Jump to content

ehirtens

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Didn't want to start a new thread, but wanted to thank you guys/gals for all you do here. Just eradicated "AV Security 2012" from my husband's PC using MB and it worked like a charm. Found some other crud too -- now gone. I think we'll pony up for the paid version for his PC
  2. Thanks Maurice Will get to this next week, and will let you know if I encounter any problems.... Thanks as usual for all you ALL do here! Edie
  3. Hello Maurice -- The E drive is an external hard drive that contains music, pictures, backups etc. The usual stuff.
  4. Nope -- sadly, Avira is still detecting it: Avira AntiVir Premium Report file date: Tuesday, April 13, 2010 16:53 Scanning for 1996575 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : NAME Serial number : 2206378359-PEPWE-0001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : NAME Version information: BUILD.DAT : 10.0.0.597 36208 Bytes 3/18/2010 15:42:00 AVSCAN.EXE : 10.0.2.3 433832 Bytes 3/24/2010 14:03:15 AVSCAN.DLL : 10.0.2.2 45928 Bytes 3/24/2010 14:03:15 LUKE.DLL : 10.0.2.3 104296 Bytes 3/24/2010 14:03:16 LUKERES.DLL : 10.0.0.1 12648 Bytes 3/24/2010 14:03:16 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:56 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 15:06:16 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 15:07:03 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 15:07:20 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 12:43:06 VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 12:43:06 VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 12:43:06 VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 12:43:06 VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 12:43:06 VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 12:43:07 VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 12:43:07 VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 12:43:07 VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 12:43:07 VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 21:15:56 VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 21:31:45 VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 21:12:09 VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 12:32:58 VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 11:57:23 VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 14:39:15 VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 12:03:06 VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 11:53:24 VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 11:59:39 VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 20:18:04 VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 21:00:35 VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 18:26:14 VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 15:22:58 VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 14:17:38 VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 12:20:37 VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 15:47:10 VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:42:37 VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:42:37 VBASE031.VDF : 7.10.6.69 108032 Bytes 4/13/2010 17:56:53 Engineversion : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 1/23/2010 15:36:08 AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 17:40:37 AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 21:10:45 AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 12:17:23 AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 12:17:14 AEPACK.DLL : 8.2.1.1 426358 Bytes 3/20/2010 00:11:53 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 12:17:10 AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 22:12:13 AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 17:40:31 AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 17:40:27 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/9/2009 05:03:44 AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 17:40:24 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40 AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/24/2010 14:03:15 AVPREF.DLL : 10.0.0.0 44904 Bytes 3/24/2010 14:03:15 AVREP.DLL : 10.0.0.8 62209 Bytes 3/24/2010 14:03:17 AVREG.DLL : 10.0.1.2 52072 Bytes 3/24/2010 14:03:17 AVSCPLR.DLL : 10.0.2.3 83304 Bytes 3/24/2010 14:03:17 AVARKT.DLL : 10.0.0.13 227176 Bytes 3/24/2010 14:03:15 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/24/2010 14:03:15 SQLITE3.DLL : 3.6.19.0 355688 Bytes 3/24/2010 14:03:16 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/24/2010 14:03:15 NETNT.DLL : 10.0.0.0 11624 Bytes 3/24/2010 14:03:16 RCIMAGE.DLL : 10.0.0.26 2631528 Bytes 3/24/2010 14:03:15 RCTEXT.DLL : 10.0.46.0 97128 Bytes 3/24/2010 14:03:15 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR, Start of the scan: Tuesday, April 13, 2010 16:53 Starting search for hidden objects. c:\windows\repair\backup\servicestate\configdirectory\internet.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\media ce.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\tempkey.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\appevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\secevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\sysevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsdata c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsreg c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\eventlogs c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. The scan of running processes will be started Scan process 'rsmsink.exe' - '29' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '67' Module(s) have been scanned Scan process 'avcenter.exe' - '70' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '29' Module(s) have been scanned Scan process 'firefox.exe' - '136' Module(s) have been scanned Scan process 'hpqgpc01.exe' - '42' Module(s) have been scanned Scan process 'hpqbam08.exe' - '28' Module(s) have been scanned Scan process 'hpqSTE08.exe' - '54' Module(s) have been scanned Scan process 'ymsgr_tray.exe' - '29' Module(s) have been scanned Scan process 'WDUScan.exe' - '21' Module(s) have been scanned Scan process 'FotoLite.exe' - '51' Module(s) have been scanned Scan process 'iPodService.exe' - '30' Module(s) have been scanned Scan process 'hpqtra08.exe' - '81' Module(s) have been scanned Scan process 'DLG.exe' - '23' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'isuspm.exe' - '25' Module(s) have been scanned Scan process 'DSAgnt.exe' - '84' Module(s) have been scanned Scan process 'netWaiting.exe' - '38' Module(s) have been scanned Scan process 'RIMAutoUpdate.exe' - '30' Module(s) have been scanned Scan process 'avgnt.exe' - '58' Module(s) have been scanned Scan process 'NkMonitor.exe' - '28' Module(s) have been scanned Scan process 'HPWuSchd2.exe' - '19' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '55' Module(s) have been scanned Scan process 'winampa.exe' - '20' Module(s) have been scanned Scan process 'stsystra.exe' - '37' Module(s) have been scanned Scan process 'apdproxy.exe' - '35' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'tfswctrl.exe' - '29' Module(s) have been scanned Scan process 'RealPlay.exe' - '92' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '20' Module(s) have been scanned Scan process 'quickset.exe' - '72' Module(s) have been scanned Scan process 'WLTRAY.exe' - '38' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '27' Module(s) have been scanned Scan process 'igfxpers.exe' - '23' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '23' Module(s) have been scanned Scan process 'hkcmd.exe' - '22' Module(s) have been scanned Scan process 'ehmsas.exe' - '21' Module(s) have been scanned Scan process 'ehtray.exe' - '37' Module(s) have been scanned Scan process 'Explorer.EXE' - '102' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'AVWEBGRD.EXE' - '37' Module(s) have been scanned Scan process 'avmailc.exe' - '30' Module(s) have been scanned Scan process 'wmiprvse.exe' - '41' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '30' Module(s) have been scanned Scan process 'ViewpointService.exe' - '19' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'NICCONFIGSVC.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '35' Module(s) have been scanned Scan process 'mdm.exe' - '21' Module(s) have been scanned Scan process 'McciCMService.exe' - '27' Module(s) have been scanned Scan process 'jqs.exe' - '35' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '79' Module(s) have been scanned Scan process 'svchost.exe' - '44' Module(s) have been scanned Scan process 'ehSched.exe' - '40' Module(s) have been scanned Scan process 'ehRecvr.exe' - '43' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '27' Module(s) have been scanned Scan process 'avguard.exe' - '73' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '25' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'sched.exe' - '47' Module(s) have been scanned Scan process 'spoolsv.exe' - '62' Module(s) have been scanned Scan process 'bcmwltry.exe' - '53' Module(s) have been scanned Scan process 'WLTRYSVC.EXE' - '14' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '163' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '54' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '75' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [DETECTION] Contains code of the BOO/Sinowal.E boot sector virus [NOTE] The boot sector was not written! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [DETECTION] Contains code of the BOO/Sinowal.E boot sector virus [NOTE] The boot sector was not written! Starting to scan executable files (registry). The registry was scanned ( '1843' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' <LACIE> End of the scan: Tuesday, April 13, 2010 19:02 Used time: 2:09:12 Hour(s) The scan has been done completely. 15433 Scanned directories 383662 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 383662 Files not concerned 7390 Archives were scanned 0 Warnings 2 Notes 507887 Objects were scanned with rootkit scan 13 Hidden objects were found
  5. Hi Maurice -- Here is the latest MBAM log. When I rebooted, the two sharp beeps were still there. I will run Avira and let you know what that finds. Thanks again for your help. Edie Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/13/2010 4:37:55 PM mbam-log-2010-04-13 (16-37-55).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 271088 Time elapsed: 3 hour(s), 17 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0036275.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
  6. Hi Maurice -- OK here they are. Do you also want the WIN32kdiag log file? I have that too. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\documents and settings\jake\local settings\application data\gdipfontcachev1.dat" deleted successfully. Folder "C:\recycler" deleted successfully. Error: could not open folder "D:\recycler" Deletion of folder "D:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "e:\recycler" Deletion of folder "e:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "f:\recycler" Deletion of folder "f:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "g:\recycler" Deletion of folder "g:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "h:\recycler" Deletion of folder "h:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Completed script processing. ******************* Finished! Terminate. ComboFix 10-04-04.01 - Edie 04/05/2010 9:36.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.439 [GMT -5:00] Running from: c:\documents and settings\Edie\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . ((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 ))))))))))))))))))))))))))))))) . 2010-04-04 06:01 . 2010-04-04 06:01 -------- d-----w- c:\documents and settings\Edie\Application Data\Avira 2010-04-03 23:42 . 2010-04-04 06:00 -------- d-----w- c:\windows\system32\NtmsData 2010-04-01 21:25 . 2010-04-01 21:28 -------- d-----w- c:\documents and settings\Jake\Application Data\HPAppData 2010-03-30 01:45 . 2010-03-30 01:45 3228152 ----a-w- c:\documents and settings\Edie\Application Data\Research In Motion\BlackBerry\SR_MM_English.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe 2010-03-28 20:10 . 2010-03-28 20:10 49152 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe 2010-03-28 20:10 . 2010-03-28 20:10 49152 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe 2010-03-28 20:10 . 2010-03-28 20:10 69632 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\DesktopMgr.exe 2010-03-28 20:10 . 2010-03-28 20:10 49152 ----a-r- c:\documents and settings\Edie\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe 2010-03-28 20:10 . 2010-03-28 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2010-03-28 15:54 . 2010-03-28 15:54 -------- d-----w- c:\documents and settings\Edie\Local Settings\Application Data\Yahoo! 2010-03-21 17:31 . 2010-03-21 17:31 -------- d-----w- c:\documents and settings\Edie\DoctorWeb 2010-03-21 17:05 . 2010-03-21 17:05 -------- d-----w- C:\Rooter$ 2010-03-20 01:11 . 2010-03-20 01:16 -------- d-----w- c:\program files\ERUNT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 13:25 . 2006-06-08 14:52 57040 -c--a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-30 15:50 . 2009-10-30 11:55 -------- d-----w- c:\documents and settings\Edie\Application Data\HpUpdate 2010-04-04 15:03 . 2009-12-27 19:03 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2010-04-04 03:19 . 2006-07-01 00:55 -------- d-----w- c:\documents and settings\Edie\Application Data\uTorrent 2010-04-04 00:04 . 2009-12-27 19:31 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2010-04-03 17:24 . 2010-01-31 16:09 -------- d-----w- c:\documents and settings\Edie\Application Data\HPAppData 2010-04-02 19:07 . 2008-02-03 19:18 256 -c--a-w- c:\windows\system32\pool.bin 2010-03-28 22:57 . 2008-02-03 19:06 -------- d-----w- c:\documents and settings\Edie\Application Data\Blackberry Desktop 2010-03-28 20:18 . 2008-02-03 19:10 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-03-28 20:18 . 2006-03-28 07:05 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-03-28 20:17 . 2008-02-03 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2010-03-28 20:10 . 2008-02-03 19:06 -------- d-----w- c:\program files\Common Files\Research In Motion 2010-03-26 12:25 . 2010-02-20 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-03-25 13:40 . 2009-09-14 11:37 -------- d-----w- c:\documents and settings\Scott\Application Data\HPAppData 2010-03-24 14:03 . 2010-02-20 15:22 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-03-24 14:03 . 2009-11-09 04:59 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-11 12:38 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll 2010-02-20 15:22 . 2010-02-20 15:22 -------- d-----w- c:\program files\Avira 2010-02-20 15:11 . 2010-02-20 15:22 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-02-20 15:11 . 2010-02-20 15:22 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-02-09 23:45 . 2010-02-09 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-31 06:09 . 2010-01-31 06:06 23109 ----a-w- c:\windows\hpqins15.dat 2010-01-30 20:18 . 2010-01-30 20:18 348160 ----a-w- c:\documents and settings\Edie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc18fa7-n\msvcr71.dll 2010-01-30 20:18 . 2010-01-30 20:18 503808 ----a-w- c:\documents and settings\Edie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc18fa7-n\msvcp71.dll 2010-01-30 20:18 . 2010-01-30 20:18 499712 ----a-w- c:\documents and settings\Edie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc18fa7-n\jmc.dll 2010-01-30 20:18 . 2010-01-30 20:18 61440 ----a-w- c:\documents and settings\Edie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c12aa3-n\decora-sse.dll 2010-01-30 20:18 . 2010-01-30 20:18 12800 ----a-w- c:\documents and settings\Edie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c12aa3-n\decora-d3d.dll 2010-01-27 04:18 . 2010-01-27 04:18 503808 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1046dcc3-n\msvcp71.dll 2010-01-27 04:18 . 2010-01-27 04:18 499712 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1046dcc3-n\jmc.dll 2010-01-27 04:18 . 2010-01-27 04:18 348160 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1046dcc3-n\msvcr71.dll 2010-01-27 04:18 . 2010-01-27 04:18 61440 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-49ce0d42-n\decora-sse.dll 2010-01-27 04:18 . 2010-01-27 04:18 12800 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-49ce0d42-n\decora-d3d.dll 2010-01-24 18:02 . 2006-04-16 17:35 6580 -csha-w- c:\windows\system32\KGyGaAvL.sys 2010-01-24 18:02 . 2006-04-16 17:35 104 --sh--r- c:\windows\system32\2D2D42F5C5.sys 2010-01-24 00:00 . 2009-12-27 21:43 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT 2010-01-23 23:59 . 2006-04-16 17:36 57040 -c--a-w- c:\documents and settings\Edie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-09 21:41 . 2010-01-09 20:18 77374 ----a-w- c:\windows\hpqins05.dat 2010-01-07 22:07 . 2010-02-09 23:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 22:07 . 2010-02-09 23:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((( SnapShot@2010-03-20_04.08.47 ))))))))))))))))))))))))))))))))))))))))) . - 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll - 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll - 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll - 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll - 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll - 2006-12-02 06:08 . 2006-12-02 06:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll - 2006-12-02 06:08 . 2006-12-02 06:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll - 2006-12-02 06:08 . 2006-12-02 06:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll - 2006-12-02 06:08 . 2006-12-02 06:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll - 2006-12-02 06:26 . 2006-12-02 06:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll - 2006-12-02 06:25 . 2006-12-02 06:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2010-04-05 14:23 . 2010-04-05 14:23 16384 c:\windows\Temp\Perflib_Perfdata_360.dat - 2008-04-01 03:31 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll + 2008-04-01 03:31 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll + 2010-03-28 20:10 . 2007-01-18 16:24 26496 c:\windows\system32\ReinstallBackups\0019\DriverFiles\RimSerial.sys + 2005-08-16 10:18 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll - 2005-08-16 10:18 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll + 2005-08-16 10:18 . 2010-04-05 14:27 72134 c:\windows\system32\perfc009.dat - 2005-08-16 10:18 . 2010-03-20 00:13 72134 c:\windows\system32\perfc009.dat - 2007-08-14 00:54 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll + 2007-08-14 00:54 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll - 2005-08-16 10:18 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll + 2005-08-16 10:18 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll + 2007-08-14 00:39 . 2010-03-10 13:18 13824 c:\windows\system32\ieudinit.exe - 2007-08-14 00:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe + 2005-08-16 10:18 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll - 2005-08-16 10:18 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll - 2005-08-16 10:18 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe + 2005-08-16 10:18 . 2010-03-10 13:18 70656 c:\windows\system32\ie4uinit.exe - 2007-08-14 00:36 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll + 2007-08-14 00:36 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll + 2008-05-20 23:33 . 2008-05-20 23:33 22784 c:\windows\system32\drivers\RimUsb.sys + 2008-02-03 19:07 . 2009-01-09 21:18 27136 c:\windows\system32\drivers\RimSerial.sys + 2007-08-14 00:36 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll - 2007-08-14 00:36 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll - 2009-02-08 17:15 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-02-08 17:15 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2005-08-16 10:18 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll - 2005-08-16 10:18 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll + 2009-02-08 17:15 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe - 2009-02-08 17:15 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe - 2005-08-16 10:18 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll + 2005-08-16 10:18 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll + 2005-08-16 10:18 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll - 2005-08-16 10:18 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll - 2007-08-14 00:39 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2007-08-14 00:39 . 2010-03-10 13:18 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2009-02-08 17:15 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll - 2009-02-08 17:15 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll + 2005-08-16 10:18 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll - 2005-08-16 10:18 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll + 2006-04-04 01:03 . 2010-03-23 02:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-04-04 01:03 . 2010-03-14 02:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-03-20 17:05 . 2010-03-23 02:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-03-31 12:42 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB980182-IE7\pngfilt.dll + 2010-03-31 12:42 . 2010-01-05 10:00 52224 c:\windows\ie7updates\KB980182-IE7\msfeedsbs.dll + 2010-03-31 12:42 . 2010-01-05 10:00 27648 c:\windows\ie7updates\KB980182-IE7\jsproxy.dll + 2010-03-31 12:42 . 2009-12-31 15:33 13824 c:\windows\ie7updates\KB980182-IE7\ieudinit.exe + 2010-03-31 12:42 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB980182-IE7\iernonce.dll + 2010-03-31 12:42 . 2010-01-05 10:00 78336 c:\windows\ie7updates\KB980182-IE7\ieencode.dll + 2010-03-31 12:42 . 2009-12-31 15:33 70656 c:\windows\ie7updates\KB980182-IE7\ie4uinit.exe + 2010-03-31 12:42 . 2010-01-05 10:00 63488 c:\windows\ie7updates\KB980182-IE7\icardie.dll + 2010-03-31 12:42 . 2010-01-05 10:00 17408 c:\windows\ie7updates\KB980182-IE7\corpol.dll + 2005-08-16 10:18 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll - 2005-08-16 10:18 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll + 2005-08-16 10:18 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll - 2005-08-16 10:18 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll + 2005-08-16 10:18 . 2010-04-05 14:27 443034 c:\windows\system32\perfh009.dat - 2005-08-16 10:18 . 2010-03-20 00:13 443034 c:\windows\system32\perfh009.dat + 2005-08-16 10:18 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll - 2005-08-16 10:18 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll - 2005-08-16 10:18 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll + 2005-08-16 10:18 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll + 2005-08-16 10:18 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll - 2005-08-16 10:18 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll + 2005-08-16 10:18 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll - 2005-08-16 10:18 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll - 2007-08-14 00:54 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll + 2007-08-14 00:54 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll - 2007-08-14 00:34 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll + 2007-08-14 00:34 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll + 2005-08-16 10:18 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll - 2005-08-16 10:18 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll + 2005-08-16 10:18 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll - 2005-08-16 10:18 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll - 2007-07-11 18:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll + 2007-07-11 18:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll + 2005-08-16 10:18 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll - 2005-08-16 10:18 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll - 2005-08-16 10:18 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll + 2005-08-16 10:18 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll - 2005-08-16 10:18 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll + 2005-08-16 10:18 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll + 2005-08-16 10:27 . 2010-03-28 20:34 196960 c:\windows\system32\FNTCACHE.DAT + 2005-08-16 10:18 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll - 2005-08-16 10:18 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll + 2005-08-16 10:18 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll - 2005-08-16 10:18 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll + 2005-08-16 10:18 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll - 2005-08-16 10:18 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll + 2008-04-21 06:44 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll - 2008-04-21 06:44 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll - 2007-08-14 00:54 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll + 2007-08-14 00:54 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll + 2007-08-14 00:44 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll - 2007-08-14 00:44 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll + 2007-08-14 00:44 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll - 2007-08-14 00:44 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll + 2005-08-16 10:18 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll - 2005-08-16 10:18 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll - 2007-08-14 00:44 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll + 2007-08-14 00:44 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll + 2007-08-14 00:54 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll - 2007-08-14 00:54 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll - 2009-02-08 17:15 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll + 2009-02-08 17:15 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll - 2007-08-14 00:43 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe + 2007-08-14 00:43 . 2010-02-23 05:20 634648 c:\windows\system32\dllcache\iexplore.exe - 2009-02-08 17:15 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll + 2009-02-08 17:15 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll + 2007-08-14 00:54 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll - 2007-08-14 00:54 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll + 2007-08-14 00:39 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2007-08-14 00:39 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2009-02-08 17:15 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2009-02-08 17:15 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2005-08-16 10:18 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll - 2005-08-16 10:18 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll - 2005-08-16 10:18 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll + 2005-08-16 10:18 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll - 2005-08-16 10:18 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll + 2005-08-16 10:18 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll + 2007-08-14 00:54 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll - 2007-08-14 00:54 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll - 2007-08-14 00:35 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll + 2007-08-14 00:35 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll - 2007-08-14 00:35 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2007-08-14 00:35 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2007-08-14 00:39 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll + 2007-08-14 00:39 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll + 2009-10-24 04:34 . 2009-10-24 04:34 507904 c:\windows\system32\btwapi.dll + 2005-08-16 10:18 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll - 2005-08-16 10:18 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll + 2010-03-31 12:42 . 2010-01-05 10:00 832512 c:\windows\ie7updates\KB980182-IE7\wininet.dll + 2010-03-31 12:42 . 2010-01-05 10:00 233472 c:\windows\ie7updates\KB980182-IE7\webcheck.dll + 2010-03-31 12:42 . 2010-01-05 10:00 105984 c:\windows\ie7updates\KB980182-IE7\url.dll + 2010-03-31 12:42 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB980182-IE7\spuninst\updspapi.dll + 2010-03-31 12:42 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB980182-IE7\spuninst\spuninst.exe + 2010-03-31 12:42 . 2010-01-05 10:00 102912 c:\windows\ie7updates\KB980182-IE7\occache.dll + 2010-03-31 12:42 . 2010-01-05 10:00 671232 c:\windows\ie7updates\KB980182-IE7\mstime.dll + 2010-03-31 12:42 . 2010-01-05 10:00 193024 c:\windows\ie7updates\KB980182-IE7\msrating.dll + 2010-03-31 12:42 . 2010-01-05 10:00 477696 c:\windows\ie7updates\KB980182-IE7\mshtmled.dll + 2010-03-31 12:42 . 2010-01-05 10:00 459264 c:\windows\ie7updates\KB980182-IE7\msfeeds.dll + 2010-03-31 12:42 . 2009-12-18 13:05 634648 c:\windows\ie7updates\KB980182-IE7\iexplore.exe + 2010-03-31 12:42 . 2010-01-05 10:00 268288 c:\windows\ie7updates\KB980182-IE7\iertutil.dll + 2010-03-31 12:42 . 2010-01-05 10:00 192512 c:\windows\ie7updates\KB980182-IE7\iepeers.dll + 2010-03-31 12:42 . 2010-01-05 10:00 385024 c:\windows\ie7updates\KB980182-IE7\iedkcs32.dll + 2010-03-31 12:42 . 2010-01-05 10:00 380928 c:\windows\ie7updates\KB980182-IE7\ieapfltr.dll + 2010-03-31 12:42 . 2009-12-18 13:04 161792 c:\windows\ie7updates\KB980182-IE7\ieakui.dll + 2010-03-31 12:42 . 2010-01-05 10:00 230400 c:\windows\ie7updates\KB980182-IE7\ieaksie.dll + 2010-03-31 12:42 . 2010-01-05 10:00 153088 c:\windows\ie7updates\KB980182-IE7\ieakeng.dll + 2010-03-31 12:42 . 2010-01-05 10:00 133120 c:\windows\ie7updates\KB980182-IE7\extmgr.dll + 2010-03-31 12:42 . 2010-01-05 10:00 214528 c:\windows\ie7updates\KB980182-IE7\dxtrans.dll + 2010-03-31 12:42 . 2010-01-05 10:00 347136 c:\windows\ie7updates\KB980182-IE7\dxtmsft.dll + 2010-03-31 12:42 . 2010-01-05 10:00 124928 c:\windows\ie7updates\KB980182-IE7\advpack.dll + 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - 2006-12-02 06:25 . 2006-12-02 06:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - 2006-12-02 06:25 . 2006-12-02 06:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll - 2005-08-16 10:18 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll + 2005-08-16 10:18 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll + 2005-08-16 10:18 . 2010-03-11 12:38 3599872 c:\windows\system32\mshtml.dll + 2007-08-14 00:54 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll - 2007-08-14 00:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll - 2008-06-26 08:15 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll + 2008-06-26 08:15 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll + 2008-04-21 06:44 . 2010-03-11 12:38 3599872 c:\windows\system32\dllcache\mshtml.dll + 2009-02-08 17:15 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll - 2009-02-08 17:15 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll + 2010-03-31 12:42 . 2010-01-05 10:00 1168384 c:\windows\ie7updates\KB980182-IE7\urlmon.dll + 2010-03-31 12:42 . 2010-01-05 10:00 3599360 c:\windows\ie7updates\KB980182-IE7\mshtml.dll + 2010-03-31 12:42 . 2010-01-05 10:00 6067200 c:\windows\ie7updates\KB980182-IE7\ieframe.dll + 2010-03-28 20:10 . 2010-03-28 20:10 17059328 c:\windows\Installer\16ebf44.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShowLOMControl"="1 (0x1)" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-12 1347584] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-28 26112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] c:\documents and settings\Jake\Start Menu\Programs\Startup\ Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2008-1-6 106496] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-28 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] Slide and Negative Scanner.lnk - c:\progra~1\SILDEA~1\FotoLite.exe [2009-12-6 339968] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1144377801\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1144377801\\ee\\aim6.exe"= "c:\\Documents and Settings\\Edie\\Desktop\\utorrent.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\HEGames\\Football2002\\Football2002.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2/20/2010 10:22 AM 337064] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/20/2010 10:22 AM 135336] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2/20/2010 10:22 AM 405672] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/17/2008 9:42 PM 24652] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/27/2009 9:53 PM 691696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll Trusted Zone: internet Trusted Zone: mcafee.com TCP: {D28A2586-2B8F-473B-A46A-D730E4EAD8F8} = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: c:\documents and settings\Edie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-05 09:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3202028247-4144982765-1990511416-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:05,28,a2,7b,7f,f9,46,e8,5f,c5,c7,32,c1,02,6b,51,f4,3e,ae,87,50,1b,40, 5b,ca,dd,e5,1b,95,18,07,b4,fa,32,56,33,b0,c4,c7,8e,b0,39,24,ae,99,30,83,97,\ "??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\windows\System32\BCMLogon.dll - - - - - - - > 'lsass.exe'(1008) c:\program files\Avira\AntiVir Desktop\avsda.dll - - - - - - - > 'explorer.exe'(3576) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-04-05 09:46:28 ComboFix-quarantined-files.txt 2010-04-05 14:46 ComboFix2.txt 2010-03-20 04:11 Pre-Run: 43,860,307,968 bytes free Post-Run: 43,823,181,824 bytes free - - End Of File - - 0F8F741C99C11CBFF8F842655F5A866C
  7. OTL was also above -- sorry. Here is Extras: OTL Extras logfile created on: 4/4/2010 6:53:38 PM - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Edie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.44 Gb Total Space | 40.96 Gb Free Space | 59.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 232.83 Gb Total Space | 94.19 Gb Free Space | 40.46% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HIRTENSTEIN Current User Name: Edie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Common Files\AOL\1144377801\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1144377801\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\1144377801\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1144377801\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.) "C:\Documents and Settings\Edie\Desktop\utorrent.exe" = C:\Documents and Settings\Edie\Desktop\utorrent.exe:*:Enabled:
  8. I was able to run the Recovery Console FIXMBR. Here are the other logs, in order, as you request them: Root Repeal: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/04/04 18:51 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Hidden/Locked Files ------------------- Path: c:\documents and settings\jake\local settings\application data\gdipfontcachev1.dat Status: Allocation size mismatch (API: 16384, Raw: 12288) Path: Volume E:\ Status: MBR Rootkit Detected! Path: Volume E:\, Sector 1 Status: Sector mismatch Path: Volume E:\, Sector 2 Status: Sector mismatch Path: Volume E:\, Sector 3 Status: Sector mismatch Path: Volume E:\, Sector 4 Status: Sector mismatch Path: Volume E:\, Sector 5 Status: Sector mismatch Path: Volume E:\, Sector 6 Status: Sector mismatch Path: Volume E:\, Sector 7 Status: Sector mismatch Path: Volume E:\, Sector 8 Status: Sector mismatch Path: Volume E:\, Sector 9 Status: Sector mismatch Path: Volume E:\, Sector 10 Status: Sector mismatch Path: Volume E:\, Sector 11 Status: Sector mismatch Path: Volume E:\, Sector 12 Status: Sector mismatch Path: Volume E:\, Sector 13 Status: Sector mismatch Path: Volume E:\, Sector 14 Status: Sector mismatch Path: Volume E:\, Sector 15 Status: Sector mismatch Path: Volume E:\, Sector 16 Status: Sector mismatch Path: Volume E:\, Sector 17 Status: Sector mismatch Path: Volume E:\, Sector 18 Status: Sector mismatch Path: Volume E:\, Sector 19 Status: Sector mismatch Path: Volume E:\, Sector 20 Status: Sector mismatch Path: Volume E:\, Sector 21 Status: Sector mismatch Path: Volume E:\, Sector 22 Status: Sector mismatch Path: Volume E:\, Sector 23 Status: Sector mismatch Path: Volume E:\, Sector 24 Status: Sector mismatch Path: Volume E:\, Sector 25 Status: Sector mismatch Path: Volume E:\, Sector 26 Status: Sector mismatch Path: Volume E:\, Sector 27 Status: Sector mismatch Path: Volume E:\, Sector 28 Status: Sector mismatch Path: Volume E:\, Sector 29 Status: Sector mismatch Path: Volume E:\, Sector 30 Status: Sector mismatch Path: Volume E:\, Sector 31 Status: Sector mismatch Path: Volume E:\, Sector 32 Status: Sector mismatch Path: Volume E:\, Sector 33 Status: Sector mismatch Path: Volume E:\, Sector 34 Status: Sector mismatch Path: Volume E:\, Sector 35 Status: Sector mismatch Path: Volume E:\, Sector 36 Status: Sector mismatch Path: Volume E:\, Sector 37 Status: Sector mismatch Path: Volume E:\, Sector 38 Status: Sector mismatch Path: Volume E:\, Sector 39 Status: Sector mismatch Path: Volume E:\, Sector 40 Status: Sector mismatch Path: Volume E:\, Sector 41 Status: Sector mismatch Path: Volume E:\, Sector 42 Status: Sector mismatch Path: Volume E:\, Sector 43 Status: Sector mismatch Path: Volume E:\, Sector 44 Status: Sector mismatch Path: Volume E:\, Sector 45 Status: Sector mismatch Path: Volume E:\, Sector 46 Status: Sector mismatch Path: Volume E:\, Sector 47 Status: Sector mismatch Path: Volume E:\, Sector 48 Status: Sector mismatch Path: Volume E:\, Sector 49 Status: Sector mismatch Path: Volume E:\, Sector 50 Status: Sector mismatch Path: Volume E:\, Sector 51 Status: Sector mismatch Path: Volume E:\, Sector 52 Status: Sector mismatch Path: Volume E:\, Sector 53 Status: Sector mismatch Path: Volume E:\, Sector 54 Status: Sector mismatch Path: Volume E:\, Sector 55 Status: Sector mismatch Path: Volume E:\, Sector 56 Status: Sector mismatch Path: Volume E:\, Sector 57 Status: Sector mismatch Path: Volume E:\, Sector 58 Status: Sector mismatch Path: Volume E:\, Sector 59 Status: Sector mismatch Path: Volume E:\, Sector 60 Status: Sector mismatch Path: Volume E:\, Sector 61 Status: Sector mismatch Path: Volume E:\, Sector 62 Status: Sector mismatch Path: E:\System Volume Information Status: Visible to the Windows API, but not on disk. Path: E:\Recycled Status: Visible to the Windows API, but not on disk. Path: E:\Music Status: Visible to the Windows API, but not on disk. Path: E:\Backup Documents Status: Visible to the Windows API, but not on disk. Path: E:\Pictures Status: Visible to the Windows API, but not on disk. Path: E:\Playlists Status: Visible to the Windows API, but not on disk. Path: E:\Classical Status: Visible to the Windows API, but not on disk. Path: E:\Movies Status: Visible to the Windows API, but not on disk. Path: E:\Applications Status: Visible to the Windows API, but not on disk. Path: E:\Xmas Status: Visible to the Windows API, but not on disk. Path: E:\$RECYCLE.BIN Status: Visible to the Windows API, but not on disk. Path: E:\Karate Handbook Status: Visible to the Windows API, but not on disk. Path: E:\Adobe Status: Visible to the Windows API, but not on disk. Path: E:\Audio Books Status: Visible to the Windows API, but not on disk. Path: E:\Transparency0130.JPG Status: Visible to the Windows API, but not on disk. OTL logfile created on: 4/4/2010 6:53:38 PM - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Edie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.44 Gb Total Space | 40.96 Gb Free Space | 59.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 232.83 Gb Total Space | 94.19 Gb Free Space | 40.46% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HIRTENSTEIN Current User Name: Edie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/04 18:53:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edie\Desktop\OTL.exe PRC - [2010/03/24 09:03:16 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/03/24 09:03:15 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2010/03/24 09:03:15 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2010/03/24 09:03:15 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/03/24 09:03:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/24 09:03:15 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe PRC - [2009/09/17 16:43:00 | 000,339,968 | ---- | M] () -- C:\Program Files\Silde and Negative Scanner\FotoLite.exe PRC - [2009/09/10 14:58:58 | 000,090,112 | ---- | M] (Product) -- C:\Program Files\Silde and Negative Scanner\WDUScan.exe PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2008/12/16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe PRC - [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe PRC - [2006/03/28 02:05:02 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe PRC - [2005/12/15 11:44:40 | 000,839,680 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe ========== Modules (SafeList) ========== MOD - [2010/04/04 18:53:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edie\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9) SRV - [2010/03/24 09:03:16 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/03/24 09:03:15 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010/03/24 09:03:15 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010/03/24 09:03:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) ========== Driver Services (SafeList) ========== DRV - [2010/03/24 09:03:16 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/03/24 09:03:16 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/02/20 10:11:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/02/20 10:08:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/11/04 09:12:25 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/09/02 21:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2008/09/19 10:28:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2008/09/19 10:28:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/03/28 02:05:04 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/12/01 08:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2005/12/01 08:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2005/12/01 08:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2005/11/29 05:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/11/02 20:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005/08/05 17:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005/07/15 00:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/07/14 23:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/07/13 01:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2004/12/06 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004/12/06 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004/12/06 02:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004/12/06 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004/12/06 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004/12/06 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004/12/06 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004/12/06 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004/12/06 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres) DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm) DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5) DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln) DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.10 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/31 01:08:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/18 10:05:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 23:55:01 | 000,000,000 | ---D | M] [2008/06/21 18:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Mozilla\Extensions [2010/01/31 11:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\extensions [2010/01/30 10:48:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/11/09 08:15:52 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/01/10 13:37:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/01/30 10:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\extensions\foxmarks@kei.com [2009/11/04 09:12:34 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\searchplugins\daemon-search.xml [2007/03/11 17:13:07 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Edie\Application Data\Mozilla\Firefox\Profiles\3xbdec6r.default\searchplugins\siteadvisor.xml [2010/04/01 16:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: ([2006/07/14 22:13:20 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 85.17.40.69 tracker.oink.me.uk O1 - Hosts: 85.17.40.70 irc.oink.me.uk O1 - Hosts: 85.17.40.71 oink.me.uk O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [showLOMControl] Reg Error: Invalid data type. File not found O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe () O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Slide and Negative Scanner.lnk = C:\Program Files\Silde and Negative Scanner\FotoLite.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/06/30 21:23:46 | 000,000,000 | ---D | M] O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/06/30 21:23:46 | 000,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/06/30 21:23:46 | 000,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/06/30 21:23:46 | 000,000,000 | ---D | M] O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Edie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Edie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/04/04 18:53:07 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edie\Desktop\OTL.exe [2010/04/04 18:23:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edie\Desktop\TFC.exe [2010/04/04 01:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edie\Application Data\Avira [2010/04/03 18:42:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/03/28 15:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2010/03/28 10:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edie\Local Settings\Application Data\Yahoo! [2010/03/21 12:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edie\DoctorWeb [2010/03/21 12:05:13 | 000,000,000 | ---D | C] -- C:\Rooter$ [2010/03/21 12:04:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/03/21 12:03:31 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Edie\Desktop\Rooter.exe [2010/03/19 23:00:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/03/19 23:00:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/03/19 23:00:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/03/19 23:00:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/03/19 23:00:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/19 20:28:54 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Edie\Desktop\ATF-Cleaner.exe [2010/03/19 20:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/03/19 20:10:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Edie\Desktop\erunt-setup.exe [2009/11/09 00:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/11/09 00:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2009/11/09 00:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla [2009/11/09 00:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla [2009/08/26 22:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio [2008/04/11 10:06:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2007/08/25 13:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2006/06/20 22:50:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek [2006/04/04 21:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2005/08/16 05:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2005/08/16 05:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft ========== Files - Modified Within 30 Days ========== [2010/04/04 18:53:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edie\Desktop\OTL.exe [2010/04/04 18:52:00 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Edie\NTUSER.DAT [2010/04/04 18:35:03 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\RootRepeal.zip [2010/04/04 18:33:30 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/04 18:33:30 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/04 18:33:30 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/04 18:29:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/04 18:29:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/04 18:29:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/04 18:28:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Edie\ntuser.ini [2010/04/04 18:23:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edie\Desktop\TFC.exe [2010/04/04 18:20:47 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\Defogger.exe [2010/04/04 10:03:00 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2010/04/03 19:17:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/04/03 19:04:43 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT [2010/04/03 10:35:12 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\gmer.zip [2010/04/02 14:07:48 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2010/03/30 11:18:19 | 000,000,727 | ---- | M] () -- C:\WINDOWS\win.ini [2010/03/29 20:59:48 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Edie\My Documents\pool.bin [2010/03/28 15:54:46 | 001,199,795 | ---- | M] () -- C:\Documents and Settings\Edie\My Documents\LoaderBackup-(2010-03-28).ipd [2010/03/28 15:34:34 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/03/28 15:10:11 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\Desktop Manager.lnk [2010/03/28 11:53:24 | 271,491,416 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\501_b073_multilanguage.exe [2010/03/24 09:03:16 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/03/24 09:03:16 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/03/21 12:16:25 | 034,715,400 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\drweb-cureit.exe [2010/03/21 12:03:31 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Edie\Desktop\Rooter.exe [2010/03/19 23:08:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/03/19 22:55:15 | 003,895,220 | R--- | M] () -- C:\Documents and Settings\Edie\Desktop\Combo-Fix.exe [2010/03/19 20:28:55 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Edie\Desktop\ATF-Cleaner.exe [2010/03/19 20:16:16 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\NTREGOPT.lnk [2010/03/19 20:16:16 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\ERUNT.lnk [2010/03/19 20:10:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Edie\Desktop\erunt-setup.exe [2010/03/13 12:42:56 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Edie\Desktop\dds.scr [2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010/03/11 07:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010/03/11 07:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010/03/11 07:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll [2010/03/11 07:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010/03/11 07:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010/03/11 07:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010/03/11 07:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010/03/11 07:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010/03/11 07:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010/03/11 07:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll [2010/03/11 07:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010/03/11 07:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2010/03/11 07:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2010/03/11 07:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010/03/11 07:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010/03/11 07:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010/03/11 07:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll [2010/03/11 07:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010/03/11 07:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010/03/11 07:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010/03/11 07:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010/03/11 07:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010/03/11 07:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010/03/11 07:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010/03/11 07:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010/03/11 07:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010/03/11 07:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll [2010/03/11 07:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll [2010/03/11 07:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010/03/11 07:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010/03/11 07:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010/03/11 07:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010/03/11 07:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll [2010/03/11 07:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll [2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010/03/11 07:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll [2010/03/11 07:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll [2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll [2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010/03/11 07:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll [2010/03/11 07:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll [2010/03/11 07:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010/03/11 07:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll [2010/03/11 07:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2010/03/11 07:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2010/03/11 07:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [2010/03/10 08:18:46 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2010/03/10 08:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe [2010/03/10 08:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe [2010/03/10 08:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2010/03/10 08:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2010/03/10 00:37:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/03/10 00:31:21 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Edie\My Documents\20.doc [2010/03/07 18:12:07 | 000,749,795 | ---- | M] () -- C:\Documents and Settings\Edie\My Documents\Scott and Jake-new_edited-1.jpg ========== Files Created - No Company Name ========== [2010/04/04 18:35:01 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\RootRepeal.zip [2010/04/04 00:43:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\gmer.exe [2010/04/03 10:35:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\gmer.zip [2010/03/28 18:12:48 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Edie\My Documents\pool.bin [2010/03/28 15:54:46 | 001,199,795 | ---- | C] () -- C:\Documents and Settings\Edie\My Documents\LoaderBackup-(2010-03-28).ipd [2010/03/28 15:10:11 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\Desktop Manager.lnk [2010/03/28 11:35:02 | 271,491,416 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\501_b073_multilanguage.exe [2010/03/21 12:08:57 | 034,715,400 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\drweb-cureit.exe [2010/03/19 23:00:58 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/03/19 23:00:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/03/19 23:00:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/03/19 23:00:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/03/19 23:00:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/03/19 22:55:14 | 003,895,220 | R--- | C] () -- C:\Documents and Settings\Edie\Desktop\Combo-Fix.exe [2010/03/19 20:11:24 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\NTREGOPT.lnk [2010/03/19 20:11:24 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Edie\Desktop\ERUNT.lnk [2010/03/10 00:31:21 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Edie\My Documents\20.doc [2010/03/07 18:12:03 | 000,749,795 | ---- | C] () -- C:\Documents and Settings\Edie\My Documents\Scott and Jake-new_edited-1.jpg [2010/02/09 19:02:38 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Edie\defogger_reenable [2009/12/28 00:10:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI [2009/12/27 18:25:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PrintingModule [2009/12/27 18:25:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Edie\Application Data\Pop Kit [2009/12/27 18:25:41 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT [2009/12/27 18:25:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\filter [2009/12/27 18:25:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PrintsService [2009/12/27 18:25:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Edie\Application Data\PreferencePane [2009/12/27 18:25:38 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\howto [2009/12/27 16:43:10 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT [2009/12/27 14:31:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Basic [2009/12/27 14:31:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Edie\Application Data\Home [2009/12/27 14:31:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT [2009/12/27 14:31:26 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Images [2009/12/27 14:03:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Horn Section [2009/12/27 14:03:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Edie\Application Data\Helper Scripts [2009/12/27 14:03:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2009/12/27 14:03:49 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Icons [2009/12/06 20:58:51 | 000,001,701 | ---- | C] () -- C:\WINDOWS\if42le.ini [2009/12/06 20:58:51 | 000,000,272 | ---- | C] () -- C:\WINDOWS\Pexplore.ini [2009/12/06 20:17:54 | 000,015,360 | R--- | C] () -- C:\WINDOWS\System32\GetInst32.dll [2009/12/06 20:14:09 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL [2009/09/16 21:12:57 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Edie\GoToAssistDownloadHelper.exe [2009/09/15 13:47:05 | 000,014,528 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojogy.lib [2009/09/13 18:28:31 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2007/10/14 22:28:25 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/10/14 22:28:25 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007/10/14 22:28:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/08/22 20:29:34 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Edie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/05/25 18:27:49 | 000,000,800 | ---- | C] () -- C:\WINDOWS\hegames.ini [2007/04/24 08:34:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2007/04/08 20:50:06 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Edie\presets.ini [2006/10/23 20:21:29 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/07/26 15:01:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/07/26 12:37:45 | 000,000,649 | ---- | C] () -- C:\WINDOWS\tlknw3.ini [2006/07/26 12:24:58 | 000,000,280 | ---- | C] () -- C:\WINDOWS\wldtlk3.ini [2006/04/16 12:35:26 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/04/16 12:35:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\2D2D42F5C5.sys [2006/04/15 16:53:13 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Edie\bittorrent_errors.log [2006/04/08 19:41:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Edie\.gtk-bookmarks [2006/04/06 21:39:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/04/03 22:01:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/04/03 20:16:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Edie\Local Settings\Application Data\fusioncache.dat [2006/04/03 20:16:43 | 007,077,888 | -H-- | C] () -- C:\Documents and Settings\Edie\NTUSER.DAT [2006/04/03 20:16:43 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Edie\ntuser.dat.LOG [2006/04/03 20:16:43 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Edie\ntuser.ini [2006/04/03 20:15:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2006/04/03 20:15:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2006/03/28 02:17:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/03/28 02:05:36 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/03/28 02:01:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006/03/28 01:28:24 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/03/28 01:28:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006/03/28 01:27:50 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006/03/28 01:27:28 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll ========== LOP Check ========== [2009/09/16 21:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/11/04 09:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2009/12/27 18:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2006/11/08 21:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2008/01/06 21:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm [2009/12/06 20:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft [2009/12/27 14:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2010/03/28 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2009/12/27 18:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2008/07/17 21:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/05/06 23:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2006/04/06 10:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\.bittorrent [2010/03/28 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Blackberry Desktop [2009/08/27 22:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\DAEMON Tools Lite [2007/10/13 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\dBpoweramp [2009/12/27 18:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Nikon [2008/11/06 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Opera [2008/02/03 14:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Research In Motion [2010/04/03 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\uTorrent [2008/09/12 23:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edie\Application Data\Viewpoint ========== Purity Check ========== < End of report >
  9. OK, found a second DVD with drivers, diagnostics and utilities. Is that the right one?
  10. I have the "Reinstallation DVD" for Windows XP. Just want to be sure I am barking up the right tree
  11. Ok - I will do this. 90% sure I have the windows disk. Also, just to be sure - do I do this in addition to or instead of the previous instructions? (I'm on my phone and I might have missed it).
  12. Will get to this later on today. Here's what Avira says. I think the two sharp beeps are Avira detecting the viruses. I recently upgraded to the premium version. A virus or unwanted program 'BOO/Sinowal.E' [virus] was found in Master boot sector of drive 'Master boot sector HD1'. Action executed: Deny access A virus or unwanted program 'BOO/Sinowal.E' [virus] was found in Boot sector of drive 'E:'. Action executed: Deny access
  13. Here it is. The virus is still being picked up in my scan (twice -- once in C and once in my external drive). The PC now makes two sharp beeps every time we boot. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-04 09:38:54 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Edie\LOCALS~1\Temp\uxloipow.sys ---- System - GMER 1.0.15 ---- SSDT F7D1A26E ZwCreateKey SSDT F7D1A264 ZwCreateThread SSDT F7D1A273 ZwDeleteKey SSDT F7D1A27D ZwDeleteValueKey SSDT F7D1A29B ZwLoadDriver SSDT F7D1A282 ZwLoadKey SSDT F7D1A250 ZwOpenProcess SSDT F7D1A255 ZwOpenThread SSDT F7D1A28C ZwReplaceKey SSDT F7D1A287 ZwRestoreKey SSDT F7D1A2A0 ZwSetSystemInformation SSDT F7D1A278 ZwSetValueKey SSDT F7D1A25F ZwTerminateProcess SSDT F7D1A25A ZwWriteVirtualMemory ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs A8F32400 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0A 0x7C 0xA8 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0x7C 0xAB 0x1C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x9E 0x13 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0A 0x7C 0xA8 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0x7C 0xAB 0x1C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x9E 0x13 0x1A ... ---- EOF - GMER 1.0.15 ----
  14. Hi Maurice -- I know you have been busy -- just want to be sure this is on the radar
  15. Hi again Maurice -- I killed the Dr Web process. It scanned an additional 5 files in 8 hours today as the process had slowed to 9kbps. That cannot be right -- at this rate it would be years to scan the whole PC. Here is the Rooter .txt file. Let me know what to do next. Thanks again -- Edie Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 3 [32_bits] - x86 Family 6 Model 14 Stepping 8, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [sharedAccess] RUNNING (state:4) Windows Firewall -> Enabled . Internet Explorer 7.0.5730.13 . C:\ [Fixed-NTFS] .. ( Total:68 Go - Free:41 Go ) D:\ [CD_Rom] E:\ [Fixed-FAT32] .. ( Total:232 Go - Free:95 Go ) . Scan : 12:04.47 Path : C:\Documents and Settings\Edie\Desktop\Rooter.exe User : Edie ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (492) ______ \??\C:\WINDOWS\system32\csrss.exe (920) ______ \??\C:\WINDOWS\system32\winlogon.exe (944) ______ C:\WINDOWS\system32\services.exe (992) ______ C:\WINDOWS\system32\lsass.exe (1004) ______ C:\WINDOWS\system32\svchost.exe (1212) ______ C:\WINDOWS\system32\svchost.exe (1296) ______ C:\WINDOWS\System32\svchost.exe (1356) ______ C:\WINDOWS\system32\svchost.exe (1480) ______ C:\WINDOWS\system32\svchost.exe (1536) ______ C:\WINDOWS\System32\WLTRYSVC.EXE (1740) ______ C:\WINDOWS\System32\bcmwltry.exe (1756) ______ C:\WINDOWS\system32\spoolsv.exe (1948) ______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (2024) ______ C:\WINDOWS\system32\svchost.exe (260) ______ C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (472) ______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (532) ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (552) ______ C:\Program Files\Bonjour\mDNSResponder.exe (584) ______ C:\WINDOWS\eHome\ehRecvr.exe (644) ______ C:\WINDOWS\eHome\ehSched.exe (812) ______ C:\WINDOWS\system32\svchost.exe (868) ______ C:\WINDOWS\system32\svchost.exe (440) ______ C:\Program Files\Java\jre6\bin\jqs.exe (1376) ______ C:\Program Files\Common Files\Motive\McciCMService.exe (1664) ______ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (1864) ______ C:\WINDOWS\system32\svchost.exe (2180) ______ C:\WINDOWS\system32\svchost.exe (2192) ______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (2220) ______ C:\WINDOWS\ehome\mcrdsvc.exe (2320) ______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3984) ______ C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (2800) ______ C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (2952) ______ C:\WINDOWS\system32\dllhost.exe (3016) ______ C:\Program Files\iPod\bin\iPodService.exe (2056) ______ C:\WINDOWS\System32\alg.exe (2452) ______ C:\WINDOWS\System32\svchost.exe (3980) ______ C:\WINDOWS\System32\svchost.exe (1508) ______ C:\WINDOWS\System32\svchost.exe (3540) ______ \??\C:\WINDOWS\system32\csrss.exe (3936) ______ \??\C:\WINDOWS\system32\winlogon.exe (2780) ______ C:\WINDOWS\Explorer.EXE (416) ______ C:\WINDOWS\ehome\ehtray.exe (4416) ______ C:\WINDOWS\system32\hkcmd.exe (4056) ______ C:\WINDOWS\system32\igfxpers.exe (6036) ______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (728) ______ C:\WINDOWS\system32\WLTRAY.exe (5060) ______ C:\WINDOWS\system32\igfxsrvc.exe (4432) ______ C:\Program Files\Dell\QuickSet\quickset.exe (6004) ______ C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (5100) ______ C:\Program Files\Real\RealPlayer\RealPlay.exe (3096) ______ C:\WINDOWS\system32\dla\tfswctrl.exe (4752) ______ C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (5868) ______ C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (4528) ______ C:\Program Files\Winamp\winampa.exe (5752) ______ C:\Program Files\iTunes\iTunesHelper.exe (3444) ______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (2872) ______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (2588) ______ C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (6076) ______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (1972) ______ C:\Program Files\NetWaiting\netWaiting.exe (6000) ______ C:\Program Files\DellSupport\DSAgnt.exe (4856) ______ C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (1408) ______ C:\WINDOWS\system32\ctfmon.exe (4852) ______ C:\Program Files\Digital Line Detect\DLG.exe (3532) ______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (3116) ______ C:\PROGRA~1\SILDEA~1\FotoLite.exe (5200) ______ C:\WINDOWS\eHome\ehmsas.exe (4572) ______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (1428) ______ C:\Program Files\Silde and Negative Scanner\WDUScan.exe (3200) ______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (4984) ______ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (1152) ______ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (1768) ______ C:\WINDOWS\system32\wscntfy.exe (2096) ______ C:\Documents and Settings\Edie\Desktop\Rooter.exe (3588) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:73484651520) \Device\Harddisk0\Partition3 (Start_Offset:73525777920 | Length:4984519680) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 12:05.13 . C:\Rooter$\Rooter_1.txt - (21/03/2010 | 12:05.13)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.