View Full Version : this pc was stored away because of problems.
musicalpulltoy
2011-03-08, 22:15
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Patty at 14:01:05.43 on Tue 03/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.84 [GMT -7:00]
.
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patty\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021YYUS&fl=0&ptb=mhkeqj5NvbzccEW.YsYmFg&url=http://www.ask.com/web&q={searchTerms}&l=omws&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60318
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\fast browser search\ie\tbhelper.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - No File
BHO: {8C6D5A56-791E-4fe8-9D64-81781FA15D68} - No File
BHO: {908B8834-618C-3E5B-8B5F-48E676875CC7} - No File
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {1B2588F5-45CE-4322-B755-D79944AD1B17} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {12DA1BC4-5384-42FD-A119-3C99D2D146A2} - No File
EB: Search panel: {1e965fbb-c290-380a-8cec-f245bc551da7} - c:\windows\system32\utmvipdzjmjpwlwh.dll
EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File
EB: {C0B0250E-ED5D-4234-802D-AC0DA30CEC25} - No File
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\patty\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: &Search - ?p=ZKxdm021YYUS
IE: Crawler Search - tbr:iemenu
IE: {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\crawler\ssaver\CSSaver.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {32CE4494-BF50-41DF-A6A9-975FF47EBAB6} = 68.105.28.12,68.105.29.12,68.105.28.11
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\patty\applic~1\mozilla\firefox\profiles\m6xkyaay.default\
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
============= SERVICES / DRIVERS ===============
.
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-3-7 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-11-5 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-11-5 488952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
.
=============== Created Last 30 ================
.
2011-03-08 08:35:15 -------- d-----w- c:\docume~1\patty\locals~1\applic~1\Conduit
2011-03-08 08:27:45 -------- d-----w- c:\docume~1\patty\locals~1\applic~1\Yahoo
2011-03-08 08:04:33 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-03-08 07:27:23 -------- d-----w- c:\docume~1\patty\locals~1\applic~1\ZoneAlarm_Security
2011-03-08 07:22:58 -------- d-----w- c:\docume~1\patty\locals~1\applic~1\Mozilla
2011-03-08 07:22:41 -------- d-----w- c:\docume~1\patty\applic~1\CheckPoint
2011-03-07 23:20:05 -------- d-----w- c:\program files\Conduit
2011-03-07 23:20:03 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-03-07 23:19:45 -------- d-----w- c:\program files\CheckPoint
2011-03-07 23:19:23 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-07 23:19:23 -------- d-----w- c:\windows\system32\ZoneLabs
2011-03-07 23:19:20 -------- d-----w- c:\program files\Zone Labs
2011-03-07 23:18:01 -------- d-----w- c:\windows\Internet Logs
2011-03-07 22:53:07 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-07 22:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 21:58:46 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-07 21:58:45 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-07 21:58:28 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-07 21:57:47 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-07 21:55:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-07 20:05:24 -------- d-----w- C:\OEMSettings
2011-03-07 19:51:02 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-03-07 19:51:02 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-03-07 06:19:00 -------- d-----w- c:\program files\NETGEAR
2011-03-07 04:03:04 -------- d-sh--w- c:\documents and settings\patty\IECompatCache
.
==================== Find3M ====================
.
2011-03-07 23:12:19 56 -csh--r- c:\windows\system32\C6D8B39C0F.sys
2011-03-07 23:12:19 4808 -csha-w- c:\windows\system32\KGyGaAvL.sys
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:03:57.17 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Looking at some malware on your system :sad:
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
musicalpulltoy
2011-03-09, 21:52
thank you, i knew it would be full of bugs
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6003
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/9/2011 1:19:42 PM
mbam-log-2011-03-09 (13-19-42).txt
Scan type: Quick scan
Objects scanned: 187329
Time elapsed: 26 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 44
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42FD-A119-3C99D2D146A2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AD44D3E-7316-4251-B754-9B10EC96AF92} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{79F562E5-768C-4494-8E6C-824ADA4A9C2C} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B27CC68-110C-46A9-80D3-F3107DE6EB98} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B27CC68-110C-46A9-80D3-F3107DE6EB98} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6573479-9075-4A65-98A6-19FD29CF7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Value: {B7D3E479-CC68-42B5-A338-938ECE35F419} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Value: {B7D3E479-CC68-42B5-A338-938ECE35F419} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F3175B35-99CE-4297-A7E1-292562DD7AF3} (Rogue.DeusCleaner) -> Value: {F3175B35-99CE-4297-A7E1-292562DD7AF3} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F3175B35-99CE-4297-A7E1-292562DD7AF3} (Rogue.DeusCleaner) -> Value: {F3175B35-99CE-4297-A7E1-292562DD7AF3} -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\program files\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.
c:\program files\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
c:\program files\onestepsearch\onestepsearch_deleted_(3) (Adware.OneStepSearch) -> Quarantined and deleted successfully.
c:\program files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\Patty\start menu\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\d04617a2-ebd3-45a3-c256-aa7f199ab082.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WhoisCL.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\Patty\application data\urlredir.cfg (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clicktofindandfixerrors_us.ico (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cont_dcads-remove.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dcads-remove.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dcads_sidebar.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dcadssocial-uninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ieupdates.exe.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ldpackage.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\superiorads-uninst.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\onestepsearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
c:\program files\onestepsearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
Hello,
It removed a lot but one of the entries was related to a Rootkit so lets check futher.
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
musicalpulltoy
2011-03-10, 01:02
nothing found
2011/03/09 16:57:27.0343 2108 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/09 16:57:29.0343 2108 ================================================================================
2011/03/09 16:57:29.0343 2108 SystemInfo:
2011/03/09 16:57:29.0343 2108
2011/03/09 16:57:29.0343 2108 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/09 16:57:29.0343 2108 Product type: Workstation
2011/03/09 16:57:29.0343 2108 ComputerName: D1FTPKB1
2011/03/09 16:57:29.0343 2108 UserName: Patty
2011/03/09 16:57:29.0343 2108 Windows directory: C:\WINDOWS
2011/03/09 16:57:29.0343 2108 System windows directory: C:\WINDOWS
2011/03/09 16:57:29.0343 2108 Processor architecture: Intel x86
2011/03/09 16:57:29.0343 2108 Number of processors: 2
2011/03/09 16:57:29.0343 2108 Page size: 0x1000
2011/03/09 16:57:29.0343 2108 Boot type: Normal boot
2011/03/09 16:57:29.0343 2108 ================================================================================
2011/03/09 16:57:30.0859 2108 Initialize success
2011/03/09 16:57:40.0953 2436 ================================================================================
2011/03/09 16:57:40.0953 2436 Scan started
2011/03/09 16:57:40.0953 2436 Mode: Manual;
2011/03/09 16:57:40.0953 2436 ================================================================================
2011/03/09 16:57:45.0078 2436 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/09 16:57:45.0140 2436 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/09 16:57:45.0171 2436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/09 16:57:45.0218 2436 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/09 16:57:45.0265 2436 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/09 16:57:45.0375 2436 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/09 16:57:45.0531 2436 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/09 16:57:45.0625 2436 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/09 16:57:45.0718 2436 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/09 16:57:45.0859 2436 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/09 16:57:45.0953 2436 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/09 16:57:46.0000 2436 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/09 16:57:46.0046 2436 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/09 16:57:46.0093 2436 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/09 16:57:46.0140 2436 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/09 16:57:46.0187 2436 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/09 16:57:46.0265 2436 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/09 16:57:46.0296 2436 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/09 16:57:46.0312 2436 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/09 16:57:46.0343 2436 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/09 16:57:46.0531 2436 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/03/09 16:57:46.0625 2436 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/09 16:57:46.0671 2436 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/09 16:57:46.0781 2436 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/09 16:57:46.0875 2436 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/09 16:57:46.0953 2436 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/03/09 16:57:46.0984 2436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/09 16:57:47.0046 2436 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/09 16:57:47.0078 2436 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/09 16:57:47.0109 2436 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/09 16:57:47.0187 2436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/09 16:57:47.0312 2436 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/09 16:57:47.0359 2436 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/09 16:57:47.0437 2436 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/09 16:57:47.0515 2436 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/09 16:57:47.0531 2436 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/09 16:57:47.0609 2436 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/09 16:57:47.0687 2436 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/03/09 16:57:47.0906 2436 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/03/09 16:57:47.0953 2436 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/09 16:57:47.0968 2436 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/09 16:57:48.0015 2436 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/09 16:57:48.0078 2436 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/09 16:57:48.0125 2436 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/09 16:57:48.0171 2436 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/09 16:57:48.0218 2436 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/09 16:57:48.0296 2436 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/09 16:57:48.0406 2436 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/09 16:57:48.0593 2436 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/09 16:57:48.0703 2436 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/09 16:57:48.0875 2436 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/03/09 16:57:49.0000 2436 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/03/09 16:57:49.0093 2436 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/09 16:57:49.0203 2436 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/09 16:57:49.0265 2436 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/09 16:57:49.0296 2436 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/09 16:57:49.0343 2436 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/09 16:57:49.0406 2436 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/09 16:57:49.0437 2436 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/09 16:57:49.0531 2436 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/09 16:57:49.0625 2436 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/09 16:57:49.0671 2436 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/09 16:57:49.0765 2436 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/09 16:57:49.0859 2436 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/09 16:57:49.0953 2436 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/09 16:57:50.0125 2436 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/09 16:57:50.0203 2436 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/09 16:57:50.0359 2436 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/09 16:57:50.0437 2436 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/09 16:57:50.0484 2436 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/09 16:57:50.0515 2436 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/09 16:57:51.0109 2436 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/09 16:57:51.0578 2436 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/09 16:57:51.0687 2436 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/09 16:57:51.0734 2436 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/09 16:57:51.0781 2436 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/09 16:57:51.0812 2436 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/09 16:57:51.0843 2436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/09 16:57:52.0000 2436 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/09 16:57:52.0078 2436 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/09 16:57:52.0140 2436 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/09 16:57:52.0203 2436 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/09 16:57:52.0281 2436 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/09 16:57:52.0437 2436 ISWKL (5c7c9ea45700f5187f71eb7b0dab18c5) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/03/09 16:57:52.0515 2436 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/09 16:57:52.0625 2436 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/09 16:57:52.0750 2436 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/09 16:57:52.0859 2436 l8042pr2 (cb129b5b0e47b0f34be950939da52e7f) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
2011/03/09 16:57:53.0031 2436 LHidFlt2 (e8e25edb0d3ab0bc459405bcaf824fdf) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
2011/03/09 16:57:53.0250 2436 LKbdFlt2 (18e48e9d5683860773a078c7c3837daf) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
2011/03/09 16:57:53.0312 2436 LMouFlt2 (d1d5f7cbecef5c0c9f019b0c534be289) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
2011/03/09 16:57:53.0390 2436 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/03/09 16:57:53.0609 2436 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/09 16:57:53.0734 2436 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/09 16:57:53.0781 2436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/09 16:57:53.0843 2436 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/09 16:57:53.0953 2436 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2011/03/09 16:57:54.0109 2436 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/09 16:57:54.0234 2436 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/09 16:57:54.0296 2436 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/09 16:57:54.0390 2436 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/09 16:57:54.0453 2436 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/09 16:57:54.0515 2436 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/09 16:57:54.0578 2436 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/09 16:57:54.0625 2436 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/09 16:57:54.0718 2436 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/09 16:57:54.0796 2436 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/09 16:57:54.0875 2436 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/09 16:57:54.0937 2436 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/09 16:57:55.0015 2436 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/09 16:57:55.0109 2436 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/09 16:57:55.0234 2436 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/09 16:57:55.0328 2436 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/09 16:57:55.0406 2436 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/09 16:57:55.0453 2436 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/09 16:57:55.0515 2436 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/09 16:57:55.0671 2436 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/03/09 16:57:55.0812 2436 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/09 16:57:55.0843 2436 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/09 16:57:55.0937 2436 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/09 16:57:56.0062 2436 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/09 16:57:56.0250 2436 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/09 16:57:56.0437 2436 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/09 16:57:56.0500 2436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/09 16:57:56.0625 2436 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/03/09 16:57:56.0750 2436 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/03/09 16:57:56.0812 2436 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/03/09 16:57:56.0906 2436 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/03/09 16:57:56.0984 2436 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/09 16:57:57.0078 2436 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/03/09 16:57:57.0234 2436 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/03/09 16:57:57.0375 2436 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/09 16:57:57.0468 2436 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/09 16:57:57.0500 2436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/09 16:57:57.0546 2436 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/09 16:57:57.0625 2436 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/09 16:57:57.0687 2436 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/09 16:57:57.0812 2436 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/09 16:57:57.0921 2436 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/09 16:57:58.0046 2436 PnkBstrK (7476ca69ac9525f10b2af4a302c91806) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/03/09 16:57:58.0156 2436 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/09 16:57:58.0187 2436 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/09 16:57:58.0218 2436 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/09 16:57:58.0250 2436 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/09 16:57:58.0296 2436 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/09 16:57:58.0375 2436 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/09 16:57:58.0453 2436 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/09 16:57:58.0546 2436 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/09 16:57:58.0625 2436 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/09 16:57:58.0687 2436 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/09 16:57:58.0796 2436 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/09 16:57:58.0828 2436 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/09 16:57:58.0906 2436 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/09 16:57:58.0968 2436 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/09 16:57:59.0015 2436 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/09 16:57:59.0109 2436 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/09 16:57:59.0203 2436 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/09 16:57:59.0343 2436 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/09 16:57:59.0500 2436 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/03/09 16:57:59.0593 2436 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/03/09 16:57:59.0703 2436 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/03/09 16:57:59.0796 2436 RTL8187B (4e812ac89eec95aac9cacea29a0f8dc8) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
2011/03/09 16:57:59.0890 2436 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/03/09 16:58:00.0031 2436 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/09 16:58:00.0156 2436 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/09 16:58:00.0250 2436 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/09 16:58:00.0296 2436 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/09 16:58:00.0343 2436 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/03/09 16:58:00.0406 2436 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/03/09 16:58:00.0453 2436 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/09 16:58:00.0546 2436 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/09 16:58:00.0718 2436 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/09 16:58:00.0859 2436 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/09 16:58:00.0937 2436 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/09 16:58:01.0062 2436 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/09 16:58:01.0171 2436 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/09 16:58:01.0218 2436 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/09 16:58:01.0328 2436 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/09 16:58:01.0531 2436 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/09 16:58:01.0625 2436 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/09 16:58:01.0718 2436 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/09 16:58:01.0828 2436 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/09 16:58:01.0859 2436 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/09 16:58:01.0875 2436 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/09 16:58:01.0906 2436 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/09 16:58:01.0984 2436 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/09 16:58:02.0093 2436 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/09 16:58:02.0156 2436 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/03/09 16:58:02.0296 2436 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/09 16:58:02.0406 2436 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/09 16:58:02.0484 2436 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/09 16:58:02.0640 2436 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/09 16:58:02.0703 2436 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/09 16:58:02.0734 2436 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/09 16:58:02.0781 2436 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/09 16:58:02.0796 2436 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/09 16:58:02.0859 2436 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/09 16:58:02.0875 2436 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/09 16:58:02.0906 2436 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/09 16:58:02.0937 2436 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/09 16:58:03.0031 2436 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/09 16:58:03.0140 2436 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/03/09 16:58:03.0312 2436 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/09 16:58:03.0406 2436 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/09 16:58:03.0484 2436 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/09 16:58:03.0593 2436 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/09 16:58:03.0687 2436 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/09 16:58:03.0734 2436 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/09 16:58:03.0812 2436 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/09 16:58:03.0843 2436 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/09 16:58:03.0890 2436 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/09 16:58:03.0921 2436 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/09 16:58:04.0000 2436 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/09 16:58:04.0078 2436 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/09 16:58:04.0156 2436 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/03/09 16:58:04.0609 2436 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/03/09 16:58:04.0781 2436 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/09 16:58:04.0968 2436 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/09 16:58:05.0140 2436 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/09 16:58:05.0296 2436 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/09 16:58:05.0390 2436 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/09 16:58:05.0437 2436 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/09 16:58:05.0468 2436 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/09 16:58:05.0921 2436 ================================================================================
2011/03/09 16:58:05.0921 2436 Scan finished
2011/03/09 16:58:05.0921 2436 ================================================================================
2011/03/09 16:58:18.0187 2072 Deinitialize success
No Rootkit :bigthumb:
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
musicalpulltoy
2011-03-10, 06:26
5 bugs
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=eea5dd9fddfb904395d83c48c1ea2e6e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-10 05:19:13
# local_time=2011-03-09 10:19:13 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 101987 8853793 0 0
# scanned=127126
# found=5
# cleaned=5
# scan_time=5809
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Patty\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-116916f1 a variant of Java/TrojanDownloader.OpenStream.NAD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\CD Burning\WINDOWS\system32\dcads_sidebar.dll probably a variant of Win32/Agent.KTKXHVZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\CD Burning\WINDOWS\system32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Good Morning,
What ESET found where some leftover entries from the infections that Malwarebytes found, it also found some entries in Spybots recovery . Open Spybot and click on Recovery and delete anything that may be in there.
Run ATF Cleaner again and make sure Java Cache is selected also.
With what we removed there could be more so lets run this program
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
musicalpulltoy
2011-03-10, 11:33
things are improving! 1 popup during scan "PEV.exe" has encountered a problem and must shut down.
ComboFix 11-03-09.03 - Patty 03/10/2011 2:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.245 [GMT -7:00]
Running from: c:\documents and settings\Patty\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\3D.tmp
C:\45.tmp
C:\46.tmp
C:\49.tmp
c:\documents and settings\Patty\Application Data\alot
c:\documents and settings\Patty\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Patty\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Patty\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Patty\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Patty\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Patty\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Patty\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Patty\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Patty\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Patty\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Patty\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Patty\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Patty\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Patty\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Patty\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Patty\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Patty\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Patty\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Patty\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Patty\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Patty\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Patty\Application Data\alot\products\products.xml
c:\documents and settings\Patty\Application Data\alot\products\products.xml.backup
c:\documents and settings\Patty\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Patty\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Patty\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_2\images\default_2086_alot_fin_financialservices.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_2\images\default_2086_alot_fin_financialservices.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_3\images\alert-icon.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_3\images\cloudy.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_3\images\nmcloud.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_3\images\pcloud.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_4\images\default_1207_default_1449_cnn_button.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_4\images\default_1207_default_1449_cnn_button.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_5\images\2156_icon.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_5\images\2156_icon.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_5\images\default_1103_alot_lottery_dollar.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_5\images\default_1103_alot_lottery_dollar.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_6\images\default_1206_alot_new_newsroom.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_6\images\default_1206_alot_new_newsroom.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_7\images\1665_icon.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_7\images\1665_icon.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_7\images\default_1661_alot_ref_onlineeducation.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_7\images\default_1661_alot_ref_onlineeducation.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_8\images\1925_icon.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_8\images\1925_icon.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_8\images\default_1596_alot_mrkt_typewriter.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_8\images\default_1596_alot_mrkt_typewriter.png
c:\documents and settings\Patty\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.png
c:\documents and settings\Patty\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Patty\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Patty\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Patty\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\Patty\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\Patty\Application Data\alot\Tem6A.tmp
c:\documents and settings\Patty\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Patty\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Patty\Application Data\alot\toolbar.xml
c:\documents and settings\Patty\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Patty\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Patty\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Patty\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Patty\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Patty\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Patty\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Patty\Application Data\Logs\scns.log
c:\program files\asks~1
c:\program files\Common Files\asks~1
c:\program files\Common Files\mbols~1
c:\program files\Common Files\scurit~1
c:\program files\Common Files\ssembl~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\System\Uninstall
c:\program files\fnts~1
c:\program files\fnts~2
c:\program files\pppatc~1
c:\windows\crosof~1.net
c:\windows\racle~1
c:\windows\system32\dobe~1
c:\windows\system32\fnts~1
c:\windows\system32\icroso~1.net
c:\windows\system32\logs
c:\windows\system32\logs\Events.dat
c:\windows\system32\ystem3~1
c:\windows\WINDOWS
c:\windows\WINDOWS\0.log
c:\windows\WINDOWS\003076_.tmp
c:\windows\WINDOWS\Blue Lace 16.bmp
c:\windows\WINDOWS\bootstat.dat
c:\windows\WINDOWS\clock.avi
c:\windows\WINDOWS\Cmousecc.ini
c:\windows\WINDOWS\cmsetacl.log
c:\windows\WINDOWS\Coffee Bean.bmp
c:\windows\WINDOWS\COM+.log
c:\windows\WINDOWS\comsetup.log
c:\windows\WINDOWS\control.ini
c:\windows\WINDOWS\corelpf.lrs
c:\windows\WINDOWS\ctfile.rfc
c:\windows\WINDOWS\Dell.bmp
c:\windows\WINDOWS\desktop.ini
c:\windows\WINDOWS\DirectX.log
c:\windows\WINDOWS\dla.exe
c:\windows\WINDOWS\DPINST.LOG
c:\windows\WINDOWS\DtcInstall.log
c:\windows\WINDOWS\ehOCGen.log
c:\windows\WINDOWS\EmeraldQFE2.log
c:\windows\WINDOWS\explorer.exe
c:\windows\WINDOWS\explorer.scf
c:\windows\WINDOWS\FaxSetup.log
c:\windows\WINDOWS\FeatherTexture.bmp
c:\windows\WINDOWS\Gone Fishing.bmp
c:\windows\WINDOWS\Greenstone.bmp
c:\windows\WINDOWS\hh.exe
c:\windows\WINDOWS\IDNMitigationAPIs.log
c:\windows\WINDOWS\IE4 Error Log.txt
c:\windows\WINDOWS\ie7.log
c:\windows\WINDOWS\ie7_main.log
c:\windows\WINDOWS\ie8_main.log
c:\windows\WINDOWS\iis6.log
c:\windows\WINDOWS\imsins.BAK
c:\windows\WINDOWS\imsins.log
c:\windows\WINDOWS\inres.dll
c:\windows\WINDOWS\KB835221.log
c:\windows\WINDOWS\KB873339.log
c:\windows\WINDOWS\KB885250.log
c:\windows\WINDOWS\KB885835.log
c:\windows\WINDOWS\KB885836.log
c:\windows\WINDOWS\KB885855.log
c:\windows\WINDOWS\KB886185.log
c:\windows\WINDOWS\KB887472.log
c:\windows\WINDOWS\KB887998.log
c:\windows\WINDOWS\KB888113.log
c:\windows\WINDOWS\KB888302.log
c:\windows\WINDOWS\KB888795.log
c:\windows\WINDOWS\KB889673.log
c:\windows\WINDOWS\KB890046.log
c:\windows\WINDOWS\KB890859.log
c:\windows\WINDOWS\KB890927.log
c:\windows\WINDOWS\KB891593.log
c:\windows\WINDOWS\KB891781.log
c:\windows\WINDOWS\KB892627.log
c:\windows\WINDOWS\KB893056.log
c:\windows\WINDOWS\KB893756.log
c:\windows\WINDOWS\KB893803v2.log
c:\windows\WINDOWS\KB894391.log
c:\windows\WINDOWS\KB895316.log
c:\windows\WINDOWS\KB895961.log
c:\windows\WINDOWS\KB896256.log
c:\windows\WINDOWS\KB896358.log
c:\windows\WINDOWS\KB896422.log
c:\windows\WINDOWS\KB896423.log
c:\windows\WINDOWS\KB896424.log
c:\windows\WINDOWS\KB896428.log
c:\windows\WINDOWS\KB898461.log
c:\windows\WINDOWS\KB899337.log
c:\windows\WINDOWS\KB899510.log
c:\windows\WINDOWS\KB899587.log
c:\windows\WINDOWS\KB899588.log
c:\windows\WINDOWS\KB899589.log
c:\windows\WINDOWS\KB899591.log
c:\windows\WINDOWS\KB900325.log
c:\windows\WINDOWS\KB900485.log
c:\windows\WINDOWS\KB900725.log
c:\windows\WINDOWS\KB901017.log
c:\windows\WINDOWS\KB901214.log
c:\windows\WINDOWS\KB902344.log
c:\windows\WINDOWS\KB902400.log
c:\windows\WINDOWS\KB902841.log
c:\windows\WINDOWS\KB903157.log
c:\windows\WINDOWS\KB904706.log
c:\windows\WINDOWS\KB904942.log
c:\windows\WINDOWS\KB905414.log
c:\windows\WINDOWS\KB905749.log
c:\windows\WINDOWS\KB906569.log
c:\windows\WINDOWS\KB908246.log
c:\windows\WINDOWS\KB908250.log
c:\windows\WINDOWS\KB908519.log
c:\windows\WINDOWS\KB908531.log
c:\windows\WINDOWS\KB908673.log
c:\windows\WINDOWS\KB910393.log
c:\windows\WINDOWS\KB910437.log
c:\windows\WINDOWS\KB911280.log
c:\windows\WINDOWS\KB911562.log
c:\windows\WINDOWS\KB911567.log
c:\windows\WINDOWS\KB911927.log
c:\windows\WINDOWS\KB912024.log
c:\windows\WINDOWS\KB912067.log
c:\windows\WINDOWS\KB912919.log
c:\windows\WINDOWS\KB912945.log
c:\windows\WINDOWS\KB913580.log
c:\windows\WINDOWS\kb913800.exe
c:\windows\WINDOWS\KB913800.log
c:\windows\WINDOWS\KB914388.log
c:\windows\WINDOWS\KB914389.log
c:\windows\WINDOWS\KB914440.log
c:\windows\WINDOWS\KB915865.log
c:\windows\WINDOWS\KB916281.log
c:\windows\WINDOWS\KB916595.log
c:\windows\WINDOWS\KB917159.log
c:\windows\WINDOWS\KB917344.log
c:\windows\WINDOWS\KB917422.log
c:\windows\WINDOWS\KB917734.log
c:\windows\WINDOWS\KB917953.log
c:\windows\WINDOWS\KB918118.log
c:\windows\WINDOWS\KB918439.log
c:\windows\WINDOWS\KB918899.log
c:\windows\WINDOWS\KB919007.log
c:\windows\WINDOWS\KB920213.log
c:\windows\WINDOWS\KB920214.log
c:\windows\WINDOWS\KB920670.log
c:\windows\WINDOWS\KB920683.log
c:\windows\WINDOWS\KB920685.log
c:\windows\WINDOWS\KB920872.log
c:\windows\WINDOWS\KB921398.log
c:\windows\WINDOWS\KB921503.log
c:\windows\WINDOWS\KB921883.log
c:\windows\WINDOWS\KB922582.log
c:\windows\WINDOWS\KB922616.log
c:\windows\WINDOWS\KB922760.log
c:\windows\WINDOWS\KB922819.log
c:\windows\WINDOWS\KB923191.log
c:\windows\WINDOWS\KB923414.log
c:\windows\WINDOWS\KB923561.log
c:\windows\WINDOWS\KB923689.log
c:\windows\WINDOWS\KB923694.log
c:\windows\WINDOWS\KB923980.log
c:\windows\WINDOWS\KB924191.log
c:\windows\WINDOWS\KB924270.log
c:\windows\WINDOWS\KB924496.log
c:\windows\WINDOWS\KB924667.log
c:\windows\WINDOWS\KB925398.log
c:\windows\WINDOWS\KB925454.log
c:\windows\WINDOWS\KB925486.log
c:\windows\WINDOWS\KB925766.log
c:\windows\WINDOWS\KB925902.log
c:\windows\WINDOWS\KB926239.log
c:\windows\WINDOWS\KB926251.log
c:\windows\WINDOWS\KB926255.log
c:\windows\WINDOWS\KB926436.log
c:\windows\WINDOWS\KB927779.log
c:\windows\WINDOWS\KB927802.log
c:\windows\WINDOWS\KB927891.log
c:\windows\WINDOWS\KB928090.log
c:\windows\WINDOWS\KB928255.log
c:\windows\WINDOWS\KB928843.log
c:\windows\WINDOWS\KB929123.log
c:\windows\WINDOWS\KB929338.log
c:\windows\WINDOWS\KB929399.log
c:\windows\WINDOWS\KB929969.log
c:\windows\WINDOWS\KB930178.log
c:\windows\WINDOWS\KB930494.log
c:\windows\WINDOWS\KB930916.log
c:\windows\WINDOWS\KB931261.log
c:\windows\WINDOWS\KB931768.log
c:\windows\WINDOWS\KB931784.log
c:\windows\WINDOWS\KB931836.log
c:\windows\WINDOWS\KB932168.log
c:\windows\WINDOWS\KB932823-v3.log
c:\windows\WINDOWS\KB933360.log
c:\windows\WINDOWS\KB933566.log
c:\windows\WINDOWS\KB933729.log
c:\windows\WINDOWS\KB935839.log
c:\windows\WINDOWS\KB935840.log
c:\windows\WINDOWS\KB936021.log
c:\windows\WINDOWS\KB936357.log
c:\windows\WINDOWS\KB936782.log
c:\windows\WINDOWS\KB937143.log
c:\windows\WINDOWS\KB937894.log
c:\windows\WINDOWS\KB938127-IE7.log
c:\windows\WINDOWS\KB938127.log
c:\windows\WINDOWS\KB938464-v2.log
c:\windows\WINDOWS\KB938464.log
c:\windows\WINDOWS\KB938828.log
c:\windows\WINDOWS\KB938829.log
c:\windows\WINDOWS\KB939653.log
c:\windows\WINDOWS\KB939683.log
c:\windows\WINDOWS\KB941202.log
c:\windows\WINDOWS\KB941568.log
c:\windows\WINDOWS\KB941569.log
c:\windows\WINDOWS\KB941644.log
c:\windows\WINDOWS\KB941693.log
c:\windows\WINDOWS\KB942615-IE7.log
c:\windows\WINDOWS\KB942615.log
c:\windows\WINDOWS\KB942763.log
c:\windows\WINDOWS\KB942840.log
c:\windows\WINDOWS\KB943055.log
c:\windows\WINDOWS\KB943460.log
c:\windows\WINDOWS\KB943485.log
c:\windows\WINDOWS\KB944533-IE7.log
c:\windows\WINDOWS\KB944533.log
c:\windows\WINDOWS\KB944653.log
c:\windows\WINDOWS\KB945553.log
c:\windows\WINDOWS\KB946026.log
c:\windows\WINDOWS\KB946627.log
c:\windows\WINDOWS\KB946648.log
c:\windows\WINDOWS\KB947864-IE7.log
c:\windows\WINDOWS\KB948590.log
c:\windows\WINDOWS\KB948881.log
c:\windows\WINDOWS\KB950749.log
c:\windows\WINDOWS\KB950759-IE7.log
c:\windows\WINDOWS\KB950760.log
c:\windows\WINDOWS\KB950762.log
c:\windows\WINDOWS\KB950974.log
c:\windows\WINDOWS\KB951066.log
c:\windows\WINDOWS\KB951072-v2.log
c:\windows\WINDOWS\KB951376-v2.log
c:\windows\WINDOWS\KB951376.log
c:\windows\WINDOWS\KB951698.log
c:\windows\WINDOWS\KB951748.log
c:\windows\WINDOWS\KB951978.log
c:\windows\WINDOWS\KB952004.log
c:\windows\WINDOWS\KB952069.log
c:\windows\WINDOWS\KB952287.log
c:\windows\WINDOWS\KB952954.log
c:\windows\WINDOWS\KB953838-IE7.log
c:\windows\WINDOWS\KB953839.log
c:\windows\WINDOWS\KB954154.log
c:\windows\WINDOWS\KB954211.log
c:\windows\WINDOWS\KB954459.log
c:\windows\WINDOWS\KB954600.log
c:\windows\WINDOWS\KB955069.log
c:\windows\WINDOWS\KB955839.log
c:\windows\WINDOWS\KB956390-IE7.log
c:\windows\WINDOWS\KB956391.log
c:\windows\WINDOWS\KB956572.log
c:\windows\WINDOWS\KB956802.log
c:\windows\WINDOWS\KB956803.log
c:\windows\WINDOWS\KB956841.log
c:\windows\WINDOWS\KB957095.log
c:\windows\WINDOWS\KB957097.log
c:\windows\WINDOWS\KB958215-IE7.log
c:\windows\WINDOWS\KB958644.log
c:\windows\WINDOWS\KB958687.log
c:\windows\WINDOWS\KB958690.log
c:\windows\WINDOWS\KB959426.log
c:\windows\WINDOWS\KB959772.log
c:\windows\WINDOWS\KB960225.log
c:\windows\WINDOWS\KB960714-IE7.log
c:\windows\WINDOWS\KB960715.log
c:\windows\WINDOWS\KB960803.log
c:\windows\WINDOWS\KB961260-IE7.log
c:\windows\WINDOWS\KB961373.log
c:\windows\WINDOWS\KB961501.log
c:\windows\WINDOWS\KB963027-IE7.log
c:\windows\WINDOWS\KB967715.log
c:\windows\WINDOWS\KB968537.log
c:\windows\WINDOWS\KB969897-IE7.log
c:\windows\WINDOWS\KB969898.log
c:\windows\WINDOWS\KB970238.log
c:\windows\WINDOWS\MCSetup.log
c:\windows\WINDOWS\MCSetup_UI.log
c:\windows\WINDOWS\medblker.Log
c:\windows\WINDOWS\MedCtrOC.log
c:\windows\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
c:\windows\WINDOWS\mp10oem.txt
c:\windows\WINDOWS\MSCompPackV1.log
c:\windows\WINDOWS\msdfmap.ini
c:\windows\WINDOWS\msgsocm.log
c:\windows\WINDOWS\msmqinst.log
c:\windows\WINDOWS\msoffice.ini
c:\windows\WINDOWS\msxml4-KB936181-enu.LOG
c:\windows\WINDOWS\msxml4-KB954430-enu.LOG
c:\windows\WINDOWS\netfxocm.log
c:\windows\WINDOWS\NLSDownlevelMapping.log
c:\windows\WINDOWS\notepad.exe
c:\windows\WINDOWS\nsreg.dat
c:\windows\WINDOWS\nsw.log
c:\windows\WINDOWS\ntbtlog.txt
c:\windows\WINDOWS\ntdtcsetup.log
c:\windows\WINDOWS\ocgen.log
c:\windows\WINDOWS\ocmsn.log
c:\windows\WINDOWS\ODBCINST.INI
c:\windows\WINDOWS\OEWABLog.txt
c:\windows\WINDOWS\plusoc.log
c:\windows\WINDOWS\Prairie Wind.bmp
c:\windows\WINDOWS\regedit.exe
c:\windows\WINDOWS\REGLOCS.OLD
c:\windows\WINDOWS\regopt.log
c:\windows\WINDOWS\Rhododendron.bmp
c:\windows\WINDOWS\River Sumida.bmp
c:\windows\WINDOWS\Santa Fe Stucco.bmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDSSSERV.SYS
.
.
((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))
.
.
2011-03-10 03:33 . 2011-03-10 03:33 -------- d-----w- c:\program files\ESET
2011-03-09 19:41 . 2011-03-09 19:41 -------- d-----w- c:\documents and settings\Patty\Application Data\Malwarebytes
2011-03-09 19:40 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-09 19:40 . 2011-03-09 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-09 19:39 . 2011-03-09 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-09 19:39 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-08 20:51 . 2011-03-08 20:52 -------- d-----w- c:\program files\ERUNT
2011-03-08 08:35 . 2011-03-08 08:35 -------- d-----w- c:\documents and settings\Patty\Local Settings\Application Data\Conduit
2011-03-08 08:27 . 2011-03-08 08:27 -------- d-----w- c:\documents and settings\Patty\Local Settings\Application Data\Yahoo
2011-03-08 08:04 . 2011-03-08 08:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-03-08 07:27 . 2011-03-08 08:41 -------- d-----w- c:\documents and settings\Patty\Local Settings\Application Data\ZoneAlarm_Security
2011-03-08 07:22 . 2011-03-08 07:22 -------- d-----w- c:\documents and settings\Patty\Local Settings\Application Data\Mozilla
2011-03-08 07:22 . 2011-03-08 07:22 -------- d-----w- c:\documents and settings\Patty\Application Data\CheckPoint
2011-03-08 03:16 . 2011-03-08 03:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo
2011-03-08 03:13 . 2011-03-08 03:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking
2011-03-08 03:10 . 2011-03-08 03:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2011-03-08 01:28 . 2011-03-08 01:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-03-07 23:20 . 2011-03-07 23:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\CheckPoint
2011-03-07 23:20 . 2011-03-07 23:20 -------- d-----w- c:\program files\Conduit
2011-03-07 23:20 . 2011-03-07 23:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2011-03-07 23:20 . 2011-03-07 23:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ZoneAlarm_Security
2011-03-07 23:20 . 2011-03-07 23:20 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-03-07 23:19 . 2011-03-07 23:19 -------- d-----w- c:\program files\CheckPoint
2011-03-07 23:19 . 2010-11-17 00:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-03-07 23:19 . 2010-11-17 00:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-03-07 23:19 . 2011-03-07 23:20 -------- d-----w- c:\windows\system32\ZoneLabs
2011-03-07 23:19 . 2010-11-17 00:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-07 23:19 . 2011-03-07 23:19 -------- d-----w- c:\program files\Zone Labs
2011-03-07 23:18 . 2011-03-10 10:15 -------- d-----w- c:\windows\Internet Logs
2011-03-07 23:12 . 2011-03-07 23:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2011-03-07 22:53 . 2011-02-03 04:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-07 22:53 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-07 21:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-07 21:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-07 21:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-07 21:57 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-07 21:57 . 2011-03-07 21:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-03-07 21:55 . 2010-12-20 23:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-07 21:38 . 2011-03-07 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2011-03-07 21:37 . 2011-03-07 21:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SupportSoft
2011-03-07 21:36 . 2011-03-07 21:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-07 20:05 . 2011-03-07 20:05 -------- d-----w- C:\OEMSettings
2011-03-07 19:51 . 2004-08-10 10:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-03-07 19:51 . 2004-08-10 10:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-03-07 06:19 . 2011-03-07 09:27 -------- d-----w- c:\program files\NETGEAR
2011-03-07 04:03 . 2011-03-07 04:03 -------- d-sh--w- c:\documents and settings\Patty\IECompatCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 00:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 00:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 02:19 . 2009-07-18 22:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 09:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 09:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 09:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-08-16 09:18 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2005-08-16 09:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 18:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 35328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-19 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-19 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-17 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]
.
c:\documents and settings\Patty\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-2 24576]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-02 01:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-08-02 14:55 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"OneStep Search Service"=2 (0x2)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NETGEAR\\WG111v3\\WG111v3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/5/2010 4:41 AM 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/5/2010 4:41 AM 488952]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 2:11 PM 224896]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/9/2011 12:40 PM 38224]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EHRECVR
*NewlyCreated* - EHSCHED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2009-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021YYUS&fl=0&ptb=mhkeqj5NvbzccEW.YsYmFg&url=http://www.ask.com/web&q={searchTerms}&l=omws&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\Crawler\SSaver\CSSaver.exe
TCP: {32CE4494-BF50-41DF-A6A9-975FF47EBAB6} = 68.105.28.12,68.105.29.12,68.105.28.11
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Patty\Application Data\Mozilla\Firefox\Profiles\m6xkyaay.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{908B8834-618C-3E5B-8B5F-48E676875CC7} - (no file)
Toolbar-SITEguard - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-McAfee Update - c:\docume~1\Patty\LOCALS~1\Temp\mcupdate_1299451678.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-RegPowerClean - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-10 03:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-747961726-1328221003-2830192379-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1092)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(1152)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LgMousHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-03-10 03:24:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-10 10:23
.
Pre-Run: 7,724,318,720 bytes free
Post-Run: 7,547,621,376 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8FF428FEAB63218DFED87006C0626351
Hi,
Looking much better
-------\Legacy_TDSSSERV.SYS
This was your rootkit and its been removed
There still is one item we need to fix with Combofix but before we do lets make sure there isn't anymore
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
musicalpulltoy
2011-03-10, 19:46
ok, a "run as dll popup" appeared and windows stoped it.
OTL logfile created on: 3/10/2011 11:38:09 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Patty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 7.03 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive D: | 17.20 Gb Total Space | 17.13 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Computer Name: D1FTPKB1 | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Patty\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Patty\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (l8042pr2) -- C:\WINDOWS\system32\drivers\L8042Pr2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021YYUS&fl=0&ptb=mhkeqj5NvbzccEW.YsYmFg&url=http://www.ask.com/web&q={searchTerms}&l=omws&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/03/07 16:59:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 15:08:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/07 15:53:07 | 000,000,000 | ---D | M]
[2011/03/08 00:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patty\Application Data\Mozilla\Extensions
[2011/03/09 15:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Profiles\m6xkyaay.default\extensions
[2011/03/09 15:41:14 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Profiles\m6xkyaay.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/03/08 00:33:25 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Profiles\m6xkyaay.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/03/09 15:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 15:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/07 16:59:47 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2009/07/18 15:47:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/03/10 03:12:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\Patty\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe (Crawler.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.carswallpapers.net/images/300/11635302047633..jpg
O24 - Desktop Components:1 () - http://www.carswallpapers.net/images/300/11635257666175..jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/10 11:34:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2011/03/10 02:45:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/10 02:40:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/10 02:40:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/10 02:40:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/10 02:40:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/10 02:40:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/10 02:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/09 20:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/09 16:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Desktop\tdsskiller
[2011/03/09 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\Malwarebytes
[2011/03/09 12:40:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/09 12:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/09 12:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/09 12:39:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/09 12:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/09 12:37:12 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patty\Desktop\mbam-setup.exe
[2011/03/09 12:24:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Patty\Desktop\ATF-Cleaner.exe
[2011/03/08 13:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/08 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/08 13:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/08 13:50:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Patty\Desktop\erunt-setup.exe
[2011/03/08 01:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Conduit
[2011/03/08 01:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Yahoo
[2011/03/08 01:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\Downloads
[2011/03/08 01:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/03/08 00:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\ZoneAlarm_Security
[2011/03/08 00:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\ForceField Shared Files
[2011/03/08 00:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Mozilla
[2011/03/08 00:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\Mozilla
[2011/03/08 00:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\CheckPoint
[2011/03/07 20:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/03/07 20:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/03/07 16:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/07 16:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011/03/07 16:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/03/07 16:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/03/07 16:19:36 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/03/07 16:19:33 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/03/07 16:19:33 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/03/07 16:19:24 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/03/07 16:19:23 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/03/07 16:19:23 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/03/07 16:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/03/07 16:19:22 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/03/07 16:19:22 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/03/07 16:19:20 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/03/07 16:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/03/07 16:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/03/07 16:17:59 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/03/07 16:17:59 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/03/07 16:17:59 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/03/07 15:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/03/07 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/07 15:53:06 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/07 15:53:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/07 15:53:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/07 15:53:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/07 15:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/07 14:58:46 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/03/07 14:58:45 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/03/07 14:58:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/03/07 14:57:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/03/07 14:55:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/03/07 13:05:24 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2011/03/07 13:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WG111v3 Smart Wizard
[2011/03/07 12:51:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2011/03/07 12:51:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/03/06 23:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/03/06 21:03:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IECompatCache
[2011/03/05 07:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\oooooooooooo
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/10 11:34:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2011/03/10 03:13:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/10 03:12:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/10 03:11:33 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/10 03:11:25 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/10 03:01:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/10 02:45:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/10 02:40:00 | 004,284,550 | R--- | M] () -- C:\Documents and Settings\Patty\Desktop\ComboFix.exe
[2011/03/10 02:18:44 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\airg.rtf
[2011/03/09 22:43:49 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\airg.rtf
[2011/03/09 16:55:15 | 001,261,440 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2011/03/09 13:27:21 | 000,421,443 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/09 12:40:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 12:38:51 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patty\Desktop\mbam-setup.exe
[2011/03/09 12:24:35 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Patty\Desktop\ATF-Cleaner.exe
[2011/03/08 14:06:10 | 000,002,072 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\Attach.zip
[2011/03/08 13:56:22 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\dds.scr
[2011/03/08 13:52:38 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Patty\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 13:52:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\ERUNT.lnk
[2011/03/08 13:51:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Patty\Desktop\erunt-setup.exe
[2011/03/08 05:16:09 | 000,012,830 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/08 01:01:18 | 000,403,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/08 01:01:18 | 000,063,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/08 00:22:00 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/07 20:08:56 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/03/07 16:19:39 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/07 16:12:19 | 000,004,808 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/03/07 16:12:19 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\C6D8B39C0F.sys
[2011/03/07 15:07:53 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/07 13:05:11 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/07 13:05:10 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/06 22:01:13 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/03/05 07:14:01 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Patty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/10 02:45:22 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/03/10 02:45:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/10 02:40:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/10 02:40:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/10 02:40:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/10 02:40:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/10 02:40:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/10 02:34:56 | 004,284,550 | R--- | C] () -- C:\Documents and Settings\Patty\Desktop\ComboFix.exe
[2011/03/09 22:44:08 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\airg.rtf
[2011/03/09 20:05:15 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\airg.rtf
[2011/03/09 16:55:14 | 001,261,440 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2011/03/09 12:40:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/08 14:06:10 | 000,002,072 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\Attach.zip
[2011/03/08 13:56:18 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\dds.scr
[2011/03/08 13:52:38 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Patty\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 13:52:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\ERUNT.lnk
[2011/03/07 20:08:56 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/03/07 16:19:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/07 16:19:20 | 000,421,443 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/07 15:07:53 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/07 13:05:10 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/07 13:05:10 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/05 05:21:53 | 526,843,904 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/15 05:49:53 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/31 09:34:50 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSosvd.dat
[2008/01/11 02:22:19 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2008/01/11 01:58:50 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/12/28 13:26:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/12/19 02:13:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/12/19 02:13:16 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/12/19 02:12:58 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/12/07 07:07:48 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/15 13:03:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wintisv.exe
[2007/09/14 00:50:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/04 21:47:03 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/06/26 18:29:43 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2007/06/26 18:29:43 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2007/05/31 11:57:48 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Patty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/27 18:20:15 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\XLATWW32.BIN
[2007/05/27 18:16:58 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[2007/05/27 18:16:58 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[2007/05/23 17:57:41 | 000,000,080 | -HS- | C] () -- C:\WINDOWS\System32\C6D8B39C0F.dll
[2006/10/27 05:18:03 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Patty\Application Data\PFP120JPR.{PB
[2006/10/27 05:18:03 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Patty\Application Data\PFP120JCM.{PB
[2006/10/27 05:17:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C6D8B39C0F.sys
[2006/08/09 19:07:05 | 000,000,088 | -HS- | C] () -- C:\WINDOWS\System32\0F9CB3D8C6.sys
[2006/08/09 19:07:04 | 000,004,808 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/09 17:05:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Patty\Local Settings\Application Data\fusioncache.dat
[2006/08/02 08:14:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/02 08:01:50 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/02 07:59:56 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/02 07:55:46 | 000,012,830 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/02 07:54:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/02 07:13:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/02 07:12:50 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/02 07:10:37 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:48:31 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,187,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/08/16 02:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 02:18:33 | 000,403,850 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,063,936 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 08:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
========== LOP Check ==========
[2008/09/09 14:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/06/23 18:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/11/26 08:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/11 03:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/08/02 07:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/27 16:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/11/26 09:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2008/11/02 13:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/03/08 00:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\CheckPoint
[2008/09/09 14:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\iWin
[2007/10/06 11:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Leadertech
[2008/05/11 21:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\LimeWire
[2011/03/10 03:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Logs
[2009/05/03 09:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\MSNInstaller
[2007/06/25 20:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Opera
[2008/06/23 18:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\PlayFirst
[2007/05/01 20:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Viewpoint
[2007/05/27 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\WildTangent
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2007/11/14 09:23:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\??crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Міcrosoft.NET
[2007/11/14 09:23:21 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\??crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Міcrosoft.NET
[2007/11/13 09:17:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\?asks) -- C:\Documents and Settings\Patty\My Documents\Τasks
[2007/11/13 09:17:08 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\?asks) -- C:\Documents and Settings\Patty\My Documents\Τasks
[2007/11/08 10:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Mіcrosoft.NET
[2007/11/08 10:33:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Mіcrosoft.NET
[2007/10/31 18:29:12 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\?racle) -- C:\Documents and Settings\Patty\Application Data\Οracle
[2007/10/31 18:29:12 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\?racle) -- C:\Documents and Settings\Patty\Application Data\Οracle
[2007/09/30 16:42:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\?ymbols) -- C:\Documents and Settings\Patty\My Documents\ѕymbols
[2007/09/30 16:42:53 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\?ymbols) -- C:\Documents and Settings\Patty\My Documents\ѕymbols
[2007/09/27 23:02:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\W?nSxS) -- C:\Documents and Settings\Patty\My Documents\WіnSxS
[2007/09/27 23:02:57 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\W?nSxS) -- C:\Documents and Settings\Patty\My Documents\WіnSxS
[2007/09/20 22:03:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\??curity) -- C:\Documents and Settings\Patty\Application Data\ѕеcurity
[2007/09/20 22:03:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\??curity) -- C:\Documents and Settings\Patty\Application Data\ѕеcurity
(C:\Documents and Settings\Patty\Application Data\?racle) -- C:\Documents and Settings\Patty\Application Data\Οracle
(C:\Documents and Settings\Patty\Application Data\??curity) -- C:\Documents and Settings\Patty\Application Data\ѕеcurity
< End of report >
musicalpulltoy
2011-03-10, 19:48
OTL Extras logfile created on: 3/10/2011 11:38:09 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Patty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 7.03 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive D: | 17.20 Gb Total Space | 17.13 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Computer Name: D1FTPKB1 | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\NETGEAR\WG111v3\WG111v3.exe" = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe:*:Enabled:NETGEAR WG111v3 Smart Wizard -- ()
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CToolbar_UNINSTALL" = Crawler Toolbar
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 1.99.1
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/6/2011 5:50:34 PM | Computer Name = D1FTPKB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 3/6/2011 5:50:34 PM | Computer Name = D1FTPKB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 3/6/2011 5:50:35 PM | Computer Name = D1FTPKB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 3/7/2011 5:39:53 PM | Computer Name = D1FTPKB1 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x7fb72c64.
Error - 3/9/2011 4:30:41 PM | Computer Name = D1FTPKB1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 3/9/2011 7:56:56 PM | Computer Name = D1FTPKB1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 3/9/2011 7:56:56 PM | Computer Name = D1FTPKB1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 3/9/2011 9:58:23 PM | Computer Name = D1FTPKB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module tbzone.dll, version 5.7.4.0, fault address 0x0012d0b5.
Error - 3/10/2011 5:58:43 AM | Computer Name = D1FTPKB1 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.
Error - 3/10/2011 2:37:28 PM | Computer Name = D1FTPKB1 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x7fb72c64.
[ System Events ]
Error - 3/8/2011 8:31:54 AM | Computer Name = D1FTPKB1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.
Error - 3/9/2011 3:53:00 PM | Computer Name = D1FTPKB1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.
Error - 3/9/2011 4:22:45 PM | Computer Name = D1FTPKB1 | Source = DCOM | ID = 10010
Description = The server {CDAFD956-97BE-443D-8EF7-F4F094EB5766} did not register
with DCOM within the required timeout.
Error - 3/9/2011 4:32:18 PM | Computer Name = D1FTPKB1 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.
Error - 3/9/2011 10:28:32 PM | Computer Name = D1FTPKB1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.
Error - 3/10/2011 6:11:45 AM | Computer Name = D1FTPKB1 | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.
Error - 3/10/2011 2:33:39 PM | Computer Name = D1FTPKB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 3/10/2011 2:33:39 PM | Computer Name = D1FTPKB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 3/10/2011 2:33:41 PM | Computer Name = D1FTPKB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 3/10/2011 2:33:41 PM | Computer Name = D1FTPKB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.
< End of report >
Hi,
I need more time to look over your OTL log and wont be back until this evening, in the meantime do this and post the new Combofix log
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OneStep Search Service"=-
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
musicalpulltoy
2011-03-10, 21:57
combofix did not run all the way through. i had to reboot to stop it. should i try again?
No, did it produce a new log ? It can be found at C:\Combofix.txt, but check the date and make sure its not the log you posted already.
Open notepad and then copy and paste the bolded lines below into Notepad.
Go to File > save as and name the file fixes.bat.
Change the Save as type to all files and save it to your desktop.
@echo off
sc stop OneStep Search Service
sc delete OneStep Search Service
Double-click on fixes.bat file to execute it.
Let me know how it went
musicalpulltoy
2011-03-10, 23:24
oh boy. every time i click c:\combofix a new c:\ folder appears. cannot get into combofix folder. the fixes.bat gives a quick cmd window flash. i did though open the new combofix.txt through edit. it has the first 6 of 7 lines as first log except zone alarm is active. turning za back on a mistake?
Your doing fine, how are things running now ? I still want to look over your last OTL log , be back soon
musicalpulltoy
2011-03-11, 04:05
its running better. thank you. have other issues that may not pertain to this forum.
Hi,
Run OTL again and post a new log.
What other issues are you having ? If there windows related I can direct you to the proper forum for help
musicalpulltoy
2011-03-11, 22:28
hi, otl only produced 1 log. issues, in the add remove programs there are no remove buttons. theres a lot of junk on this pc i want to remove (no im not doing any till we are done). it seems that some program settings are not remembered firefox and now the tabs are not visible in iexplorer though settings are set for it. an aattempt to burn windows folder has left it in "you have files ready to be burned". am unable to delete since because of files in use.
OTL logfile created on: 3/11/2011 1:43:29 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Patty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 6.42 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive D: | 17.20 Gb Total Space | 17.06 Gb Free Space | 99.22% Space Free | Partition Type: NTFS
Drive F: | 955.72 Mb Total Space | 898.11 Mb Free Space | 93.97% Space Free | Partition Type: FAT
Computer Name: D1FTPKB1 | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Patty\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - d:\69a89b8ccbec6e72b923\dotnetfx35setup.exe (Microsoft Corporation)
PRC - d:\fc4f443df70fbd3645ccef4d11\setup.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Patty\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (l8042pr2) -- C:\WINDOWS\system32\drivers\L8042Pr2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021YYUS&fl=0&ptb=mhkeqj5NvbzccEW.YsYmFg&url=http://www.ask.com/web&q={searchTerms}&l=omws&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/03/07 16:59:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/10 22:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/10 22:29:54 | 000,000,000 | ---D | M]
[2011/03/08 00:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patty\Application Data\Mozilla\Extensions
[2011/03/09 15:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Profiles\m6xkyaay.default\extensions
[2011/03/09 15:41:14 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Profiles\m6xkyaay.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/03/08 00:33:25 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Profiles\m6xkyaay.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/03/09 15:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 15:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/07 16:59:47 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2009/07/18 15:47:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/03/10 03:12:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\Patty\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe (Crawler.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.carswallpapers.net/images/300/11635302047633..jpg
O24 - Desktop Components:1 () - http://www.carswallpapers.net/images/300/11635257666175..jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/10 12:32:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/10 12:31:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/10 11:34:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2011/03/10 02:45:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/10 02:40:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/10 02:40:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/10 02:40:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/10 02:40:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/10 02:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/09 20:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/09 16:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Desktop\tdsskiller
[2011/03/09 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\Malwarebytes
[2011/03/09 12:40:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/09 12:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/09 12:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/09 12:39:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/09 12:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/09 12:37:12 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patty\Desktop\mbam-setup.exe
[2011/03/09 12:24:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Patty\Desktop\ATF-Cleaner.exe
[2011/03/08 13:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/08 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/08 13:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/08 13:50:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Patty\Desktop\erunt-setup.exe
[2011/03/08 01:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Conduit
[2011/03/08 01:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Yahoo
[2011/03/08 01:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\Downloads
[2011/03/08 01:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/03/08 00:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\ZoneAlarm_Security
[2011/03/08 00:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\ForceField Shared Files
[2011/03/08 00:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Mozilla
[2011/03/08 00:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\Mozilla
[2011/03/08 00:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\CheckPoint
[2011/03/07 20:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/03/07 20:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/03/07 16:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/07 16:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011/03/07 16:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/03/07 16:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/03/07 16:19:36 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/03/07 16:19:33 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/03/07 16:19:33 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/03/07 16:19:24 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/03/07 16:19:23 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/03/07 16:19:23 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/03/07 16:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/03/07 16:19:22 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/03/07 16:19:22 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/03/07 16:19:20 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/03/07 16:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/03/07 16:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/03/07 16:17:59 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/03/07 16:17:59 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/03/07 16:17:59 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/03/07 15:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/03/07 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/07 15:53:06 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/07 15:53:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/07 15:53:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/07 15:53:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/07 15:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/07 14:58:46 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/03/07 14:58:45 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/03/07 14:58:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/03/07 14:57:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/03/07 14:55:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/03/07 13:05:24 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2011/03/07 13:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WG111v3 Smart Wizard
[2011/03/07 12:51:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2011/03/07 12:51:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/03/06 23:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/03/06 21:03:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IECompatCache
[2011/03/05 07:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\oooooooooooo
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/11 13:59:37 | 000,000,210 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/11 13:54:00 | 000,408,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/11 13:54:00 | 000,064,872 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 23:08:18 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Patty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 17:33:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/10 16:14:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/10 16:13:00 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/10 16:12:58 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/10 16:10:19 | 000,004,597 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\latest res 2-2011.rtf
[2011/03/10 16:06:47 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/03/10 15:17:55 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\fixes.bat
[2011/03/10 12:31:11 | 004,284,908 | R--- | M] () -- C:\Documents and Settings\Patty\Desktop\ComboFix.exe
[2011/03/10 11:34:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2011/03/10 03:12:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/10 03:01:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/10 02:45:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/10 02:18:44 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\airg.rtf
[2011/03/09 22:43:49 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\airg.rtf
[2011/03/09 16:55:15 | 001,261,440 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2011/03/09 13:27:21 | 000,421,443 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/09 12:40:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 12:38:51 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patty\Desktop\mbam-setup.exe
[2011/03/09 12:24:35 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Patty\Desktop\ATF-Cleaner.exe
[2011/03/08 14:06:10 | 000,002,072 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\Attach.zip
[2011/03/08 13:56:22 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\dds.scr
[2011/03/08 13:52:38 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Patty\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 13:52:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\ERUNT.lnk
[2011/03/08 13:51:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Patty\Desktop\erunt-setup.exe
[2011/03/08 05:16:09 | 000,012,830 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/08 00:22:00 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/07 20:08:56 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/03/07 16:19:39 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/07 16:12:19 | 000,004,808 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/03/07 16:12:19 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\C6D8B39C0F.sys
[2011/03/07 15:07:53 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/07 13:05:11 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/07 13:05:10 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/06 22:01:13 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/10 16:10:19 | 000,004,597 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\latest res 2-2011.rtf
[2011/03/10 16:06:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/03/10 15:01:54 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\fixes.bat
[2011/03/10 02:45:22 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/03/10 02:45:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/10 02:40:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/10 02:40:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/10 02:40:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/10 02:40:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/10 02:40:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/10 02:34:56 | 004,284,908 | R--- | C] () -- C:\Documents and Settings\Patty\Desktop\ComboFix.exe
[2011/03/09 22:44:08 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\airg.rtf
[2011/03/09 20:05:15 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\airg.rtf
[2011/03/09 16:55:14 | 001,261,440 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2011/03/09 12:40:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/08 14:06:10 | 000,002,072 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\Attach.zip
[2011/03/08 13:56:18 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\dds.scr
[2011/03/08 13:52:38 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Patty\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 13:52:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\ERUNT.lnk
[2011/03/07 20:08:56 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/03/07 16:19:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/07 16:19:20 | 000,421,443 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/07 15:07:53 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/07 13:05:10 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/07 13:05:10 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/05 05:21:53 | 526,843,904 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/15 05:49:53 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/31 09:34:50 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSosvd.dat
[2008/01/11 02:22:19 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2008/01/11 01:58:50 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/12/28 13:26:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/12/19 02:13:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/12/19 02:13:16 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/12/19 02:12:58 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/12/07 07:07:48 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/15 13:03:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wintisv.exe
[2007/09/14 00:50:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/04 21:47:03 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/06/26 18:29:43 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2007/06/26 18:29:43 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2007/05/31 11:57:48 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\Patty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/27 18:20:15 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\XLATWW32.BIN
[2007/05/27 18:16:58 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[2007/05/27 18:16:58 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[2007/05/23 17:57:41 | 000,000,080 | -HS- | C] () -- C:\WINDOWS\System32\C6D8B39C0F.dll
[2006/10/27 05:18:03 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Patty\Application Data\PFP120JPR.{PB
[2006/10/27 05:18:03 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Patty\Application Data\PFP120JCM.{PB
[2006/10/27 05:17:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C6D8B39C0F.sys
[2006/08/09 19:07:05 | 000,000,088 | -HS- | C] () -- C:\WINDOWS\System32\0F9CB3D8C6.sys
[2006/08/09 19:07:04 | 000,004,808 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/09 17:05:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Patty\Local Settings\Application Data\fusioncache.dat
[2006/08/02 08:14:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/02 08:01:50 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/02 07:59:56 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/02 07:55:46 | 000,012,830 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/02 07:54:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/02 07:13:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/02 07:12:50 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/02 07:10:37 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:48:31 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,187,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/08/16 02:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 02:18:33 | 000,403,850 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,063,936 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 08:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
========== LOP Check ==========
[2008/09/09 14:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/06/23 18:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/11/26 08:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/11 03:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/08/02 07:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/27 16:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/11/26 09:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2008/11/02 13:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/03/08 00:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\CheckPoint
[2008/09/09 14:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\iWin
[2007/10/06 11:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Leadertech
[2008/05/11 21:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\LimeWire
[2011/03/10 03:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Logs
[2009/05/03 09:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\MSNInstaller
[2007/06/25 20:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Opera
[2008/06/23 18:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\PlayFirst
[2007/05/01 20:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\Viewpoint
[2007/05/27 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patty\Application Data\WildTangent
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2007/11/14 09:23:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\??crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Міcrosoft.NET
[2007/11/14 09:23:21 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\??crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Міcrosoft.NET
[2007/11/13 09:17:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\?asks) -- C:\Documents and Settings\Patty\My Documents\Τasks
[2007/11/13 09:17:08 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\?asks) -- C:\Documents and Settings\Patty\My Documents\Τasks
[2007/11/08 10:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Mіcrosoft.NET
[2007/11/08 10:33:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Patty\My Documents\Mіcrosoft.NET
[2007/10/31 18:29:12 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\?racle) -- C:\Documents and Settings\Patty\Application Data\Οracle
[2007/10/31 18:29:12 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\?racle) -- C:\Documents and Settings\Patty\Application Data\Οracle
[2007/09/30 16:42:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\?ymbols) -- C:\Documents and Settings\Patty\My Documents\ѕymbols
[2007/09/30 16:42:53 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\?ymbols) -- C:\Documents and Settings\Patty\My Documents\ѕymbols
[2007/09/27 23:02:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\My Documents\W?nSxS) -- C:\Documents and Settings\Patty\My Documents\WіnSxS
[2007/09/27 23:02:57 | 000,000,000 | ---D | C](C:\Documents and Settings\Patty\My Documents\W?nSxS) -- C:\Documents and Settings\Patty\My Documents\WіnSxS
[2007/09/20 22:03:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\??curity) -- C:\Documents and Settings\Patty\Application Data\ѕеcurity
[2007/09/20 22:03:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Patty\Application Data\??curity) -- C:\Documents and Settings\Patty\Application Data\ѕеcurity
(C:\Documents and Settings\Patty\Application Data\?racle) -- C:\Documents and Settings\Patty\Application Data\Οracle
(C:\Documents and Settings\Patty\Application Data\??curity) -- C:\Documents and Settings\Patty\Application Data\ѕеcurity
< End of report >
Hi,
You have a few things that need to be removed. Crawler Toolbar, if you don't use or need this than uninstall it via Add Remove Programs in the Control Panel.
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
:Services
:Reg
:Files
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
musicalpulltoy
2011-03-11, 23:31
ok, something triggered zone alarm to repetedly ask to configure network. i ok it and it it pops up asking same. removing crawler asked to reboot and i clicked ok but the screen saver uninstall froze.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Documents and Settings\Patty\My Documents\Mіcrosoft.NET folder moved successfully.
C:\Documents and Settings\Patty\My Documents\Міcrosoft.NET folder moved successfully.
C:\Documents and Settings\Patty\My Documents\ѕymbols folder moved successfully.
C:\Documents and Settings\Patty\My Documents\Τasks folder moved successfully.
C:\Documents and Settings\Patty\My Documents\WіnSxS folder moved successfully.
C:\Documents and Settings\Patty\Application Data\Οracle folder moved successfully.
C:\Documents and Settings\Patty\Application Data\ѕеcurity folder moved successfully.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59717501 bytes
->Flash cache emptied: 871 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 2054616 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes
User: MATT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 7442831 bytes
->Flash cache emptied: 3673 bytes
User: MATT.D1FTPKB1
User: NetworkService
->Temp folder emptied: 1987480 bytes
->Temporary Internet Files folder emptied: 582082 bytes
User: Patty
->Temp folder emptied: 6226904 bytes
->Temporary Internet Files folder emptied: 10043143 bytes
->Java cache emptied: 150796098 bytes
->FireFox cache emptied: 82873595 bytes
->Flash cache emptied: 1477835 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22613448 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12966422 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 4506256 bytes
Total Files Cleaned = 347.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03112011_151800
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF1F0A.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF1F6E.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2114.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2124.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2234.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2244.tmp not found!
C:\Documents and Settings\Patty\Local Settings\Temp\~DF6D16.tmp moved successfully.
C:\Documents and Settings\Patty\Local Settings\Temporary Internet Files\Content.IE5\LFYP4LWE\df949936-2850-4e26-af65-c14d91c5c48b[1].htm moved successfully.
C:\Documents and Settings\Patty\Local Settings\Temporary Internet Files\Content.IE5\9L0IU10R\showthread[6].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT00328.TMP not found!
Registry entries deleted on Reboot...
musicalpulltoy
2011-03-11, 23:35
oh, tabs returned to iexplorer. sometimes i just want to scream.
Windows is a funny animal sometimes :lip:
How are things running now ?
musicalpulltoy
2011-03-12, 00:51
its running pretty fast. but that zone alarm popup insist on being there. fill in the tiks but it comes right back.
Tell me exactly what the ZA pop up is saying , give me as much detail as you can
Is this what your referring to
http://www.help2go.com/forum/computer-help/103583-zonealarm-nag-popups.html
http://forums.zonealarm.com/showthread.php?t=72940
musicalpulltoy
2011-03-12, 03:10
ok. it did every start up before. but would go away. its the new network found box. "zone alarm has found a new connectoin between your computer and the internet or another computer" option 1) please selecta security level for this network. [x]keep in internet zone:for use with public or questionable access points
[]allow into trusted zone: for trusted, secure locations only
2) name this network (optional)
[x]automaticlly configure this network if i add it to the trusted zone
the [x] are what i used before when it would go away
(ive tried other tik options)
the ip its showing 192.168.1.0 is not the correct ip (192.168.1.1)
type: private wireless network detected.
if i cancel it a second smaller popup
zona alarm security alert
za has detected a new wireless network with ip (192.168.1.0/255.255.255.0) and added it to the internet zone.
name this network (optional)
name:______
to share files and assets with this network, assign it to the trustedzone.
zone______
any choices here, just brings up first box. i am useing a neighbors router to access internet. netgear.
This is what I would do. This forum is for malware removal only and your clean now so you need to post in one of these other forums for help with Zone Alarm and or your network issue.
Like Safer these forums are free but you will have to register
http://forums.zonealarm.com/index.php
http://forums.whatthetech.com/index.php?showforum=128
When you get that straightened out you can post in WTTs windows forum and they can help you sort through your start ups and weed out unwanted programs
http://forums.whatthetech.com/index.php?showforum=119
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken
musicalpulltoy
2011-03-12, 14:20
ok. ill check them out. thank you very much for your help.
musicalpulltoy
2011-03-13, 10:17
nope. AVG says i have whoiscl.exe in that attempted windows burn.
musicalpulltoy
2011-03-13, 12:07
trojan horse generic12.blhl
I am sure its ok but we can check it
http://answers.yahoo.com/question/index?qid=20071218201954AAh3KWz
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\WINDOWS\system32\WhoisCL.exe
If the site is busy you can try this one
http://virusscan.jotti.org/en
musicalpulltoy
2011-03-13, 13:44
avg has apperentlly dispacthed of these files.
musicalpulltoy
2011-03-13, 21:57
AVG anti virus deleted them. i ran it again and came up clean. lets see what spybot will say.
musicalpulltoy
2011-03-13, 23:28
clean spybot. compared to the first run before this was stored of 500, id say we're good. :thanks:
Great :bigthumb:
You had many infections on this system, got to watch those kids , they all think there infallible.
Take Care,
Ken :)