 help think im infected |
Forum Rules
Greetings,
Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum
Failure to follow these instructions will only result in delays of the cleaning and removal process.
If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.
Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.
Thank You
 Nov 1 2009, 09:30 PM
Post
#1
|
|
|
Adv. Member  Group: Active Members Posts: 95 Joined: 27-April 04 Member No.: 7311  |
i ran spybot, adaware,mcafee
My computer works very sluggish i ran the above programs it started to work ok then sluggish again the comp works extremely sluggish especially when i play a java based game called texas holdem ** Game for big ones ** on facebook here are my logs Malwarebytes' Anti-Malware 1.41 Database version: 3050 Windows 5.1.2600 Service Pack 3 11/1/2009 3:55:35 PM mbam-log-2009-11-01 (15-55-35).txt Scan type: Quick Scan Objects scanned: 103402 Time elapsed: 27 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL Extras logfile created on: 11/1/2009 4:10:57 PM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = D:\PROGRAMS Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.69% Memory free 3.72 Gb Paging File | 2.95 Gb Available in Paging File | 79.24% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 62.83 Gb Total Space | 48.36 Gb Free Space | 76.97% Space Free | Partition Type: NTFS Drive D: | 48.84 Gb Total Space | 0.88 Gb Free Space | 1.80% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TSTT-E1BF0EC990 Current User Name: enterprisoperations Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb Application -- File not found "C:\Documents and Settings\enterprisoperations\Desktop\allfours.exe" = C:\Documents and Settings\enterprisoperations\Desktop\allfours.exe:*:Enabled:allfours -- () "C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:Orb -- File not found "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Nortel Networks\i2050SoftwarePhone\i2050srv.mod" = C:\Program Files\Nortel Networks\i2050SoftwarePhone\i2050srv.mod:*:Enabled:serversoftphone -- (Nortel Networks) "C:\Nortel\CallPilot\AppBuilder\bin\nmvclui.exe" = C:\Nortel\CallPilot\AppBuilder\bin\nmvclui.exe:*:Enabled:AppBuilder Application -- (Nortel Networks) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06DD140B-AA3D-4BD4-84B9-217897127DC6}" = Nortel Networks i2050 Software Phone "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14 "{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{54DE2887-419F-4A8A-A50E-0B2BF9CBCDA3}" = CallPilot Application Builder "{56BED62F-278A-407B-8BCD-E645EC96D2ED}" = Roxio Media Manager "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{636F5444-8C7C-40C6-A89B-A1D2F01DC7F6}" = ATI Catalyst Control Center "{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade "{7C658312-F44D-47C0-A705-6BA6C436D3F8}" = BCM Monitor "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{970A065A-0295-4BB2-9D12-391A52082EAB}" = TSTT Wireless Broadband (CCU-550) "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{D31F958E-7353-4DEB-83E8-35B02F2EE20A}" = Wave Infrastructure Installer "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0 "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}" = MSN Toolbar "{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi "840EF3FB8C7BFBB007E46E18F107E8CC6DD522EA" = Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0) "Active Desktop Calendar_is1" = Active Desktop Calendar 7.6 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "All ATI Software" = ATI - Software Uninstall Utility "Ask Toolbar_is1" = Ask Toolbar "ATI Display Driver" = ATI Display Driver "Autorun Eater_is1" = Autorun Eater v2.3 "BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "Bubble Bobble The New Adventure" = Bubble Bobble The New Adventure "CHM To PDF PRO_is1" = CHM To PDF Converter PRO "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "Error Repair Professional_is1" = Error Repair Professional version 4.0.6 "FEE324BF-8492-4DFC-813E-2B3F2B1947A8" = Voip Development Kit "Helmsman 4.4.1" = Helmsman 4.4.1 "Hide-IP-Browser_is1" = Hide-IP-Browser 1.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9 "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "LimeWire" = LimeWire 4.18.8 "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero 9 Lite_is1" = Nero 9.0.9.4 Lite "Nortel Business Element Manager" = Nortel Business Element Manager "SpeedBit Video Downloader" = SpeedBit Video Downloader "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "Visual MP3 Splitter & Joiner Update trial to full_is1" = Visual MP3 Splitter & Joiner 6.0 "VLC media player" = VLC media player 0.9.8a "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinPcapInst" = WinPcap 4.0.2 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "X-Wave MP3 Cutter Joiner" = X-Wave MP3 Cutter Joiner 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "Folder Lock" = Folder Lock "SmartDraw 2007" = SmartDraw 2007 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/27/2009 6:52:36 PM | Computer Name = TSTT-E1BF0EC990 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/28/2009 9:30:40 AM | Computer Name = TSTT-E1BF0EC990 | Source = Application Hang | ID = 1002 Description = Hanging application winamp.exe, version 5.5.4.2165, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/28/2009 9:30:56 AM | Computer Name = TSTT-E1BF0EC990 | Source = Application Hang | ID = 1002 Description = Hanging application winamp.exe, version 5.5.4.2165, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/28/2009 8:05:43 PM | Computer Name = TSTT-E1BF0EC990 | Source = Application Hang | ID = 1002 Description = Hanging application AcroRd32.exe, version 7.0.8.218, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/28/2009 8:13:06 PM | Computer Name = TSTT-E1BF0EC990 | Source = Application Error | ID = 1000 Description = Faulting application vprotray.exe, version 14.0.0.24815, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 10/29/2009 6:13:46 AM | Computer Name = TSTT-E1BF0EC990 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 10/29/2009 7:00:24 PM | Computer Name = TSTT-E1BF0EC990 | Source = Norton Ghost | ID = 100 Description = Error EC8F17B7: Cannot create recovery points for job: My Computer Backup. Error EC8F03FE: Cannot read the properties of the job. Error EC8F1F62: Cannot find external device 'MY PASSPORT'. Details: The system cannot find the path specified. Source: Norton Ghost Error - 10/29/2009 10:20:34 PM | Computer Name = TSTT-E1BF0EC990 | Source = MsiInstaller | ID = 11714 Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612. Error - 10/31/2009 10:06:50 AM | Computer Name = TSTT-E1BF0EC990 | Source = McLogEvent | ID = 259 Description = The scan found detections. Scan engine version 5301.4018 DAT version 5787. Error - 11/1/2009 8:38:17 AM | Computer Name = TSTT-E1BF0EC990 | Source = McLogEvent | ID = 259 Description = The scan found detections. Scan engine version 5301.4018 DAT version 5788. [ System Events ] Error - 10/23/2009 6:36:47 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 10/23/2009 6:36:47 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 10/23/2009 6:42:30 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 10/23/2009 6:42:30 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 10/23/2009 6:57:30 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 10/23/2009 6:57:30 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 10/23/2009 7:17:20 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 10/23/2009 7:17:20 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 10/23/2009 7:32:22 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 10/23/2009 7:32:22 PM | Computer Name = TSTT-E1BF0EC990 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. < End of report > OTL logfile created on: 11/1/2009 4:10:57 PM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = D:\PROGRAMS Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.69% Memory free 3.72 Gb Paging File | 2.95 Gb Available in Paging File | 79.24% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 62.83 Gb Total Space | 48.36 Gb Free Space | 76.97% Space Free | Partition Type: NTFS Drive D: | 48.84 Gb Total Space | 0.88 Gb Free Space | 1.80% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TSTT-E1BF0EC990 Current User Name: enterprisoperations Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/10/29 07:36:50 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/10/29 06:16:53 | 00,788,368 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/10/29 06:16:45 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/10/28 21:40:15 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\PROGRAMS\OTL.exe PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/07/01 23:12:46 | 00,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe PRC - [2009/06/10 07:28:58 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2009/05/27 22:30:59 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008/11/27 02:27:58 | 00,370,032 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe PRC - [2008/11/27 02:19:54 | 00,501,768 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe PRC - [2008/09/29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2008/08/03 19:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2008/01/19 20:01:08 | 02,245,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe PRC - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe PRC - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\StacSV.exe PRC - [2007/03/28 21:54:20 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2007/03/16 18:10:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe PRC - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE PRC - [2007/03/16 18:10:42 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe PRC - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2007/02/22 20:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE PRC - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2007/01/30 15:32:42 | 00,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe PRC - [2007/01/22 11:53:02 | 00,212,992 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe PRC - [2006/12/19 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2006/12/19 11:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2006/12/19 11:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE PRC - [2005/07/18 15:23:14 | 00,208,896 | ---- | M] (CMOTECH) -- C:\Program Files\TSTT\CCU550\Bin\CMTNF5500D.exe PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe ========== Win32 Services (SafeList) ========== SRV - [2009/10/29 06:16:45 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running]) SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2009/05/27 22:30:57 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008/11/10 12:27:50 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped]) SRV - [2008/11/10 12:27:46 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped]) SRV - [2008/11/10 12:27:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped]) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running]) SRV - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService [On_Demand | Running]) SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped]) SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped]) SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped]) SRV - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\StacSV.exe -- (STacSV [Auto | Running]) SRV - [2007/03/28 21:54:20 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running]) SRV - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Unknown | Running]) SRV - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running]) SRV - [2007/01/29 21:59:58 | 00,487,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped]) SRV - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running]) SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2003/07/28 08:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2009/09/23 08:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running]) DRV - [2009/07/17 03:21:43 | 00,035,363 | ---- | M] () -- C:\WINDOWS\System32\windrvNT.sys -- (windrvNT [Auto | Running]) DRV - [2009/01/09 16:18:02 | 00,027,136 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running]) DRV - [2008/05/20 18:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped]) DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008/01/19 20:12:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped]) DRV - [2008/01/19 19:45:40 | 00,038,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\v2imount.sys -- (v2imount [Auto | Running]) DRV - [2008/01/19 19:40:16 | 00,015,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped]) DRV - [2008/01/19 19:31:38 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2007/12/20 17:13:54 | 00,136,416 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap [Boot | Running]) DRV - [2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running]) DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2007/03/28 22:02:20 | 01,975,808 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2007/02/22 20:50:00 | 00,170,408 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running]) DRV - [2007/02/16 15:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running]) DRV - [2006/11/30 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running]) DRV - [2006/11/30 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running]) DRV - [2006/11/30 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running]) DRV - [2006/11/30 08:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running]) DRV - [2006/11/02 18:47:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running]) DRV - [2006/11/02 18:47:00 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running]) DRV - [2006/11/02 18:46:56 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running]) DRV - [2006/08/28 15:00:44 | 00,019,968 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV [Boot | Running]) DRV - [2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2006/06/19 13:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) DRV - [2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped]) DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running]) ========== Modules (SafeList) ========== MOD - [2009/10/28 21:40:15 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\PROGRAMS\OTL.exe MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll MOD - [2007/01/30 15:31:50 | 00,286,720 | ---- | M] () -- C:\WINDOWS\System32\wxvault.dll MOD - [2007/01/30 15:30:30 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\detoured.dll ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.phazemp3.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://search.speedbit.com/" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15 FF - prefs.js..keyword.URL: "http://search.speedbit.com/searchresults.asp?src=default&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/31 03:00:26 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 07:36:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 07:36:55 | 00,000,000 | ---D | M] [2009/06/02 13:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\mozilla\Extensions [2009/06/02 13:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/01 07:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\mozilla\Firefox\Profiles\pgw9ptsm.default\extensions [2009/08/31 05:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\mozilla\Firefox\Profiles\pgw9ptsm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/10/09 22:39:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\mozilla\Firefox\Profiles\pgw9ptsm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/06/10 07:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\mozilla\Firefox\Profiles\pgw9ptsm.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/11/01 07:26:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/10/29 07:36:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/06/04 01:52:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/11 08:22:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/10/04 21:07:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/10/29 07:36:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/10/29 07:36:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/10/29 07:36:52 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/08/30 05:55:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/08/30 05:55:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/08/30 05:55:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/08/30 05:55:16 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/08/30 05:55:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/08/30 05:55:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/08/30 05:55:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.) O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.) O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll () O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm) O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.) O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.) O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.) O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [TSTTCCU_550] C:\Program Files\TSTT\CCU550\Bin\CMTNF5500D.exe (CMOTECH) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.) O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/24 10:17:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\start.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [2009/10/29 06:13:25 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/03 07:16:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cerience [2009/10/10 12:08:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2009/10/29 06:13:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/10/22 22:41:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/31 07:21:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/10/03 07:25:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio [2009/10/03 07:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic [2009/10/28 23:29:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/10/28 22:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Application Data\AVG8 [2009/10/28 21:34:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Application Data\Malwarebytes [2009/10/10 18:05:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Application Data\Mobipocket [2009/10/03 07:39:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Application Data\Research In Motion [1 C:\Documents and Settings\enterprisoperations\My Documents\*.tmp files] [2009/10/31 07:20:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2009/10/03 07:16:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion [2009/10/03 07:25:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared [2009/10/10 12:14:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared [2009/10/03 07:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\Cerience [2009/10/19 12:10:50 | 00,000,000 | ---D | C] -- C:\Program Files\Error Repair Professional [2009/10/17 21:13:12 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry [2009/10/29 06:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009/10/28 21:34:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/31 07:20:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee [2009/10/10 18:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com [2009/10/03 07:16:11 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion [2009/10/10 12:14:10 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio [2009/10/28 23:29:18 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009/10/17 21:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Voip Development Kit [2009/10/31 21:41:51 | 00,000,000 | ---D | C] -- C:\Program Files\vSoft [2009/10/31 21:42:18 | 00,000,000 | ---D | C] -- C:\Downloads [2009/10/31 07:20:55 | 00,034,152 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2009/10/31 07:20:54 | 00,072,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2009/10/31 07:20:54 | 00,064,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys [2009/10/31 07:20:54 | 00,052,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys [2009/10/31 07:20:53 | 00,170,408 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys [2009/10/29 06:22:43 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/10/29 06:22:38 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2009/10/25 18:59:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Desktop\Anthony Hamilton - The Point Of It All (2008) [2009/10/23 00:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Desktop\New Folder (3) [2009/10/22 22:41:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/20 21:00:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/20 20:56:05 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\enterprisoperations\Desktop\hh.exe [2009/10/20 17:57:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Desktop\BeamBerry41 [2009/10/20 06:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Desktop\New Folder (4) [2009/10/18 08:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Desktop\New Folder (2) [2009/10/18 08:12:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Desktop\dtg [2009/10/17 15:38:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\svc [2009/10/10 18:05:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\My Documents\My eBooks [2009/10/10 12:13:48 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL [2009/10/05 18:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\enterprisoperations\Desktop\theme [2009/10/04 21:07:15 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/04 21:07:14 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/04 21:07:14 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/03 07:17:18 | 00,027,136 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [8 C:\WINDOWS\*.tmp files] [1 C:\Documents and Settings\enterprisoperations\My Documents\*.tmp files] [2009/11/01 15:26:00 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2009/11/01 14:40:52 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/01 14:38:06 | 00,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job [2009/11/01 14:37:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/01 14:36:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/01 14:36:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2009/10/31 21:45:02 | 00,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rapidshare Auto Downloader.lnk [2009/10/29 23:15:16 | 53,806,976 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\_Naruto_Shippuuden_133.mp4 [2009/10/29 06:22:35 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2009/10/29 06:22:21 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009/10/29 06:13:23 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/28 23:29:23 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\Spybot - Search & Destroy.lnk [2009/10/28 21:34:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/28 17:25:29 | 01,074,040 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\CST_2007_Midterm_Solution.pdf [2009/10/28 17:22:49 | 00,119,189 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\MATLAB_Tutorial_Makeup.pdf [2009/10/28 13:20:41 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/28 10:36:06 | 55,875,005 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\Bleach - 243 - One-To-One Fight! Ichigo Vs. Senbonzakura.mkv [2009/10/27 07:18:43 | 00,106,677 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\Lab_1_and_Tutorial_Schedule_2009-2010.pdf [2009/10/26 19:51:51 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2009/10/23 13:38:18 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\My Documents\spider.sav [2009/10/23 00:22:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\trjsetup681.exe.dap [2009/10/22 23:57:23 | 00,660,015 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\IENG3004_Lecture_6_09-10_S1.pdf [2009/10/20 20:58:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\SecurityCheck.exe.dap [2009/10/20 20:58:33 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\enterprisoperations\Desktop\hh.exe [2009/10/20 20:58:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\OTL.exe.dap [2009/10/20 20:44:59 | 00,105,955 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\equipment_management_7-03.pdf [2009/10/20 20:09:10 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2009/10/19 20:01:54 | 00,018,293 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\tstt.ht [2009/10/16 23:03:17 | 01,768,302 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\GUIDELINES%20FOR%20SPECIAL%20PROJECTS.pdf [2009/10/16 22:57:51 | 00,071,141 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\GUIDELINES%20FOR%20PREPARING%20AND%20WRITING%20A%20FINAL%20YEAR%20RESEARCH%20PROJECT%20(Word).pdf [2009/10/16 22:56:17 | 00,132,224 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\UNDERGRADUATE%20STUDENT%20GUIDE.pdf [2009/10/16 22:53:25 | 00,344,084 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\PRELIMINARY%20PRESENTATION%20BY%20ADRIAN%20NEMHARD.pdf [2009/10/16 19:57:15 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\~$rk Fraser.doc [2009/10/10 18:05:30 | 00,002,547 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\Mobipocket Reader.lnk [2009/10/10 16:55:45 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\enterprisoperations\Desktop\~$ReadMe.rtf [2009/10/10 11:59:07 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk [2009/10/07 21:20:59 | 03,176,084 | -H-- | M] () -- C:\Documents and Settings\enterprisoperations\Local Settings\Application Data\IconCache.db [2009/10/05 00:29:11 | 01,088,316 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\My Documents\ip.sdr [2009/10/04 20:56:59 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2009/10/03 07:39:14 | 00,035,240 | ---- | M] () -- C:\Documents and Settings\enterprisoperations\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/10/03 07:32:11 | 00,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files - No Company Name ========== [2009/10/31 21:41:52 | 00,002,527 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rapidshare Auto Downloader.lnk [2009/10/31 07:21:15 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2009/10/30 23:31:06 | 53,806,976 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\_Naruto_Shippuuden_133.mp4 [2009/10/29 07:17:43 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/10/29 06:23:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/29 06:13:23 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/28 23:29:23 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\Spybot - Search & Destroy.lnk [2009/10/28 21:09:22 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2009/10/28 21:09:22 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2009/10/28 21:09:21 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2009/10/28 21:09:21 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2009/10/28 21:09:21 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2009/10/28 21:09:20 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2009/10/28 21:09:20 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2009/10/28 21:09:20 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2009/10/28 21:09:19 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2009/10/28 21:09:19 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2009/10/28 21:09:19 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2009/10/28 21:09:18 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2009/10/28 21:09:18 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2009/10/28 21:09:18 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2009/10/28 21:09:17 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2009/10/28 21:09:17 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2009/10/28 21:09:16 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2009/10/28 21:09:16 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2009/10/28 21:09:16 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2009/10/28 21:09:15 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2009/10/28 21:09:15 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2009/10/28 21:09:14 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2009/10/28 21:09:14 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2009/10/28 21:09:14 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2009/10/28 17:25:29 | 01,074,040 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\CST_2007_Midterm_Solution.pdf [2009/10/28 17:22:49 | 00,119,189 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\MATLAB_Tutorial_Makeup.pdf [2009/10/28 10:36:06 | 55,875,005 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\Bleach - 243 - One-To-One Fight! Ichigo Vs. Senbonzakura.mkv [2009/10/27 07:18:43 | 00,106,677 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\Lab_1_and_Tutorial_Schedule_2009-2010.pdf [2009/10/23 13:38:18 | 00,000,372 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\My Documents\spider.sav [2009/10/23 00:22:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\trjsetup681.exe.dap [2009/10/22 23:57:23 | 00,660,015 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\IENG3004_Lecture_6_09-10_S1.pdf [2009/10/22 22:41:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/20 20:58:34 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\SecurityCheck.exe.dap [2009/10/20 20:58:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\OTL.exe.dap [2009/10/20 20:45:02 | 00,105,955 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\equipment_management_7-03.pdf [2009/10/16 23:03:16 | 01,768,302 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\GUIDELINES%20FOR%20SPECIAL%20PROJECTS.pdf [2009/10/16 22:57:51 | 00,071,141 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\GUIDELINES%20FOR%20PREPARING%20AND%20WRITING%20A%20FINAL%20YEAR%20RESEARCH%20PROJECT%20(Word).pdf [2009/10/16 22:56:17 | 00,132,224 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\UNDERGRADUATE%20STUDENT%20GUIDE.pdf [2009/10/16 22:53:25 | 00,344,084 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\PRELIMINARY%20PRESENTATION%20BY%20ADRIAN%20NEMHARD.pdf [2009/10/16 19:57:15 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\~$rk Fraser.doc [2009/10/10 18:05:01 | 00,002,547 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\Mobipocket Reader.lnk [2009/10/10 16:55:45 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\~$ReadMe.rtf [2009/10/10 11:59:07 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk [2009/10/05 00:29:10 | 01,088,316 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\My Documents\ip.sdr [2009/10/03 07:39:37 | 00,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2009/10/03 07:13:58 | 04,958,540 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Desktop\setup_repligo2.0_s60.exe [2009/07/13 21:58:31 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009/07/07 10:18:05 | 00,055,296 | ---- | C] () -- C:\WINDOWS\System32\HAESvr.dll [2009/07/05 17:51:16 | 00,163,840 | ---- | C] () -- C:\WINDOWS\PKillProcess.dll [2009/07/02 11:29:57 | 00,001,050 | ---- | C] () -- C:\WINDOWS\SHOWNTEL.INI [2009/06/04 07:56:09 | 00,000,436 | ---- | C] () -- C:\WINDOWS\Hide-IP-Browser.INI [2009/05/31 02:31:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll [2009/05/31 01:35:13 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/30 20:23:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/05/28 13:31:53 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys [2009/05/28 07:09:22 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll [2009/05/28 07:08:10 | 01,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll [2009/05/28 07:06:25 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll [2009/05/28 07:06:25 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll [2009/05/27 22:23:05 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2009/05/27 22:23:04 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2009/05/27 22:05:00 | 03,176,084 | -H-- | C] () -- C:\Documents and Settings\enterprisoperations\Local Settings\Application Data\IconCache.db [2009/05/27 21:59:28 | 00,035,240 | ---- | C] () -- C:\Documents and Settings\enterprisoperations\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/05/24 10:23:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\enterprisoperations\Application Data\desktop.ini [2009/05/24 06:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2007/11/06 16:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/01/31 20:16:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll [2007/01/31 20:11:14 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll [2007/01/31 20:08:44 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll [2007/01/31 20:08:36 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll [2007/01/31 20:08:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll [2007/01/31 20:08:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll [2007/01/31 20:08:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll [2007/01/31 20:08:00 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll [2007/01/31 20:07:50 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll [2007/01/31 20:07:42 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll [2007/01/31 20:07:34 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll [2007/01/31 20:07:24 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll [2007/01/31 13:09:46 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll [2007/01/31 13:09:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll [2007/01/31 13:09:06 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll [2007/01/31 13:08:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll [2007/01/31 13:08:26 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll [2007/01/31 13:08:06 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll [2007/01/31 13:07:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll [2007/01/31 13:07:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll [2007/01/31 13:07:04 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll [2007/01/31 13:06:46 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll [2007/01/30 15:31:50 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll [2007/01/30 15:30:30 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll [2007/01/02 09:14:20 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll [2006/08/14 11:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll [2004/09/10 12:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll [2004/09/10 12:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll [2004/08/04 06:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/04 06:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2004/03/19 14:13:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\etherui.dll [2003/01/07 11:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009/11/01 16:04:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/10/29 06:13:25 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/03 07:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cerience [2009/05/28 06:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems [2009/10/10 12:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio [2009/10/23 00:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2009/06/01 12:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/05/28 07:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp [2009/05/27 23:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/11/01 16:04:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\enterprisoperations\Application Data [2009/10/28 01:40:51 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\enterprisoperations\Application Data\.# [2009/05/31 01:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\ATI [2009/06/17 16:33:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\BitTorrent [2009/06/02 13:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\DAEMON Tools Pro [2009/11/01 16:07:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\DNA [2009/07/26 12:47:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\dvdcss [2009/11/01 04:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\LimeWire [2009/10/10 18:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\Mobipocket [2009/10/03 07:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\Research In Motion [2009/07/13 21:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\SmartDraw [2009/11/01 07:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\Wave Systems Corp [2009/06/02 13:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\XemiComputers [2009/07/08 12:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\enterprisoperations\Application Data\X-Wave MP3 Cutter Joiner [2009/11/01 14:40:52 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2009/11/01 15:26:00 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2009/11/01 04:02:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2009/11/01 14:08:06 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/01 14:36:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/11/01 14:38:06 | 00,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 < End of report > Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee VirusScan Enterprise Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Spybot - Search & Destroy Norton Ghost Java™ 6 Update 14 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.1.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) `````````End of Log``````````` This post has been edited by rasta2004: Nov 3 2009, 01:20 AM |
 |
|
 |
Replies
|
Nov 3 2009, 03:56 AM
Post
#2
|
|
 Master of Disaster Recovery  Group: General Admin Posts: 15208 Joined: 24-March 03 From: Albuquerque, NM Member No.: 2879 |
Download ComboFix from one of these locations:
Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Give it at least 20-30 minutes to finish if needed. --------------------  Happiness ain't a thing in itself--it's only a contrast with something that ain't pleasant. Mark Twain |
|
|
|
Posts in this topic
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 22nd November 2009 - 07:24 AM |
