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Todd.exe
[2010/04/12 19:18:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/03 14:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Yahoo
[2010/04/03 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Yahoo!
[2010/04/03 14:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/03 09:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\Guitar
[2010/03/17 16:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Downloads
[2008/12/12 18:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/01 10:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/13 16:40:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Todd\Application Data\pcouffin.sys
[2005/01/07 23:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/12/15 15:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2004/12/15 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2002/07/25 15:02:59 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2002/07/25 13:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/07/25 13:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/07/25 13:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/13 19:42:38 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/13 19:41:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 19:41:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/13 19:40:32 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Todd\ntuser.dat
[2010/04/13 19:39:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Todd\NTUSER.INI
[2010/04/13 19:39:16 | 003,777,894 | -H-- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\IconCache.db
[2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2010/04/13 19:29:26 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Flash_Disinfector.exe
[2010/04/12 19:20:30 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 19:19:55 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.45.exe
[2010/04/12 19:17:24 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\RSIT.exe
[2010/04/12 18:58:42 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Ginger glazed Mahi Mahi.doc
[2010/04/04 10:36:32 | 000,557,705 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\TTDB_6_dmh.STM
[2010/04/03 13:22:35 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\gmer.zip
[2010/04/03 13:19:46 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2010/04/03 12:25:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 12:21:51 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 12:05:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Albums.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/15 18:34:25 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 18:34:25 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/15 18:34:25 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/13 19:29:26 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Flash_Disinfector.exe
[2010/04/12 19:20:30 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 19:17:15 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\RSIT.exe
[2010/04/12 18:58:42 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Ginger glazed Mahi Mahi.doc
[2010/04/03 17:14:33 | 000,557,705 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\TTDB_6_dmh.STM
[2010/04/03 13:22:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\gmer.zip
[2010/04/03 13:19:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2009/10/30 22:01:45 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Todd\webct_upload_applet.properties
[2008/12/23 15:17:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/12/23 14:50:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Effects
[2008/12/23 14:50:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Todd\Application Data\Drum Kits
[2008/12/23 14:50:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/12/23 14:48:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2008/12/23 14:48:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Todd\Application Data\Documentation
[2008/12/23 14:48:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/10/16 22:55:51 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/09/13 16:40:52 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.log
[2008/09/13 16:40:31 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\inst.exe
[2008/09/13 16:40:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.cat
[2008/09/13 16:40:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.inf
[2008/07/15 20:39:52 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/10/26 23:32:29 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Todd\output_roc
[2006/06/04 21:22:20 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Todd\default.pls
[2006/03/01 22:41:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/14 16:08:58 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2004/12/01 18:10:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/06 00:54:03 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\inetdctr.dll
[2004/10/06 00:22:16 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\tvmcwrd.dll
[2004/10/06 00:20:06 | 000,081,972 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/10/06 00:19:40 | 000,003,730 | ---- | C] () -- C:\WINDOWS\Slvbkxcn.ini
[2004/10/06 00:15:55 | 000,000,251 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/06 00:15:36 | 000,000,358 | ---- | C] () -- C:\WINDOWS\conscorr.ini
[2004/10/06 00:13:33 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DGGMKMIO.ini
[2004/07/24 11:49:12 | 000,000,185 | ---- | C] () -- C:\WINDOWS\MRINT.INI
[2004/06/17 21:24:34 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/05/29 08:13:09 | 011,796,480 | ---- | C] () -- C:\Documents and Settings\Todd\ntuser.dat
[2004/04/22 20:06:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\USA19HPropPage.dll
[2004/04/22 20:06:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2004/03/08 11:32:08 | 000,000,138 | ---- | C] () -- C:\WINDOWS\bxcrpro.ini
[2004/02/18 08:36:48 | 000,000,354 | ---- | C] () -- C:\WINDOWS\schema.ini
[2003/11/22 16:17:22 | 000,000,046 | ---- | C] () -- C:\WINDOWS\LayerUI.INI
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/21 22:22:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\symbologyUI.INI
[2003/09/07 17:28:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\fusioncache.dat
[2003/02/16 17:39:36 | 000,222,299 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/02/14 16:57:34 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2003/02/14 16:57:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2003/02/14 16:57:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2003/02/14 16:57:32 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2003/02/06 21:52:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/06 21:51:58 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/01/16 10:17:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\mpauth.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/15 15:45:58 | 000,000,090 | ---- | C] () -- C:\WINDOWS\hyprview.ini
[2002/08/13 16:33:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SpecCheck.INI
[2002/08/06 14:46:24 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/08/05 17:08:11 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/08/05 16:47:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/08/05 16:28:03 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\Todd\INSTALL.LOG
[2002/08/05 16:27:55 | 000,021,202 | -H-- | C] () -- C:\Documents and Settings\Todd\NOBULATE.LOG
[2002/08/05 16:27:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Todd\NTUSER.INI
[2002/08/05 16:27:53 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Todd\ntuser.dat.LOG
[2002/08/05 16:27:11 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2002/08/05 16:27:11 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2002/07/25 15:14:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/25 15:02:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/07/25 15:02:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/07/25 15:00:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/07/25 15:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/07/25 15:00:15 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/07/25 14:57:42 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/25 13:39:38 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/11/15 08:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/07/25 12:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 12:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2008/10/20 19:56:49 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2008/10/20 19:56:49 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Todd.exe


< MD5 for: ATAPI.SYS >
[2003/08/12 08:13:28 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2005/01/07 22:40:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/28 18:24:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2003/08/12 08:13:28 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2005/01/07 22:40:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/28 18:24:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/01/30 14:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2001/08/17 13:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: BEEP.SYS >
[2001/08/18 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\I386\BEEP.SYS
[2001/08/18 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2001/08/18 06:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2001/08/18 06:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\NETLOGON.DLL

< MD5 for: PCI.SYS >
[2003/08/12 08:13:28 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:pci.sys
[2005/01/07 22:40:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:pci.sys
[2008/08/28 18:24:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:pci.sys
[2003/08/12 08:13:28 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:pci.sys
[2005/01/07 22:40:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:pci.sys
[2008/08/28 18:24:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:pci.sys
[2001/08/17 13:58:06 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1F96EECDF5D1E3385AC44C6A457B381F -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\pci.sys
[2004/08/04 01:07:46 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=8086D9979234B603AD5BC2F5D890B234 -- C:\WINDOWS\$NtServicePackUninstall$\pci.sys
[2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=A219903CCF74233761D92BEF471A07B1 -- C:\WINDOWS\ServicePackFiles\i386\pci.sys
[2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=A219903CCF74233761D92BEF471A07B1 -- C:\WINDOWS\SYSTEM32\DRIVERS\pci.sys
[2001/12/03 14:21:22 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=D73ECFB0447C36915BE5B45322B5DCE1 -- C:\I386\pci.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 02:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2001/08/18 06:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation) MD5=B2A23CE7706D4B4A7D192761CD3DB3E1 -- C:\I386\PROQUOTA.EXE
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SYSTEM32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2001/08/18 06:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 02:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SYSTEM32\sfcfiles.dll
[2001/08/18 06:00:00 | 001,562,112 | ---- | M] (Microsoft Corporation) MD5=9E415EFDF50F26BCBC97C80F4E6C30CC -- C:\I386\SFCFILES.DLL
< End of report >


OTL Extras logfile created on: 4/13/2010 7:46:28 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 532.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.79 Gb Free Space | 30.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 850.50 Gb Free Space | 91.30% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUFO
Current User Name: Todd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 File not found
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\SAS\SAS 9.1\sas.exe" = C:\Program Files\SAS\SAS 9.1\sas.exe:*:Enabled:SAS 9.1 for Windows -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Rosetta Stone\RS2.1.5.3Asms\Rosetta Stone.exe" = C:\Program Files\Rosetta Stone\RS2.1.5.3Asms\Rosetta Stone.exe:*:Enabled:Rosetta Stone Application -- (Macromedia, Inc.)
"C:\Program Files\Rosetta Stone\RS2.1.5.3Asms\Discover.exe" = C:\Program Files\Rosetta Stone\RS2.1.5.3Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool -- (Fairfield Language Technologies)
"C:\Program Files\Java\jre1.6.0_07\bin\java.exe" = C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java Runtime Environment -- (Sun Microsystems, Inc.)
"C:\Program Files\Rosetta Stone\SMS v3.1.0\server.exe" = C:\Program Files\Rosetta Stone\SMS v3.1.0\server.exe:*:Enabled:SMS Server v3.1.0 -- ()
"C:\Program Files\Rosetta Stone\SMS v3.1.0\admin.exe" = C:\Program Files\Rosetta Stone\SMS v3.1.0\admin.exe:*:Enabled:SMS Admin v3.1.0 -- ()
"C:\WINDOWS\SYSTEM32\java.exe" = C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{27625A79-D272-41EF-844B-6EAC87D4A51E}" = EndNote 8.0.2
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F67A6AE-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
"{7F67A6AF-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A0EBA1-1DBD-4593-9223-3E0899BE85A8}" = STELLA® 7.0.1 Research
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91E8A85F-2960-40ED-BA84-7F4567BB00C0}" = Dell | Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F16C344A-D0B1-4EFB-B987-80817B4FBB0F}" = Rosetta Stone 2.1.5.3Asms
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACDSee" = ACDSee
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CentraOneClient" = CentraOne
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"CSCLIB" = Canon Camera Support Core Library
"DSMT5" = MathType 5
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EOS Utility" = Canon Utilities EOS Utility
"ESPNMotion" = ESPNMotion
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.2.4.1
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{F16C344A-D0B1-4EFB-B987-80817B4FBB0F}" = Rosetta Stone 2.1.5.3Asms
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NMIX!UninstallKey" = NeroMIX
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shockwave" = Shockwave
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Student Management System v3.1.0" = Student Management System v3.1.0
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2009 2:08:09 PM | Computer Name = BUFO | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.12.1662, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/13/2009 6:39:53 PM | Computer Name = BUFO | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3462, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2009 5:17:47 PM | Computer Name = BUFO | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2009 10:06:53 AM | Computer Name = BUFO | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 6.6.0.14, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 11:49:41 PM | Computer Name = BUFO | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2600 (0xa28) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.128
/ 5400.1158 Object being scanned = \Device\CdRom1\video_ts\VTS_01_2.vob by C:\Program
Files\Windows Media Player\wmplayer.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 1/15/2010 11:49:56 PM | Computer Name = BUFO | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 1/24/2010 12:51:55 PM | Computer Name = BUFO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module wiashext.dll, version 5.1.2600.5512, fault address 0x0000d3ff.

Error - 3/7/2010 6:18:16 PM | Computer Name = BUFO | Source = SAS | ID = 2400
Description =

Error - 3/7/2010 6:24:16 PM | Computer Name = BUFO | Source = MsiInstaller | ID = 11905
Description = Product: SPSS 12.0.1 for Windows -- Error 1905.Module C:\Program Files\SPSS\vischart.ocx
failed to unregister. HRESULT . Contact your support personnel.

Error - 4/3/2010 3:52:40 PM | Computer Name = BUFO | Source = Application Hang | ID = 1002
Description = Hanging application ymsgr_suite_setup.exe, version 2010.3.29.1, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/7/2010 6:24:27 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:27 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:27 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:27 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:27 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:27 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:28 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:28 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:28 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/7/2010 6:24:28 PM | Computer Name = BUFO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

Edited by syler, 14 April 2010 - 06:05 AM.
move extra.txt from middle of otl.txt


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:15 PM

Posted 14 April 2010 - 06:19 AM

Hello,

Can you tell me how the computer is running and if you still have any problems?


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/sidesearch.html
    IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/sidesearch.html
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7871.6485763889 (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\AutoRun\command - "" = a9.com
    O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\explore\Command - "" = a9.com
    O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\open\Command - "" = a9.com
    O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
    O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
    O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
    MsConfig - StartUpReg: NAV Agent - hkey= - key= - C:\PROGRA~1\NORTON~1\navapw32.exe File not found
    MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.


Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\inetdctr.dll
C:\Documents and Settings\Todd\Application Data\tvmcwrd.dll
C:\WINDOWS\System32\zlib.dll

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • Virustotal links

Thanks

unite.jpg


#7 Switters73

Switters73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 14 April 2010 - 07:35 PM

HI, I've done the scans.

There doesn't seem to be anything wrong now, but I'm worried that if I run spybot again the virus will kick back in.

OTL Fix scan

All processes killed
Error: Unable to interpret <IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/sidesearch.html> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/sidesearch.html> in the current context!
Error: Unable to interpret <O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7871.6485763889 (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\AutoRun\command - "" = a9.com> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\explore\Command - "" = a9.com> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\open\Command - "" = a9.com> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: NAV Agent - hkey= - key= - C:\PROGRA~1\NORTON~1\navapw32.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 115858192 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 113697836 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Todd
->Temp folder emptied: 38876060 bytes
->Temporary Internet Files folder emptied: 43611875 bytes
->Java cache emptied: 878317390 bytes
->FireFox cache emptied: 43078906 bytes
->Flash cache emptied: 2308601 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58395 bytes
%systemroot%\System32 .tmp files removed: 3052561 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55018136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 18292766 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 163930377 bytes

Total Files Cleaned = 1,408.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Todd
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04142010_185318

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\S663AFD6B.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


OTL SCAN AFTER REBOOT

OTL logfile created on: 4/14/2010 7:09:20 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 485.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 23.90 Gb Free Space | 32.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUFO
Current User Name: Todd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2010/04/03 09:16:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/09/30 15:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/06/10 01:21:01 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
PRC - [2008/05/22 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/05/22 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/05/22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/06/05 21:21:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/17 22:22:50 | 000,204,800 | ---- | M] () -- C:\Program Files\Rosetta Stone\SMS v3.1.0\wrapper.exe
PRC - [2006/09/28 14:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2001/08/31 13:44:30 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/05/22 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/05/22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/17 22:22:50 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Rosetta Stone\SMS v3.1.0\wrapper.exe -- (SMS_v3_1_0)
SRV - [2002/02/27 09:57:34 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/22 20:50:00 | 000,174,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2008/05/22 20:50:00 | 000,072,936 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2008/05/22 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2008/05/22 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys -- (mfetdik)
DRV - [2008/05/22 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2008/05/22 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/04/10 00:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/06/24 20:30:18 | 000,727,908 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USA19H2k.sys -- (USA19H)
DRV - [2003/06/24 20:21:20 | 000,044,928 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USA19H2kp.sys -- (USA19H2KP)
DRV - [2002/02/27 09:57:52 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/09/13 18:09:48 | 000,777,088 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/08/31 13:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/29 04:48:12 | 000,094,688 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\upatc.sys -- (UPATC)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/07/25 11:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 13:07:00 | 000,080,449 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\spkpnt.sys -- (SpeakerPhone)
DRV - [2001/07/18 13:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys -- (K56)
DRV - [2001/07/18 13:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 13:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 13:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys -- (Tones)
DRV - [2001/07/18 13:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys -- (Fallback)
DRV - [2001/07/18 13:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys -- (basic2)
DRV - [2001/07/18 13:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys -- (Rksample)
DRV - [2001/07/18 13:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys -- (V124)
DRV - [2001/07/11 11:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/20 17:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/sidesearch.html
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 19 66 EF FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/sidesearch.html
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 17:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 09:16:13 | 000,000,000 | ---D | M]

[2008/11/01 11:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2010/04/13 19:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions
[2009/09/05 09:43:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 21:06:18 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/05/06 21:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\moveplayer@movenetworks.com
[2010/04/12 18:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/12/22 11:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2004/10/06 00:20:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1097042096515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7871.6485763889 (Reg Error: Key error.)
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://centra.coe.tamu.edu/main/Install/en...aDownloader.cab (CentraDownloaderCtl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Todd/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 07:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/13 19:38:35 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\AutoRun\command - "" = a9.com
O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\explore\Command - "" = a9.com
O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\open\Command - "" = a9.com
O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 18:53:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/13 19:38:35 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/13 19:37:44 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2010/04/12 19:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Malwarebytes
[2010/04/12 19:20:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 19:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/12 19:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/12 19:19:47 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.45.exe
[2010/04/12 19:18:01 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Todd.exe
[2010/04/12 19:18:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/03 14:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Yahoo
[2010/04/03 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Yahoo!
[2010/04/03 14:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/03 09:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\Guitar
[2010/03/17 16:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Downloads
[2008/12/12 18:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/01 10:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/13 16:40:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Todd\Application Data\pcouffin.sys
[2005/01/07 23:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/12/15 15:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2004/12/15 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2002/07/25 15:02:59 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2002/07/25 13:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/07/25 13:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/07/25 13:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/14 19:04:34 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/14 19:03:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/14 19:03:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/14 19:02:29 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Todd\ntuser.dat
[2010/04/14 19:02:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Todd\NTUSER.INI
[2010/04/13 19:39:16 | 003,777,894 | -H-- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\IconCache.db
[2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2010/04/13 19:29:26 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Flash_Disinfector.exe
[2010/04/12 19:20:30 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 19:19:55 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.45.exe
[2010/04/12 19:17:24 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\RSIT.exe
[2010/04/12 18:58:42 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Ginger glazed Mahi Mahi.doc
[2010/04/04 10:36:32 | 000,557,705 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\TTDB_6_dmh.STM
[2010/04/03 13:22:35 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\gmer.zip
[2010/04/03 13:19:46 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2010/04/03 12:25:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 12:21:51 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 12:05:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Albums.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/13 19:29:26 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Flash_Disinfector.exe
[2010/04/12 19:20:30 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 19:17:15 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\RSIT.exe
[2010/04/12 18:58:42 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Ginger glazed Mahi Mahi.doc
[2010/04/03 17:14:33 | 000,557,705 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\TTDB_6_dmh.STM
[2010/04/03 13:22:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\gmer.zip
[2010/04/03 13:19:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2009/10/30 22:01:45 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Todd\webct_upload_applet.properties
[2008/12/23 15:17:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/12/23 14:50:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Effects
[2008/12/23 14:50:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Todd\Application Data\Drum Kits
[2008/12/23 14:50:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/12/23 14:48:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2008/12/23 14:48:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Todd\Application Data\Documentation
[2008/12/23 14:48:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/10/16 22:55:51 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/09/13 16:40:52 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.log
[2008/09/13 16:40:31 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\inst.exe
[2008/09/13 16:40:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.cat
[2008/09/13 16:40:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.inf
[2008/07/15 20:39:52 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/10/26 23:32:29 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Todd\output_roc
[2006/06/04 21:22:20 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Todd\default.pls
[2006/03/01 22:41:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/14 16:08:58 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2004/12/01 18:10:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/06 00:54:03 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\inetdctr.dll
[2004/10/06 00:22:16 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\tvmcwrd.dll
[2004/10/06 00:20:06 | 000,081,972 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/10/06 00:19:40 | 000,003,730 | ---- | C] () -- C:\WINDOWS\Slvbkxcn.ini
[2004/10/06 00:15:55 | 000,000,251 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/06 00:15:36 | 000,000,358 | ---- | C] () -- C:\WINDOWS\conscorr.ini
[2004/10/06 00:13:33 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DGGMKMIO.ini
[2004/07/24 11:49:12 | 000,000,185 | ---- | C] () -- C:\WINDOWS\MRINT.INI
[2004/06/17 21:24:34 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/05/29 08:13:09 | 011,796,480 | ---- | C] () -- C:\Documents and Settings\Todd\ntuser.dat
[2004/04/22 20:06:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\USA19HPropPage.dll
[2004/04/22 20:06:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2004/03/08 11:32:08 | 000,000,138 | ---- | C] () -- C:\WINDOWS\bxcrpro.ini
[2004/02/18 08:36:48 | 000,000,354 | ---- | C] () -- C:\WINDOWS\schema.ini
[2003/11/22 16:17:22 | 000,000,046 | ---- | C] () -- C:\WINDOWS\LayerUI.INI
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/21 22:22:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\symbologyUI.INI
[2003/09/07 17:28:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\fusioncache.dat
[2003/02/16 17:39:36 | 000,222,299 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/02/14 16:57:34 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2003/02/14 16:57:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2003/02/14 16:57:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2003/02/14 16:57:32 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2003/02/06 21:52:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/06 21:51:58 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/01/16 10:17:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\mpauth.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/15 15:45:58 | 000,000,090 | ---- | C] () -- C:\WINDOWS\hyprview.ini
[2002/08/13 16:33:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SpecCheck.INI
[2002/08/06 14:46:24 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/08/05 17:08:11 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/08/05 16:47:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/08/05 16:28:03 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\Todd\INSTALL.LOG
[2002/08/05 16:27:55 | 000,021,202 | -H-- | C] () -- C:\Documents and Settings\Todd\NOBULATE.LOG
[2002/08/05 16:27:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Todd\NTUSER.INI
[2002/08/05 16:27:53 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Todd\ntuser.dat.LOG
[2002/08/05 16:27:11 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2002/08/05 16:27:11 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2002/07/25 15:14:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/25 15:02:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/07/25 15:02:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/07/25 15:00:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/07/25 15:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/07/25 15:00:15 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/07/25 14:57:42 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/25 13:39:38 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/11/15 08:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/07/25 12:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 12:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
< End of report >



VIRUS TOTAL/JOTTI Scans

C:\WINDOWS\System32\inetdctr.dll
analisis/84dabc8065ef74a1f206334c4e5453d47b54408d42ca99d794b25219a9d9055f-1268676624

C:\Documents and Settings\Todd\Application Data\tvmcwrd.dll
http://virusscan.jotti.org/en/scanresult/1...707042cdb4b2692

C:\WINDOWS\System32\zlib.dll
analisis/4711fd20bb60bb53369993fcfcc8aa2c3e2a96fb65e76ba1d432a5f4b6d4a144-1267670534


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:15 PM

Posted 15 April 2010 - 05:53 AM

You didn't do the OTL fix correctly please do it again and make sure you copy everything in the code box.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/sidesearch.html
    IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/sidesearch.html
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7871.6485763889 (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\AutoRun\command - "" = a9.com
    O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\explore\Command - "" = a9.com
    O33 - MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\Shell\open\Command - "" = a9.com
    O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
    O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell - "" = AutoRun
    O33 - MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\Shell\AutoRun - "" = Auto&Play
    MsConfig - StartUpReg: NAV Agent - hkey= - key= - C:\PROGRA~1\NORTON~1\navapw32.exe File not found
    MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
    [2004/10/06 00:54:03 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\inetdctr.dll
    [2004/10/06 00:22:16 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\tvmcwrd.dll
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#9 Switters73

Switters73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 15 April 2010 - 02:25 PM

Hi,

sorry about that. Here are the new scans:

All processes killed
========== OTL ==========
Unable to set value : HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page_bak| /E!
Unable to set value : HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant_bak| /E!
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\ not found.
File a9.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\ not found.
File a9.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118e95c2-9bd8-11dd-8d2f-0007e9010bd3}\ not found.
File a9.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beba6de8-2ed1-11de-8e08-0007e9010bd3}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beba6de9-2ed1-11de-8e08-0007e9010bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NAV Agent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.
C:\WINDOWS\SYSTEM32\inetdctr.dll moved successfully.
C:\Documents and Settings\Todd\Application Data\tvmcwrd.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Todd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40032406 bytes
->Flash cache emptied: 1559 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55018136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Todd
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04152010_133723

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\S663AFD6B.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...



OTL logfile created on: 4/15/2010 1:41:34 PM - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 588.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 23.81 Gb Free Space | 31.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUFO
Current User Name: Todd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2008/09/30 15:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/06/10 01:21:01 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
PRC - [2008/05/22 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/05/22 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/05/22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/06/05 21:21:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/15 23:23:15 | 001,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2006/10/17 22:22:50 | 000,204,800 | ---- | M] () -- C:\Program Files\Rosetta Stone\SMS v3.1.0\wrapper.exe
PRC - [2006/09/28 14:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2001/08/31 13:44:30 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/05/22 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/05/22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/17 22:22:50 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Rosetta Stone\SMS v3.1.0\wrapper.exe -- (SMS_v3_1_0)
SRV - [2002/02/27 09:57:34 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/22 20:50:00 | 000,174,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2008/05/22 20:50:00 | 000,072,936 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2008/05/22 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2008/05/22 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys -- (mfetdik)
DRV - [2008/05/22 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2008/05/22 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/04/10 00:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/06/24 20:30:18 | 000,727,908 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USA19H2k.sys -- (USA19H)
DRV - [2003/06/24 20:21:20 | 000,044,928 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USA19H2kp.sys -- (USA19H2KP)
DRV - [2002/02/27 09:57:52 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/09/13 18:09:48 | 000,777,088 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/08/31 13:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/29 04:48:12 | 000,094,688 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\upatc.sys -- (UPATC)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/07/25 11:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 13:07:00 | 000,080,449 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\spkpnt.sys -- (SpeakerPhone)
DRV - [2001/07/18 13:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys -- (K56)
DRV - [2001/07/18 13:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 13:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 13:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys -- (Tones)
DRV - [2001/07/18 13:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys -- (Fallback)
DRV - [2001/07/18 13:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys -- (basic2)
DRV - [2001/07/18 13:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys -- (Rksample)
DRV - [2001/07/18 13:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys -- (V124)
DRV - [2001/07/11 11:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/20 17:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/sidesearch.html
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 19 66 EF FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/sidesearch.html
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 17:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 09:16:13 | 000,000,000 | ---D | M]

[2008/11/01 11:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2010/04/14 19:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions
[2009/09/05 09:43:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 21:06:18 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/05/06 21:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\8cuwp3hg.default\extensions\moveplayer@movenetworks.com
[2010/04/14 19:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/12/22 11:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2004/10/06 00:20:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-516116760-3508293876-2501954535-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1097042096515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://centra.coe.tamu.edu/main/Install/en...aDownloader.cab (CentraDownloaderCtl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Todd/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 07:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/13 19:38:35 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 18:53:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/13 19:38:35 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/13 19:37:44 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2010/04/12 19:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Malwarebytes
[2010/04/12 19:20:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 19:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/12 19:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/12 19:19:47 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.45.exe
[2010/04/12 19:18:01 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Todd.exe
[2010/04/12 19:18:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/03 14:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Yahoo
[2010/04/03 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Yahoo!
[2010/04/03 14:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/03 09:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\Guitar
[2010/03/17 16:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Downloads
[2008/12/12 18:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/01 10:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/13 16:40:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Todd\Application Data\pcouffin.sys
[2005/01/07 23:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/12/15 15:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2004/12/15 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2002/07/25 15:02:59 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2002/07/25 13:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/07/25 13:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/07/25 13:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/15 13:39:56 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/15 13:38:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 13:38:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/15 13:37:53 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Todd\ntuser.dat
[2010/04/15 13:37:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Todd\NTUSER.INI
[2010/04/14 22:29:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 19:39:16 | 003,777,894 | -H-- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\IconCache.db
[2010/04/13 19:37:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2010/04/13 19:29:26 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Flash_Disinfector.exe
[2010/04/12 19:20:30 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 19:19:55 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.45.exe
[2010/04/12 19:17:24 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\RSIT.exe
[2010/04/12 18:58:42 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Ginger glazed Mahi Mahi.doc
[2010/04/04 10:36:32 | 000,557,705 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\TTDB_6_dmh.STM
[2010/04/03 13:22:35 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\gmer.zip
[2010/04/03 13:19:46 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2010/04/03 12:25:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 12:21:51 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 12:05:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Albums.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/13 19:29:26 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Flash_Disinfector.exe
[2010/04/12 19:20:30 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 19:17:15 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\RSIT.exe
[2010/04/12 18:58:42 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Ginger glazed Mahi Mahi.doc
[2010/04/03 17:14:33 | 000,557,705 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\TTDB_6_dmh.STM
[2010/04/03 13:22:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\gmer.zip
[2010/04/03 13:19:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2009/10/30 22:01:45 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Todd\webct_upload_applet.properties
[2008/12/23 15:17:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/12/23 14:50:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Effects
[2008/12/23 14:50:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Todd\Application Data\Drum Kits
[2008/12/23 14:50:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/12/23 14:48:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2008/12/23 14:48:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Todd\Application Data\Documentation
[2008/12/23 14:48:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/10/16 22:55:51 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/09/13 16:40:52 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.log
[2008/09/13 16:40:31 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\inst.exe
[2008/09/13 16:40:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.cat
[2008/09/13 16:40:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\pcouffin.inf
[2008/07/15 20:39:52 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/10/26 23:32:29 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Todd\output_roc
[2006/06/04 21:22:20 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Todd\default.pls
[2006/03/01 22:41:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/14 16:08:58 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2004/12/01 18:10:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/06 00:20:06 | 000,081,972 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/10/06 00:19:40 | 000,003,730 | ---- | C] () -- C:\WINDOWS\Slvbkxcn.ini
[2004/10/06 00:15:55 | 000,000,251 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/06 00:15:36 | 000,000,358 | ---- | C] () -- C:\WINDOWS\conscorr.ini
[2004/10/06 00:13:33 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DGGMKMIO.ini
[2004/07/24 11:49:12 | 000,000,185 | ---- | C] () -- C:\WINDOWS\MRINT.INI
[2004/06/17 21:24:34 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/05/29 08:13:09 | 011,796,480 | ---- | C] () -- C:\Documents and Settings\Todd\ntuser.dat
[2004/04/22 20:06:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\USA19HPropPage.dll
[2004/04/22 20:06:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2004/03/08 11:32:08 | 000,000,138 | ---- | C] () -- C:\WINDOWS\bxcrpro.ini
[2004/02/18 08:36:48 | 000,000,354 | ---- | C] () -- C:\WINDOWS\schema.ini
[2003/11/22 16:17:22 | 000,000,046 | ---- | C] () -- C:\WINDOWS\LayerUI.INI
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/21 22:22:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\symbologyUI.INI
[2003/09/07 17:28:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\fusioncache.dat
[2003/02/16 17:39:36 | 000,222,299 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/02/14 16:57:34 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2003/02/14 16:57:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2003/02/14 16:57:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2003/02/14 16:57:32 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2003/02/06 21:52:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/06 21:51:58 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/01/16 10:17:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\mpauth.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/15 15:45:58 | 000,000,090 | ---- | C] () -- C:\WINDOWS\hyprview.ini
[2002/08/13 16:33:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SpecCheck.INI
[2002/08/06 14:46:24 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/08/05 17:08:11 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/08/05 16:47:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/08/05 16:28:03 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\Todd\INSTALL.LOG
[2002/08/05 16:27:55 | 000,021,202 | -H-- | C] () -- C:\Documents and Settings\Todd\NOBULATE.LOG
[2002/08/05 16:27:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Todd\NTUSER.INI
[2002/08/05 16:27:53 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Todd\ntuser.dat.LOG
[2002/08/05 16:27:11 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2002/08/05 16:27:11 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2002/07/25 15:14:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/25 15:02:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/07/25 15:02:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/07/25 15:00:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/07/25 15:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/07/25 15:00:15 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/07/25 14:57:42 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/25 13:39:38 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/11/15 08:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/07/25 12:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 12:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
< End of report >


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:15 PM

Posted 16 April 2010 - 07:30 AM

No worries, can you tell me how the computer is running now and if you are still having any problems?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then please post back here with the following logs:
  • Kaspersky report
  • New DDS log

Thanks

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:15 PM

Posted 22 April 2010 - 02:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users