brucealutus
2009-05-27, 19:03
thanks peku, please see below OTSscanIt log:
OTScanIt2 logfile created on: 5/27/2009 12:51:08 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\Sorin\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.87% Memory free
3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 4.57 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-E60FFE2AE3
Current User Name: Sorin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
acs.exe -> %ProgramFiles%\D-Link\D-Link DWA-643 Xtreme N ExpressCard Notebook Adapter\acs.exe -> [2006/11/03 17:43:50 | 00,360,532 | ---- | M] (Atheros)
bcmwltry.exe -> %SystemRoot%\System32\bcmwltry.exe -> [2006/11/01 15:48:10 | 01,253,376 | ---- | M] (Dell Inc.)
cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [2009/03/20 11:34:46 | 00,700,152 | ---- | M] ()
cntaosmgr.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\CNTAoSMgr.exe -> [2008/08/07 07:51:10 | 00,435,576 | ---- | M] (Trend Micro Inc.)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/04/28 12:40:20 | 00,307,704 | ---- | M] (Mozilla Corporation)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2006/06/06 20:06:44 | 00,077,824 | ---- | M] (Intel Corporation)
hpzipm12.exe -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -> [2005/04/29 20:44:06 | 00,069,632 | ---- | M] (HP)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2006/06/06 20:10:40 | 00,118,784 | ---- | M] (Intel Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 21:04:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/04/07 21:04:43 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
ntrtscan.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> [2009/05/15 07:23:20 | 00,963,880 | ---- | M] (Trend Micro Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
pccntmon.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\pccntmon.exe -> [2009/05/15 07:23:20 | 00,718,120 | ---- | M] (Trend Micro Inc.)
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> [2008/02/01 15:55:54 | 00,747,912 | ---- | M] (PC Tools)
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> [2008/02/01 15:55:56 | 00,948,616 | ---- | M] (PC Tools)
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> [2008/02/01 15:55:56 | 01,103,240 | ---- | M] (PC Tools)
tmlisten.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [2009/05/15 07:23:20 | 00,996,648 | ---- | M] (Trend Micro Inc.)
wcf731.exe -> %SystemRoot%\TEMP\WCF731.EXE -> [2009/05/15 07:23:22 | 00,296,224 | ---- | M] (Trend Micro Inc.)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
webupdatesvc4.exe -> %SystemRoot%\system32\WebUpdateSvc4.exe -> [2007/04/04 10:27:34 | 00,229,856 | ---- | M] (Data Perceptions / PowerProgrammer)
wltray.exe -> %SystemRoot%\system32\WLTRAY.exe -> [2006/11/01 15:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 15:48:12 | 00,020,480 | ---- | M] ()
[Win32 Services - Safe List]
(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %ProgramFiles%\D-Link\D-Link DWA-643 Xtreme N ExpressCard Notebook Adapter\acs.exe -> [2006/11/03 17:43:50 | 00,360,532 | ---- | M] (Atheros)
(cmdAgent) COMODO Internet Security Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [2009/03/20 11:34:46 | 00,700,152 | ---- | M] ()
(dmserverNtmsSvc) Logical Disk Manager dmserverNtmsSvc [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\alrsvcq.exe -> [2009/05/21 19:31:44 | 00,050,688 | RHS- | M] ()
(gusvc) Google Software Updater [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/30 23:41:18 | 00,183,280 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 21:04:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(ntrtscan) OfficeScanNT RealTime Scan [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> [2009/05/15 07:23:20 | 00,963,880 | ---- | M] (Trend Micro Inc.)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -> [2005/04/29 20:44:06 | 00,069,632 | ---- | M] (HP)
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> [2008/02/01 15:55:54 | 00,747,912 | ---- | M] (PC Tools)
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> [2008/02/01 15:55:56 | 00,948,616 | ---- | M] (PC Tools)
(tmlisten) OfficeScan NT Listener [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [2009/05/15 07:23:20 | 00,996,648 | ---- | M] (Trend Micro Inc.)
(TmProxy) OfficeScan NT Proxy Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmProxy.exe -> [2008/08/07 07:51:04 | 00,652,552 | ---- | M] (Trend Micro Inc.)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
(WebUpdate4) Web Update Wizard Service V4 by PowerProgrammer [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WebUpdateSvc4.exe -> [2007/04/04 10:27:34 | 00,229,856 | ---- | M] (Data Perceptions / PowerProgrammer)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 15:48:12 | 00,020,480 | ---- | M] ()
[Driver Services - Safe List]
(AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ar5416.sys -> [2007/12/24 17:46:22 | 01,313,536 | ---- | M] (TamoSoft)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcmwl5.sys -> [2006/10/12 18:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2005/08/05 14:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation)
(cmdGuard) COMODO Firewall Pro Sandbox Driver [File_System | System | Running] -> %SystemRoot%\System32\DRIVERS\cmdguard.sys -> [2009/03/20 11:35:27 | 00,110,992 | ---- | M] (COMODO)
(cmdHlp) COMODO Firewall Pro Helper Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\cmdhlp.sys -> [2009/03/20 11:37:34 | 00,024,336 | ---- | M] (COMODO)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\CVirtA.sys -> [2003/05/01 14:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSX_DPV.sys -> [2005/12/01 04:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSXHWAZL.sys -> [2005/12/01 04:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2006/06/06 20:32:54 | 01,168,860 | ---- | M] (Intel Corporation)
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> [2008/02/01 15:55:52 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.)
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> [2007/12/10 17:53:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.)
(IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> [2007/12/10 17:53:28 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.)
(Inspect) COMODO Firewall Pro Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\inspect.sys -> [2009/03/20 11:37:33 | 00,080,400 | ---- | M] (COMODO)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2005/10/05 02:57:08 | 00,012,544 | ---- | M] (Conexant)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2008/06/10 20:07:16 | 00,043,528 | ---- | M] (Sonic Solutions)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/05/14 14:22:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2009/05/14 14:22:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> [2009/05/14 14:22:00 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2007/05/10 13:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.)
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2009/05/15 07:23:24 | 00,142,992 | ---- | M] (Trend Micro Inc.)
(TmFilter) Trend Micro Filter [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmXPFlt.sys -> [2009/03/27 19:16:26 | 00,225,296 | ---- | M] (Trend Micro Inc.)
(TmPreFilter) Trend Micro PreFilter [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmPreFlt.sys -> [2009/03/27 19:16:22 | 00,036,368 | ---- | M] (Trend Micro Inc.)
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\tmtdi.sys -> [2009/05/15 07:23:14 | 00,076,688 | ---- | M] (Trend Micro Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(VSApiNt) Trend Micro VSAPI NT [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\VSApiNt.sys -> [2009/03/27 18:56:52 | 01,220,088 | ---- | M] (Trend Micro Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSX_CNXT.sys -> [2005/12/01 04:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.)
(WSIMD) wsimd Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wsimd.sys -> [2006/10/31 19:29:16 | 00,055,840 | ---- | M] (Atheros Communications, Inc.)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.yahoo.com/?fr=fp-yie8 ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> Reg Error: Invalid data type. ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://mail.yahoo.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Sorin\Application Data\Mozilla\FireFox\Profiles\y0yyjjoj.default\prefs.js ->
browser.startup.homepage -> "https://login.yahoo.com/config/mail?.intl=us" ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.071303000006 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Sorin\Application Data\Mozilla\FireFox\Profiles\y0yyjjoj.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/04/07 21:04:45 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/05/10 03:33:06 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/04/28 12:40:26 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Sorin\Application Data\mozilla\Extensions -> [2009/04/22 14:04:38 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Sorin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/04/22 14:04:38 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Sorin\Application Data\mozilla\Firefox\Profiles\y0yyjjoj.default\extensions -> [2009/05/25 16:20:20 | 00,096,823 | ---- | M] ()
-> C:\Documents and Settings\Sorin\Application Data\mozilla\Firefox\Profiles\y0yyjjoj.default\extensions\moveplayer@movenetworks.com -> [2009/05/25 16:20:20 | 00,096,823 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/04/28 12:40:24 | 09,756,664 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/04/28 12:40:24 | 09,756,664 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/05/10 03:33:06 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/04/28 12:40:20 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/04/28 12:40:20 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/04/28 12:40:26 | 00,000,000 | ---D | M]
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/04/28 12:40:22 | 00,065,528 | ---- | M] (mozilla.org)
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/04/22 14:04:29 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/04/09 01:51:14 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/04/09 01:51:14 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/04/09 01:51:14 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/04/09 01:51:14 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/04/09 01:51:14 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/04/09 01:51:14 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/04/09 01:51:14 | 00,000,792 | ---- | M] ()
< HOSTS File > (687 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 02:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2008/08/12 17:13:00 | 01,437,696 | ---- | M] (Skype Technologies S.A.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> [2008/10/04 00:24:34 | 00,652,784 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/04/07 21:04:43 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/04/07 21:04:45 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY.exe] -> [2006/11/01 15:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/06/06 20:06:44 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/06/06 20:10:40 | 00,118,784 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/06/06 20:09:58 | 00,094,208 | ---- | M] (Intel Corporation)
"ISTray" -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> [2008/02/01 15:55:56 | 01,103,240 | ---- | M] (PC Tools)
"OfficeScanNT Monitor" -> %ProgramFiles%\Trend Micro\OfficeScan Client\pccntmon.exe ["C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow] -> [2009/05/15 07:23:20 | 00,718,120 | ---- | M] (Trend Micro Inc.)
"SigmatelSysTrayApp" -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> [2007/05/10 13:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/04/07 21:04:43 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
"Flags" -> Reg Error: Invalid data type. [Reg Error: Invalid data type.] -> File not found
"Title" -> [UnHackMe Rootkit Check] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> [2007/08/30 20:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Sorin Startup Folder > -> C:\Documents and Settings\Sorin\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 16:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/08/12 17:13:00 | 01,437,696 | ---- | M] (Skype Technologies S.A.)
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 17:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] ->
{31435657-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab [Reg Error: Key error.] ->
{41564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab [Reg Error: Key error.] ->
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} [HKLM] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab [OnlineScanner Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab [BDSCANONLINE Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> https://reutersus.webex.com/client/T26L/training/ieatgpc.cab [GpcContainer Class] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{BF81DFE8-1F24-4D62-B5D9-3B45022D13D9} -> (Dell Wireless 1370 WLAN Mini-PCI Card) ->
{CDA56691-2BE2-43C3-B9A7-417424E2483F} -> (Broadcom 440x 10/100 Integrated Controller) ->
{DEF3C572-456F-4F4F-AD03-22E52D50D0F1} -> ([CommView] D-Link DWA-643 Xtreme N Notebook ExpressCard Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 12:05:34 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2006/06/06 20:05:50 | 00,139,264 | ---- | M] (Intel Corporation)
WgaLogon -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe" -> C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe [C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe:*:Enabled:WEP key recovery] -> [2008/06/20 20:19:56 | 00,495,616 | ---- | M] (TamoSoft)
"C:\Program Files\SAS\SAS 9.1\sas.exe" -> C:\Program Files\SAS\SAS 9.1\sas.exe [C:\Program Files\SAS\SAS 9.1\sas.exe:*:Enabled:SAS 9.1 for Windows] -> [2006/01/25 21:42:42 | 00,072,064 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/08/12 17:13:00 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\SopCast\adv\SopAdver.exe" -> C:\Program Files\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> [2007/03/07 06:27:12 | 00,567,384 | ---- | M] (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" -> C:\Program Files\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> [2007/11/26 03:34:38 | 01,888,256 | ---- | M] (www.sopcast.com)
"C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus] -> [2007/12/03 23:28:42 | 00,254,976 | ---- | M] (Azureus Inc)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 20:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 20:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/07/05 18:47:39 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
\E\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
\E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
\E\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{32384982-8f10-11dd-8c7c-001422aa1205}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32384982-8f10-11dd-8c7c-001422aa1205}\Shell\AutoRun\command
\{32384982-8f10-11dd-8c7c-001422aa1205}\Shell\AutoRun\command\\"" -> E:\WD_Windows_Tools\Setup.exe [E:\WD_Windows_Tools\Setup.exe] -> File not found
\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell
\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun
\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun\command
\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/05/27 12:48:31 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/27 12:47:51 | 00,665,196 | ---- | C] ()
User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> [2009/05/25 21:17:44 | 00,000,426 | -H-- | C] ()
Move Networks -> %AppData%\Move Networks -> [2009/05/25 16:20:49 | 00,000,000 | ---D | C]
a99bbca1.sys -> %SystemRoot%\System32\drivers\a99bbca1.sys -> [2009/05/25 01:23:51 | 00,097,216 | ---- | C] ()
cc_20090525_012230.reg -> %UserProfile%\My Documents\cc_20090525_012230.reg -> [2009/05/25 01:22:32 | 00,009,362 | ---- | C] ()
Recent -> %UserProfile%\Recent -> [2009/05/25 01:21:52 | 00,000,000 | RH-D | C]
rsit -> %SystemDrive%\rsit -> [2009/05/24 11:46:54 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/24 11:46:20 | 00,781,909 | ---- | C] ()
spybot.exe -> %UserProfile%\Desktop\spybot.exe -> [2009/05/24 00:16:20 | 16,409,960 | ---- | C] (Safer Networking Limited )
cc_20090524_001020.reg -> %UserProfile%\My Documents\cc_20090524_001020.reg -> [2009/05/24 00:10:26 | 00,078,748 | ---- | C] ()
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [2009/05/22 23:11:15 | 00,000,000 | ---D | C]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [2009/05/22 23:11:04 | 00,000,000 | ---D | C]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [2009/05/22 23:11:04 | 00,000,000 | ---D | C]
HostsMan Backups -> %AllUsersProfile%\Documents\HostsMan Backups -> [2009/05/22 22:51:57 | 00,000,000 | ---D | C]
abelhadigital.com -> %AppData%\abelhadigital.com -> [2009/05/22 22:51:56 | 00,000,000 | ---D | C]
abelhadigital.com -> %AllUsersProfile%\Application Data\abelhadigital.com -> [2009/05/22 22:51:56 | 00,000,000 | ---D | C]
HostsMan -> %ProgramFiles%\HostsMan -> [2009/05/22 22:51:30 | 00,000,000 | ---D | C]
ERDNT -> %SystemRoot%\ERDNT -> [2009/05/22 19:23:44 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/22 19:23:21 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/05/22 19:23:02 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/05/22 19:23:02 | 00,000,592 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/05/22 19:23:01 | 00,000,000 | ---D | C]
Minidump -> %SystemRoot%\Minidump -> [2009/05/22 01:28:02 | 00,000,000 | ---D | C]
4038024988.dat -> %SystemRoot%\System32\4038024988.dat -> [2009/05/21 19:31:56 | 00,000,100 | --S- | C] ()
_id.dat -> %SystemRoot%\System32\_id.dat -> [2009/05/21 19:31:56 | 00,000,000 | ---- | C] ()
alrsvcq.exe -> %SystemRoot%\System32\alrsvcq.exe -> [2009/05/21 19:31:45 | 00,050,688 | RHS- | C] ()
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/05/16 10:39:26 | 00,142,992 | ---- | C] (Trend Micro Inc.)
.housecall6.6 -> %UserProfile%\.housecall6.6 -> [2009/05/15 17:23:45 | 00,000,000 | ---D | C]
CSC -> %SystemRoot%\CSC -> [2009/05/11 18:56:15 | 00,000,000 | -HSD | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/05/11 18:40:27 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/05/11 18:40:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/05/11 18:40:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/05/11 18:40:17 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/05/11 18:40:17 | 00,000,000 | ---D | C]
malware -> %SystemDrive%\malware -> [2009/05/11 18:29:04 | 00,000,000 | ---D | C]
sasreg -> %SystemDrive%\sasreg -> [2009/05/11 18:00:20 | 00,000,000 | ---D | C]
SAS -> %AllUsersProfile%\Application Data\SAS -> [2009/05/11 17:25:43 | 00,000,000 | ---D | C]
oc30.dll -> %SystemRoot%\System32\oc30.dll -> [2009/05/11 17:09:45 | 00,638,464 | ---- | C] (Microsoft Corporation)
sasperf.dll -> %SystemRoot%\System32\sasperf.dll -> [2009/05/11 17:09:43 | 00,013,600 | ---- | C] ()
SAS Configuration Information -> %UserProfile%\My Documents\SAS Configuration Information -> [2009/05/11 17:03:19 | 00,000,000 | ---D | C]
SAS -> %ProgramFiles%\SAS -> [2009/05/11 16:58:02 | 00,000,000 | ---D | C]
Paper on CSR honors college.doc -> %UserProfile%\Desktop\Paper on CSR honors college.doc -> [2009/05/06 14:18:57 | 00,326,144 | ---- | C] ()
KB905474 -> %SystemRoot%\System32\KB905474 -> [2009/05/06 03:05:43 | 00,000,000 | ---D | C]
cfgrt_ex.ini -> %SystemRoot%\cfgrt_ex.ini -> [2009/04/08 13:35:10 | 00,008,002 | ---- | C] ()
WgaTray.dll -> %SystemRoot%\System32\WgaTray.dll -> [2009/04/04 23:54:26 | 00,000,000 | ---- | C] ()
wuw.INI -> %SystemRoot%\wuw.INI -> [2008/12/29 19:50:12 | 00,000,076 | ---- | C] ()
CSGina.dll -> %SystemRoot%\System32\CSGina.dll -> [2008/11/04 12:01:17 | 00,143,384 | ---- | C] ()
guard32.dll -> %SystemRoot%\System32\guard32.dll -> [2008/10/19 03:36:50 | 00,155,384 | ---- | C] ()
qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [2008/09/19 17:57:34 | 03,596,288 | ---- | C] ()
dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [2008/09/19 17:55:10 | 00,000,416 | ---- | C] ()
dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [2008/09/19 17:55:10 | 00,000,416 | ---- | C] ()
DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [2008/09/19 17:54:18 | 00,012,288 | ---- | C] ()
unrar.dll -> %SystemRoot%\System32\unrar.dll -> [2008/09/01 00:55:54 | 00,164,352 | ---- | C] ()
avisplitter.ini -> %SystemRoot%\avisplitter.ini -> [2008/09/01 00:55:54 | 00,000,038 | ---- | C] ()
xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [2008/09/01 00:55:51 | 00,815,104 | ---- | C] ()
xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [2008/09/01 00:55:50 | 00,180,224 | ---- | C] ()
ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [2008/09/01 00:55:49 | 00,007,680 | ---- | C] ()
ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [2008/09/01 00:55:49 | 00,000,547 | ---- | C] ()
cpwmon2k.dll -> %SystemRoot%\System32\cpwmon2k.dll -> [2008/08/12 13:03:13 | 00,087,552 | ---- | C] ()
pdf2word.INI -> %SystemRoot%\pdf2word.INI -> [2008/07/16 12:49:15 | 00,000,394 | ---- | C] ()
cfgall.ini -> %SystemRoot%\cfgall.ini -> [2008/07/07 19:17:27 | 00,014,066 | ---- | C] ()
ODBC.INI -> %SystemRoot%\ODBC.INI -> [2008/07/05 20:13:20 | 00,000,376 | ---- | C] ()
preflib.dll -> %SystemRoot%\System32\preflib.dll -> [2008/07/05 19:24:43 | 00,086,016 | ---- | C] ()
bcm1xsup.dll -> %SystemRoot%\System32\bcm1xsup.dll -> [2008/07/05 19:24:42 | 00,757,760 | ---- | C] ()
OnlineScannerDLLA.dll -> %SystemRoot%\System32\OnlineScannerDLLA.dll -> [2008/02/11 09:39:26 | 00,253,952 | ---- | C] ()
OnlineScannerDLLW.dll -> %SystemRoot%\System32\OnlineScannerDLLW.dll -> [2008/02/11 09:39:18 | 00,237,568 | ---- | C] ()
OnlineScannerLang.dll -> %SystemRoot%\System32\OnlineScannerLang.dll -> [2008/02/08 13:53:46 | 00,110,592 | ---- | C] ()
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [2008/01/09 15:01:48 | 00,000,453 | ---- | C] ()
lnod32apiW.dll -> %SystemRoot%\System32\lnod32apiW.dll -> [2007/07/27 14:49:02 | 00,225,355 | ---- | C] ()
lnod32apiA.dll -> %SystemRoot%\System32\lnod32apiA.dll -> [2007/07/27 14:49:02 | 00,196,683 | ---- | C] ()
lnod32umc.dll -> %SystemRoot%\System32\lnod32umc.dll -> [2005/12/05 19:25:22 | 00,139,264 | ---- | C] ()
lnod32upd.dll -> %SystemRoot%\System32\lnod32upd.dll -> [2005/12/05 12:37:10 | 00,106,496 | ---- | C] ()
DLXAPI32.DLL -> %SystemRoot%\System32\DLXAPI32.DLL -> [2005/01/03 11:10:44 | 00,319,488 | ---- | C] ()
win.ini -> %SystemRoot%\win.ini -> [2004/08/04 08:00:00 | 00,000,573 | ---- | C] ()
system.ini -> %SystemRoot%\system.ini -> [2004/08/04 08:00:00 | 00,000,227 | ---- | C] ()
OUTLPERF.INI -> %SystemRoot%\System32\OUTLPERF.INI -> [2003/01/07 18:05:08 | 00,002,695 | ---- | C] ()
giveio.sys -> %SystemRoot%\System32\giveio.sys -> [1996/04/03 15:33:26 | 00,005,248 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
a99bbca1.sys -> %SystemRoot%\System32\drivers\a99bbca1.sys -> [2009/05/27 12:56:45 | 00,097,216 | ---- | M] ()
User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> [2009/05/27 12:55:00 | 00,000,426 | -H-- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/27 12:47:55 | 00,665,196 | ---- | M] ()
cfgall.ini -> %SystemRoot%\cfgall.ini -> [2009/05/27 12:47:16 | 00,014,066 | ---- | M] ()
User_Feed_Synchronization-{A08EB93D-5AC4-46BB-A03E-C1E654899581}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{A08EB93D-5AC4-46BB-A03E-C1E654899581}.job -> [2009/05/27 12:26:26 | 00,000,422 | -H-- | M] ()
Perflib_Perfdata_110.dat -> %SystemRoot%\Temp\Perflib_Perfdata_110.dat -> [2009/05/27 09:15:30 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/05/27 09:15:25 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/05/27 09:15:08 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/05/27 00:44:30 | 08,126,464 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/05/27 00:44:01 | 00,000,278 | -HS- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-Sorin\engine\bases\sfdb.dat -> [2009/05/26 12:02:18 | 00,000,084 | ---- | M] ()
kosglue-7.0.26.0.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\kosglue-7.0.26.0.dll -> [2009/05/26 11:43:43 | 00,729,152 | ---- | M] (Kaspersky Lab)
prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\prLoader.dll -> [2009/05/26 11:43:43 | 00,184,320 | ---- | M] (Kaspersky Lab)
prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\prremote.dll -> [2009/05/26 11:43:43 | 00,090,112 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\msvcr80.dll -> [2009/05/26 11:43:42 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\msvcp80.dll -> [2009/05/26 11:43:42 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\kave.dll -> [2009/05/26 11:43:42 | 00,282,624 | ---- | M] (Kaspersky Lab.)
ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\ikave.dll -> [2009/05/26 11:43:42 | 00,065,536 | ---- | M] ()
ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\ScanningProcess.exe -> [2009/05/26 11:43:41 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\FSSync.dll -> [2009/05/26 11:43:41 | 00,038,400 | ---- | M] (Kaspersky Lab)
msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\msvcm80.dll -> [2009/05/26 11:43:40 | 00,479,232 | ---- | M] (Microsoft Corporation)
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/05/25 22:48:04 | 00,000,284 | ---- | M] ()
4038024988.dat -> %SystemRoot%\System32\4038024988.dat -> [2009/05/25 01:23:53 | 00,000,100 | --S- | M] ()
cc_20090525_012230.reg -> %UserProfile%\My Documents\cc_20090525_012230.reg -> [2009/05/25 01:22:36 | 00,009,362 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/24 11:46:21 | 00,781,909 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/24 00:35:09 | 00,005,529 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/24 00:35:09 | 00,004,232 | ---- | M] ()
spybot.exe -> %UserProfile%\Desktop\spybot.exe -> [2009/05/24 00:16:31 | 16,409,960 | ---- | M] (Safer Networking Limited )
cc_20090524_001020.reg -> %UserProfile%\My Documents\cc_20090524_001020.reg -> [2009/05/24 00:10:41 | 00,078,748 | ---- | M] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2009/05/24 00:08:05 | 00,001,548 | ---- | M] ()
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009/05/23 21:19:03 | 00,000,687 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/05/23 19:47:05 | 04,240,656 | -H-- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/05/23 19:16:07 | 00,000,573 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/05/23 19:16:07 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/05/23 19:16:07 | 00,000,211 | -H-- | M] ()
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/22 19:23:21 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/05/22 19:23:02 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/05/22 19:23:02 | 00,000,592 | ---- | M] ()
_id.dat -> %SystemRoot%\System32\_id.dat -> [2009/05/21 19:31:56 | 00,000,000 | ---- | M] ()
alrsvcq.exe -> %SystemRoot%\System32\alrsvcq.exe -> [2009/05/21 19:31:44 | 00,050,688 | RHS- | M] ()
tmuninst.ini -> %SystemDrive%\tmuninst.ini -> [2009/05/21 17:22:10 | 00,000,021 | ---- | M] ()
pdf2word.INI -> %SystemRoot%\pdf2word.INI -> [2009/05/20 17:07:17 | 00,000,394 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/05/19 13:04:06 | 00,002,206 | ---- | M] ()
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/05/15 07:23:24 | 00,142,992 | ---- | M] (Trend Micro Inc.)
WCF731.EXE -> %SystemRoot%\Temp\WCF731.EXE -> [2009/05/15 07:23:22 | 00,296,224 | ---- | M] (Trend Micro Inc.)
tmtdi.sys -> %SystemRoot%\System32\drivers\tmtdi.sys -> [2009/05/15 07:23:14 | 00,076,688 | ---- | M] (Trend Micro Inc.)
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/05/11 19:23:01 | 00,047,616 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/05/11 19:08:17 | 00,212,080 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/05/11 19:03:40 | 00,361,752 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/05/11 19:03:40 | 00,316,990 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/05/11 19:03:40 | 00,041,814 | ---- | M] ()
vpd.properties -> %SystemRoot%\vpd.properties -> [2009/05/11 17:02:33 | 00,000,969 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation)
Paper on CSR honors college.doc -> %UserProfile%\Desktop\Paper on CSR honors college.doc -> [2009/05/06 15:35:39 | 00,326,144 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008/07/05 20:28:15 | 00,011,090 | ---- | M] ()
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a99bbca1]
"ImagePath"="\SystemRoot\System32\drivers\a99bbca1.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="Z3Jpemltdm96aW0ubmFtZQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\a99bbca1]
"ImagePath"="\SystemRoot\System32\drivers\a99bbca1.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="Z3Jpemltdm96aW0ubmFtZQ=="
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} 12 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 103 bytes
C:\Documents and Settings\Sorin\Favorites\1999 V6 Passat ABS-Brake Light - Car Forums and Automotive Chat.url:favicon 2238 bytes
C:\Documents and Settings\Sorin\Favorites\American Renaissance News Europe Xenophobia and Economic Recession.url:favicon 1406 bytes
C:\Documents and Settings\Sorin\Favorites\deceleration noise after ball joints replacement - VW Forum Volkswagen Forum.url:favicon 1150 bytes
C:\Documents and Settings\Sorin\Favorites\Engine Knock & Oil Pressure - Volkswagen Auto Repair Advice.url:favicon 318 bytes
C:\Documents and Settings\Sorin\Favorites\europe Xenophobia Rising STRATFOR.url:favicon 3638 bytes
C:\Documents and Settings\Sorin\Favorites\FT.com - In depth - Nico Colchester.url:favicon 3638 bytes
C:\Documents and Settings\Sorin\Favorites\GraphPad QuickCalcs chi square calculator.url:favicon 318 bytes
C:\Documents and Settings\Sorin\Favorites\http--www.watch-movies-links.net-movies-race_to_witch_mountain-.url:favicon 894 bytes
C:\Documents and Settings\Sorin\Favorites\Links\eBay.url:favicon 1406 bytes
C:\Documents and Settings\Sorin\Favorites\Links\Suggested Sites.url:favicon 25214 bytes
C:\Documents and Settings\Sorin\Favorites\Magazines for Cheap - Cheap Magazine Subscriptions.url:favicon 3638 bytes
C:\Documents and Settings\Sorin\Favorites\PChuck's Network Limited Or No Connectivity.url:favicon 3638 bytes
C:\Documents and Settings\Sorin\Favorites\tamos.url:favicon 2550 bytes
C:\Documents and Settings\Sorin\Favorites\usb.url:favicon 2550 bytes
C:\Documents and Settings\Sorin\Favorites\When I press hard on my brakes oil light comes on - Yahoo! Answers.url:favicon 1150 bytes
C:\Documents and Settings\Sorin\Favorites\Wireless doesn't work anymore Limited or no connectivity in General Discussion.url:favicon 3638 bytes
C:\Documents and Settings\Sorin\Favorites\Xenophobia across Europe threatens Turks, Turkey’s EU accession process.url:favicon 824 bytes
C:\Documents and Settings\Sorin\Favorites\YouTube - How to Crack WEP.url:favicon 1150 bytes
C:\Documents and Settings\Sorin\Favorites\YouTube - How to remove Windows genuine Advantage Notifications.url:favicon 318 bytes
C:\Documents and Settings\Sorin\Favorites\YouTube - Renaming EXE Files After Malware Blocks Security Programs.url:favicon 318 bytes
C:\Documents and Settings\visitor\Favorites\Links\Suggested Sites.url:favicon 25214 bytes
scan completed successfully
hidden files: 331
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
@Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> %SystemRoot%\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
< End of report >