Win32/Patched.DO Virus - AVG Resident Sheild

View previous topic View next topic Go down

Win32/Patched.DO Virus - AVG Resident Sheild

Post by Bman64 on Fri May 07, 2010 12:56 am

Hi there,

About two weeks ago, I contracted a couple of trojan horses which AVG and Malwarebytes seem to have taken care of...except I keep getting notice from AVG Resident Shield that my system is infected. I ran AVG, malwarebytes, and spybot search and destroy and they don't seem to be able to remove it.

Here are the files: "C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1771\A0080186.sys";"Virus identified Win32/Patched.DO";"Infected"

"C:\WINDOWS\SYSTEM32\DRIVERS\aic78xx.sys";"Virus identified Win32/Patched.DO";"Infected"

I updated Java and tried to run JavaRA, however, when I press ok to remove older versions, I get a pop that says this program has encountered an error and needs to close. I tried deleting the file and downloading it again, but the same message occurs.

Here are the OTL logs:
OTL logfile created on: 06/05/2010 4:51:25 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Bruce Bachelder\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 450.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 30.87 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRUCE
Current User Name: Bruce Bachelder
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/06 12:40:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce Bachelder\Desktop\OTL.exe
PRC - [2010/04/21 10:54:49 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 10:54:48 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 09:09:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/12 10:46:06 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 10:46:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 10:45:30 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/02 21:47:33 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2007/09/13 12:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/07/30 12:22:59 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 10:39:12 | 000,073,728 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/06/01 02:32:14 | 000,024,576 | ---- | M] (Mattel) -- C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe
PRC - [2005/11/10 14:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/02/18 18:05:49 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/06/29 13:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 13:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/05/31 14:26:44 | 000,057,344 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
PRC - [2004/05/28 10:29:50 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
PRC - [2004/05/27 20:50:06 | 000,045,056 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
PRC - [2004/04/08 13:09:58 | 000,156,784 | -H-- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aoltray.exe
PRC - [2004/03/11 11:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/09/17 12:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 03:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2002/06/20 15:06:12 | 000,339,968 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\SYSTEM32\hphmon04.exe
PRC - [2002/05/24 08:46:13 | 000,077,824 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\hphipm11.exe
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 12:40:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce Bachelder\Desktop\OTL.exe
MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cabinet.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2007/06/13 10:39:22 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
MOD - [2003/11/13 20:19:06 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/03/12 10:46:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/10/02 21:47:33 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/06/29 13:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2004/05/27 20:50:06 | 000,045,056 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe -- (PDUiP6000DMemCrdMgr)
SRV - [2002/05/24 08:46:13 | 000,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 10:54:48 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/21 10:18:57 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grpsykm.sys -- (wbxxticr)
DRV - [2010/04/21 09:49:54 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\roydtgg.sys -- (bnlwupvp)
DRV - [2010/04/21 09:25:30 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\aaxel.sys -- (ovudwf)
DRV - [2010/04/21 09:07:17 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bwwip.sys -- (lvcyv)
DRV - [2010/03/12 10:46:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 10:45:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/24 07:58:56 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MusCAudio.sys -- (MusCAudio)
DRV - [2009/03/17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nx6000.sys -- (MSHUSBVideo)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/07/11 23:05:00 | 000,030,208 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PhotoFrame.sys -- (PhotoFrame)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/28 14:50:26 | 000,016,000 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\9kdUSBXP.sys -- (SNL320XP)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/02/18 18:05:51 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/11/11 19:10:00 | 002,738,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 17:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 19:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/06 12:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/07/13 12:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 12:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/13 12:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 12:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 12:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 12:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 19:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/11/12 22:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/05/24 08:46:13 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/05/24 08:46:13 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2002/05/24 08:46:13 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/05/24 08:46:13 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2001/11/01 11:27:04 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local



O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll (Symantec Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe (Mattel)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\SYSTEM32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\myscan.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe (CANON INC.)
O4 - HKLM..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe (CANON INC.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StandardInstall] File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Family & Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic Deluxe\cffrem.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Bruce Bachelder\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe (Symantec Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} [You must be registered and logged in to see this link.] (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} [You must be registered and logged in to see this link.] (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} [You must be registered and logged in to see this link.] (DigWebHelper Class)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce Bachelder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce Bachelder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 18:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3abf415f-90eb-11dd-ac81-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3abf415f-90eb-11dd-ac81-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6aeb24a8-86be-11d9-bff8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6aeb24a8-86be-11d9-bff8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6aeb24a8-86be-11d9-bff8-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{aeea335a-7660-11de-bfa5-001111c4ef7d}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{d6a447d8-85e2-11dd-ac80-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d6a447d8-85e2-11dd-ac80-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6a447d8-85e2-11dd-ac80-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Bman64
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-01
OS OS : XP
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Bman64 on Fri May 07, 2010 12:56 am

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 12:40:19 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce Bachelder\Desktop\OTL.exe
[2010/05/06 12:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Bachelder\Desktop\JAVA_RA
[2010/05/06 11:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/06 11:04:25 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/06 11:04:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/06 11:04:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/06 11:04:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/06 11:04:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/06 11:00:55 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Bruce Bachelder\Desktop\jre-6u20-windows-i586.exe
[2010/04/30 12:54:37 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2010/04/30 12:54:37 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/04/30 12:54:37 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/04/30 12:54:37 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2010/04/30 12:54:37 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/04/30 12:54:37 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2010/04/30 12:54:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2010/04/30 12:54:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/04/30 12:54:37 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2010/04/30 12:54:37 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/04/30 12:54:35 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/04/30 12:54:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/04/30 12:54:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2010/04/30 12:54:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/04/30 12:54:27 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/04/30 12:54:27 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/04/30 12:54:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/04/30 12:54:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/04/30 12:54:22 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/04/30 12:54:22 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/04/30 12:54:21 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/04/30 12:54:21 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/04/30 12:54:21 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/04/30 12:54:21 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/04/30 12:54:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2010/04/30 12:54:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/04/30 12:54:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2010/04/30 12:54:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/04/30 12:54:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2010/04/30 12:54:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/04/30 12:54:17 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/04/30 12:54:17 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/04/30 12:54:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/04/30 12:54:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2010/04/30 12:54:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/04/30 12:54:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/04/30 12:54:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/04/30 12:54:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/04/30 12:54:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/04/30 12:54:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/04/30 12:54:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/04/30 12:54:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/04/30 12:53:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/04/30 12:53:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/04/30 12:53:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/04/30 12:53:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010/04/26 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/04/26 22:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/26 20:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/26 20:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/26 20:00:25 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bruce Bachelder\Desktop\spybotsd162.exe
[2010/04/20 23:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Bachelder\Application Data\Malwarebytes
[2010/04/20 23:28:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 23:28:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 23:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 23:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/20 23:25:42 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bruce Bachelder\Desktop\mbam-setup.exe
[2010/04/20 21:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/20 21:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/20 21:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Bachelder\Application Data\695FDC02100706398139AABBDEC8C53B
[2007/12/15 22:20:42 | 000,030,208 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\PhotoFrame.sys
[2005/02/18 18:02:45 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/06 16:53:40 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\swpan.sys
[2010/05/06 15:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 12:41:27 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\My Documents\155 Maclaren St.doc
[2010/05/06 12:40:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce Bachelder\Desktop\OTL.exe
[2010/05/06 12:10:29 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\Desktop\JavaRa.zip
[2010/05/06 11:04:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/06 11:04:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/06 11:04:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/06 11:04:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/06 11:04:09 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/06 11:00:55 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Bruce Bachelder\Desktop\jre-6u20-windows-i586.exe
[2010/05/06 10:17:07 | 000,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2010/05/06 09:05:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/06 09:04:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 09:03:59 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/05/06 09:03:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 09:03:01 | 000,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/06 09:02:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/06 09:02:19 | 059,631,143 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/06 09:02:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/03 06:55:17 | 000,034,276 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/03 06:55:17 | 000,034,276 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/03 06:55:17 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/03 06:55:17 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/03 06:55:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/03 06:55:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/03 06:55:17 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
[2010/05/03 06:55:17 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
[2010/05/03 06:55:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bruce Bachelder\NTUSER.INI
[2010/05/03 06:54:59 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\NTUSER.DAT
[2010/05/03 06:54:40 | 004,933,581 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
[2010/05/01 15:17:25 | 000,493,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 12:04:57 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\My Documents\House Hold Budget.xls
[2010/04/30 11:52:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/26 20:04:27 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\Desktop\Spybot - Search & Destroy.lnk
[2010/04/26 20:00:25 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bruce Bachelder\Desktop\spybotsd162.exe
[2010/04/23 07:34:31 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/21 12:48:01 | 000,024,738 | -H-- | M] () -- C:\Documents and Settings\Bruce Bachelder\Desktop\ZbThumbnail.info
[2010/04/21 12:29:42 | 000,014,808 | -HS- | M] () -- C:\Documents and Settings\Bruce Bachelder\Local Settings\Application Data\8Ubu0B6G7
[2010/04/21 12:29:42 | 000,014,808 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8Ubu0B6G7
[2010/04/21 10:54:48 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/21 10:26:51 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/21 10:18:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\grpsykm.sys
[2010/04/21 09:49:54 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\roydtgg.sys
[2010/04/21 09:25:30 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\aaxel.sys
[2010/04/21 09:07:17 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\bwwip.sys
[2010/04/20 23:25:55 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bruce Bachelder\Desktop\mbam-setup.exe
[2010/04/20 23:22:31 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\Desktop\rkill.com
[2010/04/20 22:38:09 | 000,003,024 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/04/14 17:04:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 19:24:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/06 12:41:27 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Bruce Bachelder\My Documents\155 Maclaren St.doc
[2010/05/06 12:10:29 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Bruce Bachelder\Desktop\JavaRa.zip
[2010/04/30 12:54:37 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/04/30 12:54:37 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/04/30 12:54:37 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/04/30 12:54:37 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/04/30 12:54:33 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/04/30 12:54:33 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/04/30 12:54:33 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/04/30 12:54:33 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/04/30 12:54:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/04/30 12:54:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/04/30 12:54:33 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/04/30 12:54:33 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/04/30 12:54:33 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/04/30 12:54:33 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/04/30 12:54:33 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/04/30 12:54:33 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/04/30 12:54:33 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/04/30 12:54:33 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/04/30 12:54:33 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/04/30 12:54:32 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/04/30 12:54:32 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/04/30 12:54:32 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/04/30 12:54:32 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/04/30 12:54:32 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/04/30 12:54:32 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/04/30 12:54:32 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/04/30 12:54:32 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/04/30 12:54:29 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/04/30 12:54:29 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/04/30 12:54:29 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/04/30 12:54:29 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/04/30 12:54:29 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/04/30 12:54:29 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/04/30 12:54:29 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/04/30 12:54:29 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/04/30 12:54:29 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/04/30 12:54:27 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/04/30 12:54:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/04/30 12:54:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/04/30 12:54:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/04/30 12:54:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/04/30 12:54:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/04/30 12:54:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/04/30 12:54:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/04/30 12:54:14 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/04/30 12:54:14 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/04/30 12:54:14 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/04/30 12:54:14 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/04/30 12:54:14 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/04/30 12:54:14 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/04/30 12:54:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/04/30 12:54:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/04/30 12:54:14 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/04/30 12:54:14 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/04/30 12:54:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/04/30 12:54:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/04/30 12:54:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/04/30 12:54:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/04/30 12:54:14 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/04/30 12:54:14 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/04/26 20:04:27 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Bruce Bachelder\Desktop\Spybot - Search & Destroy.lnk
[2010/04/21 12:27:07 | 000,014,808 | -HS- | C] () -- C:\Documents and Settings\Bruce Bachelder\Local Settings\Application Data\8Ubu0B6G7
[2010/04/21 12:27:07 | 000,014,808 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Ubu0B6G7
[2010/04/21 10:18:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\grpsykm.sys
[2010/04/21 09:49:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\roydtgg.sys
[2010/04/21 09:25:30 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\aaxel.sys
[2010/04/21 09:07:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bwwip.sys
[2010/04/20 23:28:50 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 23:22:31 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Bruce Bachelder\Desktop\rkill.com
[2010/04/20 22:38:09 | 000,003,024 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/20 21:20:25 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\swpan.sys
[2010/04/08 19:08:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/19 17:32:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/10/19 17:21:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/10/19 17:10:20 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL
[2005/12/08 15:17:29 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/18 18:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/18 14:04:02 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2005/08/23 14:50:15 | 000,001,294 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/08/17 20:57:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/01 14:16:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/04/06 21:08:42 | 000,000,570 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/03/19 19:21:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2005/03/14 20:03:05 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/03/14 20:03:05 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/03/14 20:03:05 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/03/12 21:53:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/03/12 12:22:42 | 000,005,696 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/02/27 10:28:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/18 18:15:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/18 18:08:33 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/18 18:03:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/18 18:02:47 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/02/18 18:02:47 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/18 18:02:46 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/02/18 18:02:25 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/02/18 17:31:20 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 18:22:58 | 000,000,890 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2002/06/20 15:09:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[1999/03/23 09:46:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/03/21 21:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/06 16:55:57 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\DRIVERS\swpan.sys

< %systemroot%\System32\config\*.sav >
[2004/08/19 17:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/19 17:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/19 17:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2004/08/10 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ANSI.SYS
[2004/08/10 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\COUNTRY.SYS
[2004/08/10 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HIMEM.SYS
[2004/08/10 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEY01.SYS
[2004/08/10 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEYBOARD.SYS
[2004/08/10 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS.SYS
[2004/08/10 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS404.SYS
[2004/08/10 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS411.SYS
[2004/08/10 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS412.SYS
[2004/08/10 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS804.SYS
[2004/08/10 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO.SYS
[2004/08/10 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO404.SYS
[2004/08/10 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO411.SYS
[2004/08/10 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO412.SYS
[2004/08/10 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO804.SYS
[2003/10/22 05:54:14 | 000,016,848 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\SYSTEM32\Pcandis4.sys
[2003/10/22 05:54:18 | 000,017,162 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\SYSTEM32\Pcandis5.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2009/08/14 09:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2004/08/19 18:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/12/03 08:50:24 | 000,000,209 | RHS- | M] () -- C:\BOOT.INI
[2004/08/19 18:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/02/18 17:35:56 | 000,005,286 | RH-- | M] () -- C:\DELL.SDR
[2009/04/02 08:09:21 | 000,175,502 | ---- | M] () -- C:\hph7350.log
[2004/08/19 18:27:04 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/19 18:07:14 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/02/18 18:06:05 | 000,000,696 | -H-- | M] () -- C:\IPH.PH
[2010/05/06 12:20:52 | 000,001,211 | ---- | M] () -- C:\JavaRa.log
[2004/08/19 18:07:14 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/07 22:01:16 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/05/06 09:02:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/05/06 09:03:59 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/04/26 19:50:46 | 000,000,389 | ---- | M] () -- C:\rkill.log
[2006/01/03 13:23:25 | 000,003,463 | ---- | M] () -- C:\ZB20060103122251001.xml
[2006/01/10 20:49:11 | 000,000,589 | ---- | M] () -- C:\ZB20060110194902001.xml
[2006/01/10 20:50:49 | 000,002,624 | ---- | M] () -- C:\ZB20060110195007001.xml

< %PROGRAMFILES%\*. >
[2008/12/26 10:26:38 | 000,000,000 | ---D | M] -- C:\Program Files\Activision Value
[2006/01/18 16:52:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/01/24 16:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\AOL 9.0
[2006/01/13 19:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2009/06/17 21:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/03/06 09:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/06/21 17:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2009/09/26 18:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\Barbie(TM)
[2009/06/17 21:38:15 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/12/25 10:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\Braingame
[2009/08/18 14:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\brighter child
[2005/02/18 18:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/05/16 13:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/10/19 17:10:11 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2005/02/18 18:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Classic PhoneTools
[2009/09/27 09:10:29 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/01/13 19:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/11/04 17:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2005/02/18 18:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/06/21 17:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Memories
[2005/02/18 18:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/09/24 18:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2005/02/18 18:08:57 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2008/04/09 22:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/04/09 14:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2008/10/03 00:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\DIGStream
[2009/09/26 19:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive
[2006/01/13 19:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2006/01/13 19:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2005/02/18 17:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2005/02/18 17:30:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESPNMotion
[2005/02/18 17:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2007/10/02 20:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\Gemware
[2010/02/03 22:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/29 18:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/08/29 18:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/09/07 11:54:38 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photosmart 11
[2008/08/19 08:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Infogrames
[2009/09/26 19:24:45 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/02/18 18:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2005/10/18 14:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/03/31 17:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/19 11:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/03/21 15:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2005/02/18 18:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/05/06 11:09:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/07/15 09:23:26 | 000,000,000 | ---D | M] -- C:\Program Files\Knowledge Adventure
[2008/10/02 21:45:57 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2005/02/18 18:06:03 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2006/01/13 19:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/04/21 09:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/25 11:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel
[2008/09/08 17:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/09/27 09:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/25 17:00:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/08/17 20:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/09/27 08:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2005/08/17 21:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/02/18 18:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/02/18 18:08:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/01/22 19:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/09/27 09:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/09/27 09:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2005/08/17 20:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/12/31 21:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2005/02/18 18:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2005/03/11 00:11:53 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/03/10 18:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/09 17:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2005/02/18 17:30:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/02/18 17:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/18 18:01:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/12/31 21:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/11/28 10:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\My Scene(TM)
[2005/12/31 20:45:28 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2005/12/31 21:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\NetAssistant
[2008/09/07 22:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/10/19 17:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2006/01/13 19:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2005/02/18 17:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/09/27 16:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\Oregon Scientific
[2009/08/12 17:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/12/08 22:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Viewer
[2007/12/15 22:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFrame_V1.5
[2009/12/03 20:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/02/18 18:05:49 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/06/21 17:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2009/08/09 17:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/12/11 15:02:11 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2010/03/19 10:56:02 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2006/01/13 20:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2008/10/19 17:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2005/04/06 21:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra
[2008/11/05 10:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2009/09/27 09:10:43 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2005/08/17 20:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2005/08/17 21:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/04/26 20:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/14 13:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\The Learning Company
[2009/10/19 12:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2010/02/25 21:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUpMedia
[2006/03/07 15:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2009/10/19 11:58:06 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2006/05/01 20:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\UFile 2005
[2007/04/25 21:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\UFile 2006
[2008/05/05 21:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\UFile 2007
[2009/07/18 12:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\UFile 2008
[2006/01/13 19:17:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/10/21 13:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\ValuSoft
[2005/02/18 18:06:03 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/09/27 09:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/27 09:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/09/27 08:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/07 22:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/02/18 17:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/12/31 21:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2005/02/18 17:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2005/12/20 14:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\ZEMNOTT
[2009/10/19 12:47:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2006/06/14 21:50:43 | 000,037,229 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\Application Data\Comma Separated Values (DOS).ADR
[2004/08/19 17:57:38 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Bruce Bachelder\Application Data\DESKTOP.INI
[2006/01/09 22:31:59 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Bruce Bachelder\Application Data\G-Force Prefs (WindowsMediaPlayer).txt


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\I386\DISK.SYS
[2004/08/10 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\I386\iaStor.sys
[2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:usbstor.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:usbstor.sys
[2008/09/07 21:58:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-14 21:05:01

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bruce Bachelder\Desktop\ZbThumbnail.info:SummaryInformation
< End of report >

Bman64
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-01
OS OS : XP
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Bman64 on Fri May 07, 2010 12:57 am

OTL Extra File:
OTL Extras logfile created on: 06/05/2010 12:42:09 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Bruce Bachelder\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 30.86 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRUCE
Current User Name: Bruce Bachelder
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\setup\HPZNUI01.EXE" = E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\TuneUpMedia\TuneUpApp.exe" = C:\Program Files\TuneUpMedia\TuneUpApp.exe:*:Enabled:TuneUp Companion -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{09E26120-0322-11D5-B231-0050DACD394D}" = Disney's Winnie the Pooh Preschool
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 1.0 - HP Photosmart Printer Series
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F1A3568-7419-4115-A207-512B9F688267}" = Creative Memories Memory Manager 2
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12DCDE3D-5C8E-4C5E-A7E4-CEF30F578179}" = Catz 5
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16B2F936-6C48-4F27-99DB-268AFEA2F35A}" = Disney's Cinderella Dollhouse 2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{1DC02E08-5098-42CD-81E3-4A5C877C7902}" = UFile 2006
"{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}" = Samsung Music Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2998FC3C-E41C-41D7-8527-D51B10363120}" = UFile Updater 2005
"{2A5C6AD0-F7B3-40A1-B140-23B085B1B8CE}" = UFile 2008
"{2C081D6E-A899-11D6-B2FB-0002A5E32BEF}" = Disney Print Studio Deluxe NCR Printer 2nd Ed
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{329ABF30-0376-40AE-A8D2-231BF6AC605C}" = UFile Updater 2006
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35F768BD-330E-4A2C-89C5-A38B588AF08D}" = Canon PIXMA iP6000D Memory Card Utility
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}" = UFile 2007
"{39F8D2F6-7755-40DE-A21F-D47B97164CE6}" = YP-F1
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C612230-5534-4DC3-B721-B802A83D55C3}" = The Book of Pooh
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{855544EF-FF9E-4BB0-9CCF-B9D930FE6FFD}" = Memory Manager Shared Components Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A70CB9E-EAF6-11D5-B233-0050DACD394D}" = Disney's Winnie the Pooh 123s
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B84AB-6A80-49EE-B236-67F211190597}" = Hello Kitty Dream Carnival
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}" = UFile Updater 2007
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3AC8DD1-A754-46D6-A777-6155D627D196}" = My Fantasy Wedding
"{C9967B5A-6E08-4E79-BFBD-BBB07DB0CA04}" = UFile Updater 2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D5F9E6AA-7075-49EC-992F-A6213C73607F}" = Adobe Photoshop Album
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{daa9003f-9944-4f72-837a-c0f3582dffdb}.sdb" = P123.exe custom database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f2f41802-17fe-4ae1-adf2-7ffeb049839d}.sdb" = PABC.exe custom database
"{F44A1B5B-A196-4645-A9A5-E0B609F4EAE1}" = Barbie Girls
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F86AAA85-32B4-4686-9B42-8D4C3766BC73}" = UFile 2005
"{FCE73168-EE4D-11D5-B233-0050DACD394D}" = Disney's Winnie the Pooh ABCs
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"America Online ca" = AOL (Choose which version to remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Barbie(TM) as The Princess and the Pauper" = Barbie(TM) as The Princess and the Pauper
"Barbie(TM) Beauty Boutique(TM) CD-ROM" = Barbie(TM) Beauty Boutique(TM) CD-ROM
"Barbie(TM) Fashion Show(TM) CD-ROM" = Barbie(TM) Fashion Show(TM) CD-ROM
"Barbie(TM) of Swan Lake" = Barbie(TM) of Swan Lake
"BellCanada.MCCInstall" = NetAssistant
"Bratz Babyz" = Bratz Babyz
"Bugs Bunny & Taz - Time Busters" = Bugs Bunny & Taz - Time Busters
"Caillou(R) Party Fun & Games(TM)" = Caillou(R) Party Fun & Games(TM)
"Caillou's Alphabet" = Caillou's Alphabet
"Caillou's Colors Shapes" = Caillou's Colors Shapes
"Caillou's Counting" = Caillou's Counting
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP69.DLL" = Canon PIXMA iP6000D
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Catz" = Catz (remove only)
"Corel Applications" = Corel Applications
"CSCLIB" = Canon Camera Support Core Library
"Diablo II" = Diablo II
"Disney Print Creations Winnie the Pooh" = Disney Print Creations Winnie the Pooh software
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"ESPNMotion" = ESPNMotion
"Hallmark Scrapbook Studio" = SierraHome Hallmark Scrapbook Studio
"hp instant support" = hp instant support
"HP Smart Web Printing" = HP Smart Web Printing
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{F44A1B5B-A196-4645-A9A5-E0B609F4EAE1}" = Barbie Girls
"Intel(R) 537EP V9x DFV PCI Modem" = Intel(R) 537EP V9x DFV PCI Modem
"InterActual Player" = InterActual Player
"JSSCRAPB" = JumpStart Scrapbook
"JSTD2001" = JumpStart Toddlers 2001
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"My Scene Goes Hollywood(TM) CD-ROM" = My Scene Goes Hollywood(TM) CD-ROM
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Oregon Scientific SmartGlobe(TM) Deluxe_is1" = SmartGlobe(TM) Deluxe V3.05
"Pet Vet 3D Animal Hospital_is1" = Pet Vet 3D Animal Hospital
"Photo Viewer" = Photo Viewer 2.3
"PhotoFrame_V1.5" = PhotoFrame_V1.5
"PhotoStitch" = Canon Utilities PhotoStitch
"Reader Rabbit Toddler" = Reader Rabbit Toddler
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Scooby-Doo(TM), Case File #2 The Scary Stone Dragon" = Scooby-Doo(TM), Case File #2 The Scary Stone Dragon
"Scooby-Doo(TM), Jinx At The Sphinx(TM)" = Scooby-Doo(TM), Jinx At The Sphinx(TM)
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Tigger Activity Center" = Disney's Tigger Activity Center
"TuneUpMedia" = TuneUp Companion 1.6.4
"Videora iPhone Converter" = Videora iPhone Converter 4.08
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WholeSecurity Web Caller-ID Plug-in" = Norton Confidence Online
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"Wonder Pets Save the Puppy_is1" = Wonder Pets Save the Puppy
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2010 10:59:51 AM | Computer Name = BRUCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 06/05/2010 11:03:34 AM | Computer Name = BRUCE | Source = MsiInstaller | ID = 11704
Description = Product: Java(TM) 6 Update 15 -- Error 1704.An installation for Microsoft
Office 2000 Premium is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 06/05/2010 11:09:46 AM | Computer Name = BRUCE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.

Error - 06/05/2010 11:10:08 AM | Computer Name = BRUCE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.

Error - 06/05/2010 11:11:09 AM | Computer Name = BRUCE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.

Error - 06/05/2010 11:16:58 AM | Computer Name = BRUCE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.

Error - 06/05/2010 11:17:02 AM | Computer Name = BRUCE | Source = Application Error | ID = 1001
Description = Fault bucket 1382747869.

Error - 06/05/2010 11:18:15 AM | Computer Name = BRUCE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.

Error - 06/05/2010 12:07:44 PM | Computer Name = BRUCE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.

Error - 06/05/2010 12:20:52 PM | Computer Name = BRUCE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.

[ System Events ]
Error - 25/04/2010 6:01:51 PM | Computer Name = BRUCE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 30/04/2010 9:45:08 AM | Computer Name = BRUCE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 02/05/2010 9:45:09 AM | Computer Name = BRUCE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 06/05/2010 9:00:19 AM | Computer Name = BRUCE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Bman64
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-01
OS OS : XP
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Belahzur on Fri May 07, 2010 5:21 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Bman64 on Sun May 09, 2010 6:12 pm

Hi Belahzur,

Downloaded and ran Combofix. Here are the results:

ComboFix 10-05-08.03 - Bruce Bachelder 09/05/2010 13:29:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.607 [GMT -4:00]
Running from: c:\documents and settings\Bruce Bachelder\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bruce Bachelder\Application Data\695FDC02100706398139AABBDEC8C53B
c:\documents and settings\Bruce Bachelder\Application Data\695FDC02100706398139AABBDEC8C53B\enemies-names.txt
c:\documents and settings\Bruce Bachelder\Application Data\695FDC02100706398139AABBDEC8C53B\lsrslt.ini
c:\documents and settings\Bruce Bachelder\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Bruce Bachelder\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Bruce Bachelder\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
c:\windows\system32\drivers\aaxel.sys
c:\windows\system32\drivers\bwwip.sys
c:\windows\system32\drivers\grpsykm.sys
c:\windows\system32\drivers\roydtgg.sys
c:\windows\system32\drivers\swpan.sys

Infected copy of c:\windows\system32\drivers\aic78xx.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_bnlwupvp
-------\Legacy_lvcyv
-------\Legacy_ovudwf
-------\Legacy_swpan
-------\Legacy_wbxxticr
-------\Service_bnlwupvp
-------\Service_lvcyv
-------\Service_ovudwf
-------\Service_swpan
-------\Service_wbxxticr


((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-06 15:04 . 2010-05-06 15:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-30 16:53 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-30 16:53 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-30 16:53 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-30 16:53 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-27 03:00 . 2010-04-27 03:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 17:43 . 2005-02-18 22:02 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2010-05-09 17:43 . 2005-02-18 22:02 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2010-05-09 16:53 . 2007-01-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\WholeSecurity
2010-05-09 16:01 . 2001-08-17 20:07 56960 ----a-w- c:\windows\system32\drivers\aic78xx.sys
2010-05-07 21:33 . 2009-06-21 21:05 -------- d-----w- c:\documents and settings\Bruce Bachelder\Application Data\TuneUpMedia
2010-05-07 05:58 . 2010-04-08 23:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-07 01:05 . 2010-04-21 03:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 15:09 . 2005-02-18 21:59 -------- d-----w- c:\program files\Java
2010-05-06 15:05 . 2005-02-18 21:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-30 13:44 . 2010-04-27 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-29 19:39 . 2010-04-21 03:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-21 03:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 00:10 . 2010-04-27 00:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-26 23:45 . 2010-03-06 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-21 14:54 . 2010-03-06 13:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-21 03:29 . 2010-04-21 03:29 -------- d-----w- c:\documents and settings\Bruce Bachelder\Application Data\Malwarebytes
2010-04-21 03:28 . 2010-04-21 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 01:09 . 2009-07-01 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-07 20:54 . 2009-05-16 17:13 -------- d-----w- c:\documents and settings\Bruce Bachelder\Application Data\ZoomBrowser EX
2010-04-07 20:20 . 2009-05-16 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-04-07 19:35 . 2009-05-16 17:06 -------- d-----w- c:\documents and settings\Bruce Bachelder\Application Data\CameraWindowDC
2010-03-28 19:17 . 2007-10-03 01:09 44539 ----a-w- c:\windows\DIIUnin.dat
2010-03-27 20:49 . 2009-06-21 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-03-21 19:27 . 2009-06-18 01:38 -------- d-----w- c:\program files\iTunes
2010-03-19 15:04 . 2010-03-19 15:04 -------- d-----w- c:\program files\iPod
2010-03-19 15:04 . 2009-06-18 01:36 -------- d-----w- c:\program files\Common Files\Apple
2010-03-19 14:56 . 2009-07-18 14:55 -------- d-----w- c:\program files\Safari
2010-03-12 14:46 . 2010-03-12 14:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 14:46 . 2008-10-03 02:45 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 14:45 . 2008-10-03 02:45 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 1980-01-01 06:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 1980-01-01 06:00 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 11:00 100864 ------w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 11:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-02-18 26112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"PDUiP6000DMon"="c:\program files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [2004-05-31 57344]
"PDUiP6000DTskbr"="c:\program files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [2004-05-28 69632]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"BarbieGirlsTray"="c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-06-01 24576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\progra~1\MALWAR~1\myscan.exe" [2010-03-30 1086856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Bruce Bachelder\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-3-7 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-2-18 156784]
Corel Family & Friends Reminders.LNK - c:\program files\Corel\Print House Magic Deluxe\cffrem.exe [2008-11-4 666112]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
NetAssistant.lnk - c:\program files\NetAssistant\bin\matcli.exe [2005-3-11 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 14:46 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-10-22 20:13 393216 ----a-w- c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TuneUpMedia\\TuneUpApp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [02/10/2008 10:45 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [06/03/2010 9:41 AM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/03/2010 10:46 AM 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 10:44 PM 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\SYSTEM32\DRIVERS\nx6000.sys [27/09/2009 8:46 AM 30560]
S3 MusCAudio;MusCAudio;c:\windows\SYSTEM32\DRIVERS\MusCAudio.sys [31/07/2009 8:57 AM 23096]
S3 PhotoFrame;PhotoFrame_2.0 Device;c:\windows\SYSTEM32\DRIVERS\PhotoFrame.sys [15/12/2007 10:20 PM 30208]
S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\SYSTEM32\DRIVERS\9kdUSBXP.sys [27/09/2009 4:20 PM 16000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:44]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:44]

2005-02-25 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-StandardInstall - (no file)
AddRemove-Scooby-Doo(TM), Jinx At The Sphinx(TM) - c:\program files\The Learning Company\Scooby-Doo(TM)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-09 13:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-05-09 14:02:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-09 18:02

Pre-Run: 33,618,550,784 bytes free
Post-Run: 34,957,893,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 41213B5CBC1E19C406DB1414E2FB09E3

Bman64
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-01
OS OS : XP
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Belahzur on Sun May 09, 2010 11:38 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0.8
    Viewpoint Media Player (Remove Only)

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Bman64 on Tue May 11, 2010 10:37 am

When removing the programs, the following boxes appeared:

User SYSTEM has previously initiatied an installation for product Microsoft office 2000 premium. That user will need to run that installation again before using that product. Your current installation will continue

I pressed ok then got the following pop-up

ERROR 1704. An installation for Microsoft office 2000 premium is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes.

I pressed yes.

Here is the ESET Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=572fc64419d7e6439932c667f8265ba9
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-11 12:46:25
# local_time=2010-05-10 08:46:25 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 4736935 4736935 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=33416
# found=0
# cleaned=0
# scan_time=955
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=572fc64419d7e6439932c667f8265ba9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-11 02:55:27
# local_time=2010-05-10 10:55:27 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 4738393 4738393 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=151051
# found=2
# cleaned=2
# scan_time=7237
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\aic78xx.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\swpan.sys.vir Win32/Rootkit.Kryptik.BB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Bman64
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-01
OS OS : XP
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Belahzur on Tue May 11, 2010 7:26 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Bman64 on Fri May 14, 2010 3:55 pm

Seems to be okay, no more resident shield notices. It is however very slow at start up (6-8 minutes) and my usual icons in the system tray don't seem to be there any longer. The only one there is Dell support. AVG isn't there either.

Also on start up the Windows Security Centre icon appears in the tray and warns that the firewall is not activiated. After a minute or two the warning goes away and the firewall is activated...strange no?

Bman64
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-01
OS OS : XP
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Belahzur on Sat May 15, 2010 12:12 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Bman64 on Sat May 15, 2010 1:51 pm

Today when I logged into my user, it still took some time but all the icons are back in the system tray.

Here is the MBAM-Log

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/05/2010 9:17:04 AM
mbam-log-2010-05-15 (09-17-04).txt

Scan type: Quick scan
Objects scanned: 142949
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Should I be using a different browser such as Firefox?

Which anti-virus and malware program would you recommend?

Currently using AVGFree 9.0, Malwarebytes, Spybot S&D.

Thanks!

Bman64
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-01
OS OS : XP
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Patched.DO Virus - AVG Resident Sheild

Post by Belahzur on Sat May 15, 2010 9:06 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum