GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Alureon.DX virus after ThinkPoint Removal

View previous topic View next topic Go down

Alureon.DX virus after ThinkPoint Removal

Post by tbmjfreeman on Sat Dec 11, 2010 9:34 pm

This post is the same as Bostyboston's post concerning the Alureon.DX virus which is being flagged by MSE and cleaned about every hour, usually killing my IE connection. It is a Windows XP with the latest MS updates. I had removed the ThinkPoint malware a week ago using Malwarebytes so the symptoms are similar to Bostyboston. I have followed your instructions and am attaching the OTL and Extras logs (in two separate posts). Any help would be appreciated. Thanks


tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Alureon.DX virus after ThinkPoint Removal (Extras log)

Post by tbmjfreeman on Sat Dec 11, 2010 9:40 pm

Here is the Extras log

OTL Extras logfile created on: 12/11/2010 3:53:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Freeman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.44 Gb Total Space | 44.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS

Computer Name: D7LD9Y51 | User Name: Freeman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe" = C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe:*:Enabled:ZyXEL G-220 v2 Wireless Adapter Utility -- (ZyXEL Communications Corp.)
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216017FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216021FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216022FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4ED47439-5232-4BBC-93F2-7BC895B56246}" = 3300
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{62C3CFD3-4B1C-4C8F-8C2E-9B13B66768AB}" = ZyXEL G-220 v2 Wireless Adapter Utility
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69F56014-2C48-4885-8D72-0E069F89647F}" = Roxio Creator 2009 Special Edition
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BA350B-D90A-42CC-AF01-98C13EE60316}" = TaxCut Maryland 2007
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009 Special Edition
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{93229C8B-7930-4D54-B461-43F04DB6DDE3}" = H&R Block Maryland 2009
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}" = Hoyle Friday Night Poker
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}" = Hoyle Card Games 2005
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583" =
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827}" = Calendar Creator 10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATI Display Driver" = ATI Display Driver
"AudioPlugin.dll" =
"BearShare" =
"BearShare MediaBar" = MediaBar
"Branding" =
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX20IS" = Canon PowerShot SX20 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Card Games for Windows" = Card Games for Windows
"CinePlayer.exe" =
"Connection Manager" =
"CopyNow.dll" =
"DataPlugin.dll" =
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DirectAnimation" =
"DirectDrawEx" =
"dlatray.exe" =
"DXM_Runtime" =
"Fontcore" =
"GoToAssist" = GoToAssist 8.0.0.480
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{8239A416-83A1-4CCD-84AD-51D1B47F8D35}" =
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"Microsoft Security Essentials" = Microsoft Security Essentials
"MobileOptionPack" =
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MPlayer2" =
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MVApplication1" = SureThing CD Labeler Deluxe 4
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OutlookExpress" =
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"RealPlayer 6.0" = RealPlayer Basic
"RecordNow.exe" =
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Savings Bond Wizard" = Savings Bond Wizard
"SchedulingAgent" =
"Shockwave" = Shockwave
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"StorageSync" = StorageSync Backup Software
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" =
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2010 9:58:02 AM | Computer Name = D7LD9Y51 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/7/2010 3:25:09 PM | Computer Name = D7LD9Y51 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2010 3:25:43 PM | Computer Name = D7LD9Y51 | Source = Application Hang | ID = 1001
Description = Fault bucket -2091012794.

Error - 12/8/2010 11:25:22 AM | Computer Name = D7LD9Y51 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6402.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/9/2010 4:18:10 AM | Computer Name = D7LD9Y51 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/9/2010 9:25:13 AM | Computer Name = D7LD9Y51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/10/2010 9:21:13 AM | Computer Name = D7LD9Y51 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 12/10/2010 9:21:30 AM | Computer Name = D7LD9Y51 | Source = Application Error | ID = 1001
Description = Fault bucket 1228195020.

Error - 12/11/2010 4:26:53 PM | Computer Name = D7LD9Y51 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 12/11/2010 4:27:02 PM | Computer Name = D7LD9Y51 | Source = Application Error | ID = 1001
Description = Fault bucket 1987575260.

[ System Events ]
Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:39:16 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/11/2010 4:41:37 PM | Computer Name = D7LD9Y51 | Source = Service Control Manager | ID = 7022
Description = The IHA_MessageCenter service hung on starting.


< End of report >

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by Belahzur on Sat Dec 11, 2010 11:24 pm

Please post the main OTL.txt log as well.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by tbmjfreeman on Sun Dec 12, 2010 3:31 am

First half of OTL file

OTL logfile created on: 12/11/2010 3:53:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Freeman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.44 Gb Total Space | 44.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS

Computer Name: D7LD9Y51 | User Name: Freeman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 14:59:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freeman\Desktop\OTL.exe
PRC - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/02/23 17:10:16 | 000,786,360 | ---- | M] (iMesh, Inc) -- C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/20 10:10:48 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/27 23:21:45 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/05/11 15:20:04 | 002,061,816 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/09/12 14:44:02 | 010,891,264 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe
PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2005/10/07 22:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/05/27 20:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2004/03/23 12:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/10/07 16:20:18 | 000,352,256 | ---- | M] ( ) -- c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 14:59:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freeman\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/17 15:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/09 07:46:25 | 001,122,304 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/13 23:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/13 23:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/13 23:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/13 23:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
SRV - [2007/09/28 15:02:51 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/11 09:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RxFilter.sys -- (RxFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/08/17 10:03:30 | 000,402,944 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WlanGZXP.SYS -- (ZG760_XP)
DRV - [2006/08/17 10:03:30 | 000,019,072 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2004/10/28 00:38:47 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/10/28 00:32:26 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 17:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-220 v2 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe (ZyXEL Communications Corp.)
O4 - Startup: C:\Documents and Settings\Freeman\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} [You must be registered and logged in to see this link.] (PCMaticVer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\\DataMngr\datamngr.dll) - C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Freeman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Freeman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a2e5c12-4837-11dd-9bbb-0019cb012d31}\Shell - "" = AutoRun
O33 - MountPoints2\{2a2e5c12-4837-11dd-9bbb-0019cb012d31}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a2e5c12-4837-11dd-9bbb-0019cb012d31}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db5b7ea4-e7a8-11dc-95f4-0019cb012d31}\Shell - "" = AutoRun
O33 - MountPoints2\{db5b7ea4-e7a8-11dc-95f4-0019cb012d31}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db5b7ea4-e7a8-11dc-95f4-0019cb012d31}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: mmtask - hkey= - key= - c:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (TODO: <Company name>)
MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 15:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/11 15:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/12/11 15:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/11 15:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/12/11 15:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/12/11 15:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/12/11 15:33:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/11 15:33:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/11 15:33:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/11 15:33:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/02 07:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freeman\Application Data\Malwarebytes
[2010/12/02 07:50:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/02 07:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/02 07:50:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/02 07:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/29 10:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/11/16 19:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Napster Shared
[2010/11/16 19:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freeman\Application Data\InstallShield
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/11 15:56:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/11 15:49:19 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/12/11 15:49:19 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/11 15:47:54 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/12/11 15:47:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/12/11 15:40:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 15:40:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/11 15:40:03 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 15:33:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/11 15:33:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/11 15:33:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/11 15:33:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/11 15:33:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/11 15:13:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/12/11 15:12:21 | 000,623,168 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/11 15:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/11 14:56:01 | 000,014,739 | ---- | M] () -- C:\WINDOWS\System32\12543.js
[2010/12/11 14:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/11 13:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/11 11:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/12/11 10:56:04 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/12/11 09:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/12/11 08:56:04 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/12/11 08:10:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/11 07:56:02 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/12/10 21:56:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/12/10 21:36:22 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/12/10 20:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/10 19:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/10 18:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/12/10 16:56:01 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/09 22:24:46 | 000,047,912 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\wklnhst.dat
[2010/12/09 07:50:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/09 07:50:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/12/09 07:50:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/12/09 07:50:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/12/09 07:50:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/12/07 09:49:02 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2010/12/06 12:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/02 08:18:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/12/02 08:18:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/12/02 08:18:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/12/02 08:18:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/01 09:47:12 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\completescan
[2010/12/01 09:35:39 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mpafahexofipuji.dat
[2010/12/01 09:35:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ntopoxegi.bin
[2010/12/01 09:34:35 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\install
[2010/11/30 11:22:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/30 11:22:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/16 19:23:31 | 000,104,544 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/14 00:34:54 | 000,015,771 | ---- | M] () -- C:\mvstcdxx.lst
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/11 15:47:54 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/12/11 15:45:44 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/12/11 15:45:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/11 07:34:15 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/07 11:56:01 | 000,014,739 | ---- | C] () -- C:\WINDOWS\System32\12543.js
[2010/12/07 09:49:02 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2010/12/01 09:41:20 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\completescan
[2010/12/01 09:35:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mpafahexofipuji.dat
[2010/12/01 09:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ntopoxegi.bin
[2010/12/01 09:34:35 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\install
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/12/01 09:33:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/12/01 09:33:43 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/12/01 09:33:43 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/12/01 09:33:43 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/12/01 09:33:43 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/12/01 09:33:43 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/12/01 09:33:43 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/12/01 09:33:43 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/12/01 09:33:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/12/01 09:33:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/12/01 09:33:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/12/01 09:33:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/12/01 09:33:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/12/01 09:33:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/16 19:23:31 | 000,104,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/25 22:42:08 | 000,623,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/19 20:49:08 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\Smiley.ico
[2008/05/11 15:40:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\CmdPrint.INI
[2008/03/12 09:51:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/02/10 16:41:43 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/10 16:41:43 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/12/10 22:13:22 | 000,004,431 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\Hewlett-PackardHP Photosmart 3300 series1191065936_PROTOCOL.log
[2007/12/10 22:13:22 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\Hewlett-PackardHP Photosmart 3300 series1191065936_API.log
[2007/12/10 22:13:21 | 000,001,182 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\Hewlett-PackardHP Photosmart 3300 series1191065936_UI.log
[2007/12/10 22:13:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/10/30 13:23:06 | 000,048,861 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2007/10/30 13:23:06 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/10/30 13:22:54 | 000,002,125 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\HPSU_48BitScanUpdate.log
[2007/10/30 13:22:54 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/10/30 13:19:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/10/30 13:19:00 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007/10/30 13:19:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/10/30 13:18:49 | 000,002,896 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\PatchUpdate_InstantShareJPG.log
[2007/10/30 13:18:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/10/30 13:18:37 | 000,003,698 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\PatchUpdate_IZClosingDiscError.log
[2007/10/30 13:18:37 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/10/30 13:17:37 | 000,056,597 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2007/10/30 13:17:37 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/10/26 11:57:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/10/26 11:57:33 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/10/26 11:57:32 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2007/10/26 11:57:30 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\drivers\_desktop.ini
[2007/10/26 11:57:30 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\_desktop.ini
[2007/10/02 08:09:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/02 07:56:36 | 000,001,734 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/10/01 13:09:28 | 000,000,302 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/09/29 06:38:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/09/29 06:27:17 | 000,047,912 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\wklnhst.dat
[2007/09/29 06:20:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/29 01:40:02 | 000,001,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2004/10/28 00:42:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/28 00:41:03 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/28 00:33:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/27 23:57:20 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

2nd half of OTL file (although I haven't had a virus hit in 8 hours)

Post by tbmjfreeman on Sun Dec 12, 2010 3:33 am

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp3xu.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/11/01 12:16:04 | 000,001,674 | -H-- | M] () -- C:\Documents and Settings\Freeman\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/05/15 08:06:44 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/09/28 14:58:13 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Freeman\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/11 15:19:02 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Freeman\Desktop\jre-6u23-windows-i586.exe
[2010/12/11 14:59:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freeman\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/10/02 08:06:19 | 021,994,912 | ---- | M] (Corel ) -- C:\Documents and Settings\Freeman\My Documents\English_CPA6_Xtras1.exe
[2008/06/12 19:59:34 | 010,420,936 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Freeman\My Documents\xlviewer.exe

< %USERPROFILE%\*.exe >
[2007/09/28 15:02:45 | 000,060,968 | ---- | M] () -- C:\Documents and Settings\Freeman\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/09/28 14:58:12 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Freeman\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2004/08/04 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ANSI.SYS
[2003/12/19 02:00:00 | 000,013,387 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CinemSup.sys
[2004/08/04 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\COUNTRY.SYS
[2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DDMI2.sys
[2005/02/07 19:07:08 | 000,004,608 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DDMI64.sys
[2005/03/13 16:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\SYSTEM32\DLPT2.sys
[2005/02/09 13:08:04 | 000,007,168 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DLPT64.sys
[2005/02/08 13:04:46 | 000,005,632 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\GPCIEn64.sys
[2005/02/08 12:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\GPCIEnum.sys
[2005/02/08 15:46:04 | 000,005,120 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\GTKCMO64.sys
[2004/06/15 15:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\GTKCMOS.sys
[2004/08/04 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HIMEM.SYS
[2004/08/04 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEY01.SYS
[2004/08/04 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEYBOARD.SYS
[2009/12/08 20:15:04 | 000,001,734 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
[2004/08/04 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS.SYS
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS404.SYS
[2004/08/04 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS411.SYS
[2004/08/04 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS412.SYS
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS804.SYS
[2004/08/04 05:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO.SYS
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO404.SYS
[2004/08/04 05:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO411.SYS
[2004/08/04 05:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO412.SYS
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO804.SYS
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[2006/08/17 10:03:30 | 000,019,072 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\SYSTEM32\ZDCndis5.sys
[2006/08/17 10:03:30 | 000,032,256 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\SYSTEM32\Zdcndis5a64.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >
[2006/09/05 10:04:34 | 000,000,008 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\_desktop.ini

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp3xu.dll

< %SYSTEMDRIVE%\*.* >
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/08 18:49:36 | 000,030,208 | ---- | M] () -- C:\Board Meeting Notes June 2009.doc
[2007/12/04 18:10:10 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/15 12:35:48 | 000,109,843 | ---- | M] () -- C:\Davidsonville Family Rec Center.pdf
[2004/10/28 00:11:34 | 000,005,131 | RH-- | M] () -- C:\DELL.SDR
[2009/05/26 13:19:21 | 000,058,368 | ---- | M] () -- C:\DFRC MEM2003.doc
[2010/02/03 12:39:37 | 000,041,472 | ---- | M] () -- C:\EVALRes.doc
[2008/08/07 07:55:43 | 000,000,179 | ---- | M] () -- C:\handle.dat
[2010/12/11 15:40:03 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/10 13:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/10/28 00:32:42 | 000,000,857 | -H-- | M] () -- C:\IPH.PH
[2010/12/11 15:34:50 | 000,020,179 | ---- | M] () -- C:\JavaRa.log
[2009/07/15 11:45:14 | 002,915,391 | ---- | M] () -- C:\June 2009 364.jpg
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2010/11/14 00:34:54 | 000,015,771 | ---- | M] () -- C:\mvstcdxx.lst
[2007/10/26 12:49:43 | 000,002,855 | ---- | M] () -- C:\NTDClient.log
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/15 08:00:15 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/12/11 15:40:01 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/10/29 08:29:10 | 000,002,372 | ---- | M] () -- C:\rollback.ini
[2007/11/25 14:42:58 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2004/10/28 00:32:45 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/12/09 08:25:58 | 000,046,922 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_09.12.2010_08.25.27_log.txt
[2010/12/11 07:58:26 | 000,046,322 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_11.12.2010_07.58.03_log.txt
[2009/08/31 16:48:57 | 000,000,922 | ---- | M] () -- C:\updatedatfix.log
[2009/05/15 14:35:10 | 004,029,420 | ---- | M] () -- C:\walmart.wmv
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2010/03/14 11:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\ACW
[2010/12/11 15:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/24 07:54:34 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2004/10/28 00:30:03 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/03/20 16:22:59 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2009/03/24 07:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2004/10/28 00:29:54 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/08/08 19:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Calendar Creator
[2009/12/19 21:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2007/09/28 15:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/12/11 15:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/10/27 23:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/10/02 08:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2007/10/01 15:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Cosmi
[2004/10/28 00:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2004/10/28 00:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2004/10/28 00:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2007/10/01 13:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\Encore
[2010/02/15 13:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/09/27 07:00:48 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/08/31 16:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/02/06 16:34:24 | 000,000,000 | ---D | M] -- C:\Program Files\HRBlock2009
[2009/08/06 13:55:25 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/10/28 00:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/08/06 13:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/10/13 20:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/22 11:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/03/22 11:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2007/10/02 08:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/12/11 15:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2004/10/28 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/12/02 07:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 15:49:15 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2008/08/14 21:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/10/28 00:33:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/10/28 00:34:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2004/10/27 23:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/10/28 00:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2008/03/03 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/10/28 00:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2004/10/28 00:40:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2004/10/28 00:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/10/13 19:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials
[2010/09/30 06:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2004/10/28 00:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets and Trips
[2004/10/28 00:33:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2004/10/28 00:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2004
[2004/10/28 00:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2004/10/28 00:30:28 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2010/08/14 22:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/07/08 21:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/07/03 07:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/10/27 23:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/10/27 23:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/09/29 01:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2004/10/28 00:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/11/16 19:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2008/05/15 08:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/10/03 09:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2010/12/11 15:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2004/10/27 23:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 21:24:39 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/29 22:39:55 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop
[2010/02/06 16:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\PDF995
[2007/09/29 06:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Story 3 for Windows
[2010/02/01 14:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/10/28 00:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/08 21:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/06 14:38:20 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/08/06 13:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio Creator 2009 Special Edition
[2010/08/19 09:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\Savings Bond Wizard
[2009/08/06 13:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2009/08/06 13:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/03/18 18:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\SonicWallES
[2007/09/30 21:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\Southwest Airlines
[2010/12/01 15:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\StorageSync
[2007/09/30 17:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\SureThing
[2009/08/06 13:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\TaxCut07
[2010/08/27 19:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2004/10/27 23:56:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/12 16:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2004/10/28 00:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2007/10/01 18:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2008/01/11 13:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2010/12/01 09:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2007/09/29 02:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/05/15 08:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/15 08:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/06 13:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/10/27 23:56:54 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/10/27 23:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2004/10/28 00:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name
[2008/12/12 16:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2007/10/26 11:57:31 | 000,000,000 | ---D | M] -- C:\Program Files\ZyXEL

< %appdata%\*.* >
[2010/12/01 09:47:12 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\completescan
[2004/08/10 12:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Freeman\Application Data\DESKTOP.INI
[2009/12/12 21:32:09 | 000,133,128 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\GDIPFONTCACHEV1.DAT
[2007/10/30 13:19:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/10/30 13:19:02 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2010/05/18 19:14:24 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\Hewlett-PackardHP Photosmart 3300 series1191065936_API.log
[2010/05/18 19:14:23 | 000,004,431 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\Hewlett-PackardHP Photosmart 3300 series1191065936_PROTOCOL.log
[2010/05/18 19:14:24 | 000,001,182 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\Hewlett-PackardHP Photosmart 3300 series1191065936_UI.log
[2007/10/30 13:22:58 | 000,002,125 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\HPSU_48BitScanUpdate.log
[2010/12/01 09:34:35 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\install
[2007/10/30 13:23:16 | 000,048,861 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2007/10/30 13:18:50 | 000,002,896 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\PatchUpdate_InstantShareJPG.log
[2007/10/30 13:18:40 | 000,003,698 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\PatchUpdate_IZClosingDiscError.log
[2009/12/03 06:58:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\Smiley.ico
[2007/10/30 13:17:43 | 000,056,597 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/12/09 22:24:46 | 000,047,912 | ---- | M] () -- C:\Documents and Settings\Freeman\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Matt's Folder\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Matt's Folder\I386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Matt's Folder\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Matt's Folder\I386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Matt's Folder\I386\sp2.cab:disk.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Matt's Folder\I386\DISK.SYS
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Matt's Folder\I386\EVENTLOG.DLL
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\Matt's Folder\I386\IASTOR.SYS
[2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Matt's Folder\I386\NETLOGON.DLL
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Matt's Folder\I386\SCECLI.DLL
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Matt's Folder\I386\sp2.cab:usbstor.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:usbstor.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:usbstor.sys
[2008/05/15 07:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\Matt's Folder\I386\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Freeman\My Documents\Slideshow0.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Freeman\My Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by Belahzur on Sun Dec 12, 2010 10:12 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2010/12/07 11:56:01 | 000,014,739 | ---- | C] () -- C:\WINDOWS\System32\12543.js
    [2010/12/01 09:41:20 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\completescan
    [2010/12/01 09:35:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mpafahexofipuji.dat
    [2010/12/01 09:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ntopoxegi.bin
    [2010/12/01 09:34:35 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Freeman\Application Data\install

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

New OTL Log

Post by tbmjfreeman on Sun Dec 12, 2010 11:08 pm

I accidently ran it twice and lost the first log. Here is the output of the second run. I haven't been hit with the virus for the last 24 hours and everything seems to be working okay, but I have thought that before.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\WINDOWS\SYSTEM32\12543.js moved successfully.
C:\Documents and Settings\Freeman\Application Data\completescan moved successfully.
C:\WINDOWS\Mpafahexofipuji.dat moved successfully.
C:\WINDOWS\Ntopoxegi.bin moved successfully.
C:\Documents and Settings\Freeman\Application Data\install moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\At*.job not found.

OTL by OldTimer - Version 3.2.17.3 log created on 12122010_180302

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by Belahzur on Sun Dec 12, 2010 11:33 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by tbmjfreeman on Mon Dec 13, 2010 12:35 am

The Malwarebytes scan identified no infections. So far everything seems to be working normally. I can respond back to you if some additional problems occur, or if you think there is more work to be done, let me know. Thanks for your help.

Scan type: Quick scan
Objects scanned: 182802
Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by Belahzur on Mon Dec 13, 2010 1:47 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Hope this means my machine looks clean

Post by tbmjfreeman on Mon Dec 13, 2010 3:31 am

ComboFix 10-12-11.06 - Freeman 12/12/2010 22:03:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.367 [GMT -5:00]
Running from: c:\documents and settings\Freeman\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Freeman\GoToAssistDownloadHelper.exe
c:\documents and settings\Freeman\Local Settings\Application Data\{26AEC028-EB6F-4F16-A179-A4A3377E06C0}
c:\documents and settings\Freeman\Local Settings\Application Data\{26AEC028-EB6F-4F16-A179-A4A3377E06C0}\chrome\content\_cfg.js
c:\documents and settings\Freeman\Local Settings\Application Data\{26AEC028-EB6F-4F16-A179-A4A3377E06C0}\chrome\content\overlay.xul
c:\documents and settings\Freeman\Local Settings\Application Data\{26AEC028-EB6F-4F16-A179-A4A3377E06C0}\install.rdf
c:\program files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\_desktop.ini
c:\windows\SYSTEM32\_desktop.ini
c:\windows\SYSTEM32\DRIVERS\_desktop.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-12 22:55 . 2010-12-12 22:55 -------- d-----w- C:\_OTL
2010-12-12 21:03 . 2010-12-12 21:03 -------- d-----w- c:\documents and settings\Freeman\Local Settings\Application Data\roxio
2010-12-12 20:49 . 2010-11-10 01:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CC5D1C5-9C22-492A-AF18-4F64A1EBFDFB}\mpengine.dll
2010-12-11 20:51 . 2010-12-11 20:51 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-12-11 20:51 . 2010-12-11 20:51 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-12-11 20:49 . 2010-12-11 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-12-11 20:46 . 2010-12-11 20:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-11 20:45 . 2010-12-11 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-12-11 20:45 . 2010-12-11 20:49 -------- d-----w- c:\program files\McAfee Security Scan
2010-12-11 20:33 . 2010-12-11 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-02 12:50 . 2010-12-02 12:50 -------- d-----w- c:\documents and settings\Freeman\Application Data\Malwarebytes
2010-12-02 12:50 . 2010-11-30 16:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 12:50 . 2010-12-02 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-02 12:50 . 2010-11-30 16:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 12:50 . 2010-12-02 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-01 14:52 . 2010-12-01 14:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-29 15:48 . 2010-12-01 14:51 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-29 12:54 . 2010-12-01 14:51 -------- d-s---w- c:\documents and settings\Administrator
2010-11-17 00:13 . 2010-11-17 00:13 -------- d-----w- c:\program files\Common Files\Napster Shared
2010-11-17 00:12 . 2010-11-17 00:12 -------- d-----w- c:\documents and settings\Freeman\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 20:33 . 2010-08-28 00:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 01:33 . 2009-10-30 14:35 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-10-03 17:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe" [2009-04-20 84464]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DataMngr"="c:\progra~1\BEARSH~1\MediaBar\\DataMngr\DataMngrUI.exe" [2010-02-23 786360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Freeman\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ZyXEL G-220 v2 Wireless Adapter Utility.lnk - c:\program files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe [2007-10-26 10891264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-09-28 20:02 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-04-19 19:45 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-01-19 17:48 323280 ----a-w- c:\program files\Napster\napster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ZyXEL\\ZyXEL G-220 v2 Wireless Adapter Utility\\ZyXEL G-220 v2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 98304]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\SYSTEM32\DRIVERS\WlanGZXP.SYS [10/26/2007 11:57 AM 402944]
S2 gupdate1c9961db71482c4;Google Update Service (gupdate1c9961db71482c4);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2009 8:17 PM 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe [8/13/2008 11:25 PM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/13/2008 11:24 PM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/13/2008 11:24 PM 170480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [8/13/2008 11:25 PM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [3/3/2009 9:58 PM 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by Belahzur on Mon Dec 13, 2010 11:41 pm

Please post the last bit of the log, it was cut off by the forum software.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Rest of log

Post by tbmjfreeman on Tue Dec 14, 2010 3:16 am

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 01:17]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 01:17]

2010-12-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-12 22:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????p???????????????X:??????????????????x????????:??x???????0???????????x???? ??x???x???h???x??????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4420cf70]
"imagepath"="\??\c:\windows\TEMP\25.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\62186838]
"imagepath"="\??\c:\windows\TEMP\4A.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\9a78ec60]
"imagepath"="\??\c:\windows\TEMP\38.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e73b610]
"imagepath"="\??\c:\windows\TEMP\72.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
Completion time: 2010-12-12 22:17:43
ComboFix-quarantined-files.txt 2010-12-13 03:17

Pre-Run: 36,410,871,808 bytes free
Post-Run: 36,597,342,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - ADDB6B6EC650461DC16054611F06D451

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by Belahzur on Tue Dec 14, 2010 11:47 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

The computer seems to be running fine. Here is the ESET log

Post by tbmjfreeman on Wed Dec 15, 2010 3:02 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=4299cae77443d746823760a56cfd2dce
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-15 02:48:21
# local_time=2010-12-14 09:48:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 100 100 0 21888103 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 9 34629188 59725267 0 0
# scanned=149206
# found=0
# cleaned=0
# scan_time=4578

tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

Re: Alureon.DX virus after ThinkPoint Removal

Post by Belahzur on Wed Dec 15, 2010 11:56 pm

Hello.

I see that you are running BearShare.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BearShare
    BearShare MediaBar
    MediaBar
    Viewpoint Media Player


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Removed BearShare Software

Post by tbmjfreeman on Thu Dec 16, 2010 12:20 am

Thanks for your help. I will purchase the Tips and Tricks book, hopefully it will help me avoid these situations again. Have a great Holiday season.


tbmjfreeman
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-12-11
OS : XP
Points : 21956
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum