Vundo Infection

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Vundo Infection don't know how to remove source of infection

#1 kierkan

New Member

Group: Members
Posts: 7
Joined: 06-November 09

Posted 06 November 2009 - 01:58 PM

Running Windows XP 2002 version, service pack 3

Antivirus Software Running:

McAfee
Spybot S&D
HijackThis
Teatimer
WinPatrol

Problem:

multiple .dll files are bing generated and trying to ad themselves as auto Startup Programs
plagued by popups and link hijacks

sample winpatrol alert:

A new auto Startup Program has been detected.
This program will run each time you login or restart your machine.

Do you approve the addition of this program startup setting?
Press YES if this program is expected and acceptable.

c:\windows\system32\dulojeni.dll,a
No Description found
Company name not included in this program

DDS.text log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 12:15:56.80 on Fri 11/06/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1054 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\DriveIcon\DriveIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner.Serenity\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX3414
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {1AC85D88-F777-471B-B541-48450C23F34D} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [Google Update] "c:\documents and settings\owner.serenity\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [PDF3 Registry Controller] "c:\program files\scansoft\pdf professional 3.0\\RegistryController.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [DriveIcons] c:\program files\driveicon\DriveIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [lapapipud] Rundll32.exe "c:\windows\system32\dulojeni.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\scansoft\pdf professional 3.0\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155603074640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
AppInit_DLLs: rafegoge.dll c:\windows\system32\ c:\windows\system32\dulojeni.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: loyululak - {ae5c751d-ddef-414b-b54b-5c4abf516e5f} - c:\windows\system32\dulojeni.dll
STS: jugezatag: {ae5c751d-ddef-414b-b54b-5c4abf516e5f} - c:\windows\system32\dulojeni.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli dijekaha.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.ser\applic~1\mozilla\firefox\profiles\8bu1jndm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\owner.serenity\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\owner.serenity\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2006-12-31 135168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-23 24652]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\owner~1.ser\locals~1\temp\cdrmkaun.sys --> c:\docume~1\owner~1.ser\locals~1\temp\cdrmkaun.sys [?]
S3 iComp;HP Analog TV Tuner;c:\windows\system32\drivers\yuanusbwdm.sys [2006-8-24 1555328]
S3 NuVision;Hauppauge WinTV USB (NTSC);c:\windows\system32\drivers\Nuvision.sys [2006-8-18 260144]
S3 XDva098;XDva098;\??\c:\windows\system32\xdva098.sys --> c:\windows\system32\XDva098.sys [?]
S4 0296171240286150mcinstcleanup;McAfee Application Installer Cleanup (0296171240286150);c:\windows\temp\029617~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\029617~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-11-06 01:41:46 69552 ---ha-w- c:\windows\MEMORY.DMP
2009-10-30 01:36:01 0 d-----w- c:\program files\Trend Micro
2009-10-16 03:24:08 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-10-16 03:24:08 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2009-10-16 03:24:07 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-10-16 03:24:07 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-10-16 03:24:06 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-10-16 03:06:49 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-16 03:06:47 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-10-16 03:06:44 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-10-16 03:06:43 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-10-16 03:06:38 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-10-16 03:06:38 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-10-16 03:06:37 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-16 03:06:37 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-10-16 03:06:36 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-10-16 03:06:36 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-10-16 03:06:36 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-10-16 00:59:13 0 d-----w- c:\program files\Firaxis Games
2009-10-16 00:56:08 0 d-----w- c:\program files\Alcohol Soft
2009-10-16 00:46:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-13 06:17:40 0 d-----w- C:\games
2009-10-11 18:10:04 0 d-----w- C:\pirates
2009-10-11 18:05:24 0 d-----w- c:\program files\DOSBox-0.73
2009-10-11 16:46:25 0 d-----w- C:\Downloads
2009-10-11 09:28:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2009-10-11 09:27:11 0 d-----w- c:\program files\Vuze
2009-10-11 05:33:38 0 d-----w- c:\program files\iPod
2009-10-11 05:33:30 0 d-----w- c:\program files\iTunes
2009-10-11 05:33:30 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2007-02-23 03:48:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-08-06 01:46:46 90112 --sha-w- c:\windows\system32\dapatudi.dll
2009-08-06 13:47:09 89600 --sha-w- c:\windows\system32\dulojeni.dll
2009-08-06 01:46:46 37888 --sha-w- c:\windows\system32\kufuzoku.dll
2009-08-05 01:46:04 38912 --sha-w- c:\windows\system32\nonebaku.dll
2009-07-26 08:32:19 92160 --sha-w- c:\windows\system32\safudude.dll
2009-08-05 13:46:23 89600 --sha-w- c:\windows\system32\tuyizizu.dll
2009-08-06 13:47:09 37888 --sha-w- c:\windows\system32\yaseviha.dll
2009-08-05 13:46:23 38912 --sha-w- c:\windows\system32\zapegisi.dll

============= FINISH: 12:17:25.76 ===============

Thank you in advance for any and all help

Attached File(s)

Attach.txt (11.36K)
Number of downloads: 0

#2 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 06 November 2009 - 06:31 PM

Hello!

My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

We need to create an OTL Report

Please download OTL from here
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Under the Custom Scan box paste this in

netsvcs
%systemdrive%\*.exe
%systemroot%\system32\drivers\*.sys
Click the "Quick Scan" button.
The scan should take just a few minutes.
Please copy and paste both logs back here in your next reply.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

========================================================

#3 kierkan

New Member

Group: Members
Posts: 7
Joined: 06-November 09

Posted 07 November 2009 - 12:56 AM

Thanks for your assistance. I had some trouble with installing and running malwarebytes but, OTL went fine. The below list is a quick and dirty log of what happened while i was following the steps you gave me:

downloaded mbam-setup.exe from original link and second mirror successfully.
Installed successfully of second downloaded .exe file.

New .dll file being blocked by winpatrol:

faviloze.dll

problem with install:

unable to execute file:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified

Problem with running Malwarebytes:

Error code: 707 (3,0)

Various Popups:

Download Registry Defender - Windows Internet Explorer
TheDailyHeralds.com | Finance | Finance - Windows Internet Explorer

And here's the OTL log:

OTL logfile created on: 11/7/2009 12:45:02 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner.Serenity\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 67.70% Memory free
3.19 Gb Paging File | 2.58 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.84 Gb Total Space | 19.46 Gb Free Space | 21.90% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 2.39 Gb Free Space | 55.45% Space Free | Partition Type: FAT32
Drive E: | 112.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGONFLY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
PRC - [2009/11/07 00:19:05 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/02 17:01:04 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 23:26:20 | 00,923,488 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcshell.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/16 20:15:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/30 13:58:57 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/04/27 13:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/03/17 00:07:50 | 00,655,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\DriveIcon\DriveIcon.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2003/01/01 23:07:25 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2002/03/08 02:33:10 | 00,300,544 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/03/08 02:30:24 | 00,169,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/12/12 19:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [2001/08/10 06:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
PRC - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
MOD - [2009/08/06 20:47:34 | 00,089,600 | -HS- | M] () -- C:\WINDOWS\system32\faviloze.dll
MOD - [2008/04/14 04:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0296171240286150mcinstcleanup)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\6to4svc.dll -- (6to4)
SRV - [2007/05/28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/10/05 19:26:18 | 00,024,072 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/04/27 13:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2003/08/27 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/01/01 23:07:25 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2002/03/08 02:33:10 | 00,300,544 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/08/10 06:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE -- (Speed Disk service)
SRV - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/30 13:59:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/04 22:10:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 00:21:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 00:19:14 | 00,000,000 | ---D | M]

[2009/09/23 19:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Extensions
[2009/09/23 19:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/06 15:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions
[2007/11/26 01:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/11/26 01:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
[2009/09/24 17:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2007/10/24 09:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/23 19:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{aae0f2a8-c136-48b3-aa32-636de15b2b26}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\savecomplete@perlprogrammer.com
[2007/11/26 01:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\stickis@activeweave.com
[2008/03/23 19:11:45 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\searchplugins\aolsearch.xml
[2008/08/29 10:01:37 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\searchplugins\siteadvisor.xml
[2009/11/06 15:22:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 00:19:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/17 05:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/06 08:44:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/10/01 06:16:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/07 00:19:05 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 00:19:05 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/09/03 12:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/07/26 18:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006/05/17 12:09:22 | 00,484,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/07 00:19:07 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/01/30 13:59:39 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/11 00:30:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/11 00:30:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/11 00:30:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2008/01/30 14:00:26 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/01/30 13:59:17 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\WebBrowser: (no name) - {1AC85D88-F777-471B-B541-48450C23F34D} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\WebBrowser: (no name) - {968631B6-4729-440D-9BF4-251F5593EC9A} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DriveIcons] C:\Program Files\DriveIcon\DriveIcon.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lapapipud] C:\WINDOWS\System32\faviloze.DLL ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006..\Run: [Google Update] C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 101 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 101 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 102 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 102 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: 102 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1155603074640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.16.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (rafegoge.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - C:\WINDOWS\System32\ [2009/11/07 00:11:37 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (c:\windows\system32\faviloze.dll) - C:\WINDOWS\system32\faviloze.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O21 - SSODL: dafidoyab - {0f0c3302-25bd-4f5f-a65b-36fc416a3c0c} - C:\WINDOWS\system32\faviloze.dll ()
O22 - SharedTaskScheduler: {0f0c3302-25bd-4f5f-a65b-36fc416a3c0c} - tokatiluy - C:\WINDOWS\system32\faviloze.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2005/07/24 10:33:58 | 00,000,053 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell - "" = AutoRun
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\Shell - "" = AutoRun
O33 - MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e38b16d7-6598-11dc-bd1f-0003253c2750}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - C:\WINDOWS\system32\6to4svc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/01/09 20:12:02 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/07 00:43:27 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
[2009/11/07 00:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Serenity\Application Data\Malwarebytes
[2009/11/07 00:29:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 00:28:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 00:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/07 00:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/07 00:25:07 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Serenity\Desktop\mbam-setup.exe
[2009/10/29 20:46:08 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Serenity\Desktop\spybotsd162.exe
[2009/10/29 20:36:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2007/02/22 22:49:06 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Owner.Serenity\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Serenity\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
[2009/11/07 00:37:49 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Serenity\Desktop\mbam-setup.exe
[2009/11/07 00:36:56 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\ralivaso
[2009/11/07 00:33:56 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 00:33:33 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\NTUSER.DAT
[2009/11/07 00:13:33 | 00,013,939 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/07 00:13:15 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 00:11:50 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/07 00:11:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 00:11:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 18:57:20 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/11/06 17:17:32 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/11/04 06:51:26 | 00,002,737 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/01 21:39:59 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\My Documents\(TCNJ) essay rewrite.doc
[2009/11/01 20:49:01 | 00,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 20:49:01 | 00,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 20:49:01 | 00,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 00:00:09 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/31 21:59:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/29 20:56:53 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Serenity\Desktop\spybotsd162.exe
[2009/10/29 20:36:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Desktop\HijackThis.lnk
[2009/10/29 20:02:51 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Serenity\ntuser.ini
[2009/10/28 20:44:27 | 01,578,024 | -H-- | M] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\IconCache.db
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Owner.Serenity\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Serenity\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/07 00:29:03 | 00,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 21:39:59 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\My Documents\(TCNJ) essay rewrite.doc
[2009/10/29 20:36:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Desktop\HijackThis.lnk
[2009/10/15 19:46:36 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/06 20:47:34 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\faviloze.dll
[2009/08/06 20:47:33 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\gutasima.dll
[2009/08/06 08:47:09 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\yaseviha.dll
[2009/08/05 20:46:46 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\kufuzoku.dll
[2009/08/05 08:46:23 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\tuyizizu.dll
[2009/08/05 08:46:23 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\zapegisi.dll
[2009/08/04 20:46:04 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\nonebaku.dll
[2009/07/26 15:33:12 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\dijekaha.dll
[2009/07/26 03:32:19 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\safudude.dll
[2008/11/26 23:44:03 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/09/09 12:33:49 | 00,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/09/03 23:34:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DarkStone.INI
[2008/08/12 20:56:38 | 00,000,398 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/03/23 18:57:32 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2008/03/05 15:01:36 | 01,578,024 | -H-- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\IconCache.db
[2008/01/13 13:08:20 | 00,000,153 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2007/12/27 22:38:51 | 00,000,092 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/10/18 01:15:01 | 00,000,756 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/18 12:08:52 | 00,000,104 | ---- | C] () -- C:\WINDOWS\OPHD.ini
[2007/06/18 09:56:27 | 00,000,300 | ---- | C] () -- C:\WINDOWS\OPLS.INI
[2007/03/26 10:45:18 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/02/20 14:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/17 21:30:50 | 00,000,082 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2007/02/10 22:56:32 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/24 15:56:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2007/01/10 23:53:36 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/10 23:18:56 | 00,000,103 | ---- | C] () -- C:\WINDOWS\OPHG.ini
[2007/01/08 15:39:49 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Application Data\wklnhst.dat
[2007/01/05 14:53:30 | 00,151,602 | ---- | C] () -- C:\WINDOWS\System32\pspnt.dll
[2007/01/05 14:52:07 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/01/05 14:52:07 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/01/05 14:52:07 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/01/05 14:52:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2007/01/05 14:52:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/01/05 14:52:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/01/05 14:52:04 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/01/05 14:52:04 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/01/05 14:52:02 | 00,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2007/01/05 14:51:44 | 00,000,447 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/05 14:51:44 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/05 14:51:43 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/05 14:21:58 | 00,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2006/11/12 17:04:00 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2006/10/16 23:20:01 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/10/01 23:21:00 | 00,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/24 21:09:06 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/09/24 21:02:33 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/09/10 19:33:40 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/09/04 17:51:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/30 23:37:35 | 00,002,737 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 09:18:19 | 00,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2006/08/18 09:18:18 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\NT_Tuner.dll
[2006/08/09 09:03:02 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/08 00:20:16 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/07 23:55:00 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\fusioncache.dat
[2006/08/04 20:36:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner.Serenity\Application Data\desktop.ini
[2006/08/04 20:35:59 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/28 20:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/01/12 12:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 00,001,274 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 00,000,514 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:33 | 00,001,204 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 18:48:30 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/09 12:00:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/01 23:08:26 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2003/01/01 22:53:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/01 22:25:25 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2003/01/01 22:25:24 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/01/01 22:25:23 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/01/01 22:25:21 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/01/01 22:25:18 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2001/09/18 11:00:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/11/10 14:18:48 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2003/01/01 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/11/26 23:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/11 04:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/04/18 15:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BeInSync Settings
[2008/08/23 03:30:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/08/12 20:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/03/14 19:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2008/08/29 09:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/01/08 13:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/04/18 15:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/09 22:01:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/08 08:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/11/26 23:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/18 15:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/10/11 00:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2003/01/01 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2008/12/16 02:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/11/26 23:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\acccore
[2009/11/06 03:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Azureus
[2007/10/02 21:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\bang
[2009/02/05 01:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\CiscoCAA
[2009/05/29 23:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\GetRightToGo
[2007/05/20 16:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Inspiration Software
[2009/01/09 21:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Jane s Hotel
[2006/08/11 11:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Leadertech
[2007/02/28 19:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\OverDrive
[2007/07/11 05:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\PersonalBrain
[2008/11/26 23:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\QQ Games Plugin
[2003/01/01 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SampleView
[2008/05/25 17:29:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SecuROM
[2009/01/11 20:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Sierra Entertainment
[2008/08/24 18:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SPORE Creature Creator
[2008/05/25 17:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SystemRequirementsLab
[2008/11/26 23:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Tencent
[2007/03/07 17:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\TuneUp Software
[2007/05/22 08:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Uniblue
[2007/07/24 10:56:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\webex
[2008/08/25 00:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Windows Desktop Search
[2008/08/29 10:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Windows Search
[2008/08/25 01:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\WinPatrol
[2009/08/03 00:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Wizards of the Coast
[2007/04/18 15:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Zeon
[2009/11/06 17:17:32 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2004/08/10 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/15 00:37:49 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 00:00:09 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/07 00:11:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2001/08/17 23:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS
[2008/04/13 13:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/10 14:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2001/08/18 00:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\adpu160m.sys
[2008/04/13 11:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 05:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 13:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2006/11/28 19:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys
[2001/08/17 23:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aha154x.sys
[2001/08/18 00:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78u2.sys
[2001/08/18 00:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys
[2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys
[2008/04/13 13:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 13:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 13:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2005/03/09 18:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys
[2001/08/17 23:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amsint.sys
[2008/04/13 13:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys
[2001/08/17 23:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asc3350p.sys
[2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys
[2003/01/01 23:04:07 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2005/11/21 00:48:21 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS
[2008/04/13 13:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:29:30 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 21:29:30 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 21:29:30 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 21:29:32 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 21:29:32 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 21:29:32 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 21:29:32 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 21:29:32 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 21:29:32 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 21:29:32 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 21:29:28 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 21:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 21:29:28 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 21:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 21:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 21:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 21:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 21:29:32 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 21:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 21:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 21:29:32 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 21:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 13:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/10 14:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 13:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/10 14:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 15:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2008/04/13 13:36:32 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\battc.sys
[2005/02/01 14:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm42rly.sys
[2004/08/10 14:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 13:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2000/07/24 01:01:00 | 00,019,537 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BRPAR.SYS
[2008/04/13 13:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 13:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 13:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 13:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 13:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2001/08/17 23:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 13:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2001/08/17 23:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys
[2004/08/10 14:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 14:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2005/11/03 03:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2005/11/03 03:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/10 14:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 14:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008/04/13 13:36:37 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cmbatt.sys
[2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys
[2008/04/13 13:36:37 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\compbatt.sys
[2001/08/17 23:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cpqarray.sys
[2004/08/10 14:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 13:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2005/05/16 00:30:00 | 00,016,000 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctpdusb.sys
[2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys
[2001/08/17 23:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dac960nt.sys
[2008/04/13 13:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 13:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 13:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 13:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 13:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2001/08/18 00:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dpti2o.sys
[2008/04/13 13:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 13:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/08/10 14:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 13:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/10 14:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2008/04/13 14:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 13:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 13:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 13:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 13:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/10 14:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/10 14:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2001/08/17 23:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 13:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2005/01/07 20:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008/04/13 13:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 13:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 13:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 13:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 13:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2001/08/18 00:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hpn.sys
[2004/08/03 21:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2008/04/13 13:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 13:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omgmt.sys
[2008/04/13 13:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omp.sys
[2008/04/13 14:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008/04/13 13:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2001/08/17 23:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ini910u.sys
[2008/04/13 13:40:29 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 13:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/10 14:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 13:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 13:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 14:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys
[2008/04/13 13:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 13:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 13:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2008/04/13 13:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 14:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 06:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2007/07/23 09:23:44 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys
[2007/07/23 09:23:46 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys
[2007/07/23 09:23:46 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2004/08/10 14:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 21:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 13:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys
[2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys
[2004/08/10 13:45:04 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mhndrv.sys
[2004/08/10 14:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 14:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 13:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 12:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 13:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys
[2008/04/13 13:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys
[2008/04/13 13:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 13:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 13:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 13:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 13:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 13:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 13:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 13:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 21:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:38 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 14:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 13:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys
[2008/04/13 13:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 13:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys
[2008/04/13 13:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 13:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 14:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 13:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 13:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 14:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 13:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/10 14:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2001/08/10 06:00:00 | 00,034,354 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS
[2008/04/13 13:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004/08/10 14:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2005/07/08 15:40:42 | 00,260,144 | ---- | M] (Hauppauge Computer Works) -- C:\WINDOWS\system32\drivers\Nuvision.sys
[2006/04/27 13:48:00 | 03,659,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2006/05/09 18:20:38 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys
[2006/05/09 18:20:40 | 00,013,184 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys
[2006/05/09 18:20:22 | 00,304,896 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnrm.sys
[2006/03/06 16:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsmu.sys
[2006/05/09 18:20:10 | 00,222,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsnpu.sys
[2006/05/09 18:20:30 | 00,101,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvtcp.sys
[2004/08/10 14:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/10 14:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/10 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/10 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 13:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2001/09/18 11:00:00 | 00,167,816 | ---- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\system32\drivers\omcamvid.sys
[2004/08/10 14:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2001/09/18 11:00:00 | 00,024,438 | ---- | M] (OmniVision Technologies, Inc) -- C:\WINDOWS\system32\drivers\ovtcamd.sys
[2008/04/13 13:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 13:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 13:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/10 14:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 13:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 23:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 13:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 13:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2001/08/18 00:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2.sys
[2001/08/18 00:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2hib.sys
[2008/04/13 14:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 13:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2005/11/03 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/09 17:40:58 | 00,013,792 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\qdfsdrv.sys
[2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys
[2001/08/17 23:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql10wnt.sys
[2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys
[2001/08/17 23:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql1240.sys
[2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys
[2004/08/10 14:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 14:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 13:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 14:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/10 14:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/10 14:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 14:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/10 14:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 13:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 19:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 13:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 13:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004/08/10 14:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/10 14:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 09:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 13:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 13:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2008/05/14 10:25:28 | 00,308,992 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\rtl8185.sys
[2005/12/15 20:00:14 | 00,022,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RTSTOR.sys
[2004/08/03 21:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 13:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2009/04/21 14:45:07 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 13:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 14:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 13:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 13:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 13:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 13:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 13:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 21:41:42 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:46 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 13:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/10 14:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 13:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys
[2008/04/13 13:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2009/10/15 19:46:36 | 00,721,904 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2008/04/13 13:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2006/06/15 18:28:04 | 01,179,784 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys
[2008/04/13 13:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 13:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 13:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 13:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys
[2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys
[2001/10/14 03:58:08 | 00,057,968 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys
[2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys
[2005/10/07 15:37:50 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys
[2008/04/13 14:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 13:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 06:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 14:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 19:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 19:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 19:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/10 14:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2001/08/17 23:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\toside.sys
[2004/08/10 14:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 13:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 13:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys
[2008/04/13 13:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008/04/13 13:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 13:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 13:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/10 14:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 13:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 13:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 13:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 13:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 13:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 13:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 13:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 13:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/10 14:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 13:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 13:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 13:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys
[2008/04/13 13:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 13:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 13:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:42 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 13:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys
[2004/08/03 21:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 14:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/10 14:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 19:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/10 14:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 13:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 17:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 18:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys
[2006/08/24 14:42:40 | 01,555,328 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\yuanusbwdm.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C647387D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE253B51
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86A8CE8D
< End of report >

this is the extras.txt that popped up as well

OTL Extras logfile created on: 11/7/2009 12:45:02 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner.Serenity\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 67.70% Memory free
3.19 Gb Paging File | 2.58 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.84 Gb Total Space | 19.46 Gb Free Space | 21.90% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 2.39 Gb Free Space | 55.45% Space Free | Partition Type: FAT32
Drive E: | 112.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGONFLY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1041480197\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1041480197\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\FolderShare\FolderShare.exe" = C:\Program Files\FolderShare\FolderShare.exe:*:Enabled:FolderShare -- File not found
"E:\setup.exe" = E:\setup.exe:*:Enabled:Wireless Print Server Setup Wizard -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Okidata\Network Card Setup\NICSettingTool.exe" = C:\Program Files\Okidata\Network Card Setup\NICSettingTool.exe:*:Enabled:Network Card Setup -- (Oki Data Corproation)
"C:\Program Files\Adobe\Photoshop 7.0\ImageReady.exe" = C:\Program Files\Adobe\Photoshop 7.0\ImageReady.exe:LocalSubNet:Enabled:Adobe ImageReady 7.0 -- (Adobe Systems Incorporated)
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Gateway\HPA\gwmenu.exe" = C:\Program Files\Gateway\HPA\gwmenu.exe:*:Enabled:HPA/SCCD/SRCD New Code -- (Gateway Computers)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe:*:Enabled:winpatrol -- (BillP Studios)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14293B41-F4B6-4FEE-BBF9-A43074C6DBB8}" = MindMapper 5.0
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{1A91342B-042E-46B3-AD06-897FF1BAC8F4}" = OKI C3400n Status Monitor
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{29BB5153-133B-4C82-AF51-BF303F2BFD63}" = King's Quest Collection™
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D66DF18-032A-4E3A-9534-1A32866785ED}" = Oki Network Card Setup
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{43C3D832-AC96-463A-8FE4-1B8D1BFA2FAS}" = Norton SystemWorks 2002
"{5380B111-5047-413D-A6E5-70D69391D08E}" = ebgcRes
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736CE9DD-F589-485B-ACFF-78C235A57066}" = WinPatrol 2007 Step 2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9BF65-46AC-4803-82AA-14EFCA927789}" = HP Scanjet 4070
"{826FBE05-4D09-401A-BF2D-DDA85F590688}" = ScanSoft PDF Professional 3.0
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B667052-ECC4-41F2-9490-BA4F2FA0C580}" = hpg4070
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7CF16D0-D3E9-4BCA-818E-41118C857EDD}" = Atlantica Online
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat Reader 3.02" = Adobe Acrobat Reader 3.02
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_6" = AIM 6
"BelkinPort" = BelkinPort Monitor
"BigFix" = BigFix
"Brother HL-5140" = Brother HL-5140
"C3400 UserGuide" = C3400 UserGuide
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"FontPage_is1" = FontPage 3.0.2
"Foxit Reader" = Foxit Reader
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_VideoWave_V1_0" = MGI VideoWave SE+ (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton CleanSweep" = Norton CleanSweep
"Norton Speed Disk" = Norton Speed Disk 6.0 for Windows NT
"Norton Utilities" = Norton Utilities 2002 for Windows
"NVIDIA Drivers" = NVIDIA Drivers
"Paradise_is1" = Paradise
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 6.0" = RealPlayer
"Smart Audio Converter_is1" = Smart Audio Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol 2007" = WinPatrol 2007 Restore/Remove First
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2009 9:08:36 PM | Computer Name = DRAGONFLY | Source = Google Update | ID = 20
Description =

Error - 10/31/2009 7:11:57 PM | Computer Name = DRAGONFLY | Source = Google Update | ID = 20
Description =

Error - 11/1/2009 6:23:20 PM | Computer Name = DRAGONFLY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2560 (0xa00) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\SETUPAPI.DLL

by C:\Program Files\Java\jre6\bin\jqs.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 11/1/2009 9:46:13 PM | Computer Name = DRAGONFLY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/1/2009 9:46:13 PM | Computer Name = DRAGONFLY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2009 12:05:17 AM | Computer Name = DRAGONFLY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2009 6:59:04 AM | Computer Name = DRAGONFLY | Source = Application Hang | ID = 1002
Description = Hanging application Civ4BeyondSword.exe, version 3.0.3.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2009 12:20:22 PM | Computer Name = DRAGONFLY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3472 (0xd90) Thread address : 0x02325A07 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\Explorer.EXE

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 11/5/2009 12:39:21 PM | Computer Name = DRAGONFLY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2009 1:11:57 AM | Computer Name = DRAGONFLY | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 11/5/2009 9:41:45 PM | Computer Name = DRAGONFLY | Source = nv | ID = 262252
Description = The driver nv4_disp for the display device \Device\Video0 got stuck
in an infinite loop. This usually indicates a problem with the device itself or
with the device driver programming the hardware incorrectly. Please check with your
hardware
device vendor for any driver updates.

Error - 11/6/2009 1:16:00 PM | Computer Name = DRAGONFLY | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.

Error - 11/6/2009 7:57:49 PM | Computer Name = DRAGONFLY | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 11/6/2009 7:57:49 PM | Computer Name = DRAGONFLY | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 11/6/2009 7:58:24 PM | Computer Name = DRAGONFLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 11/7/2009 1:12:29 AM | Computer Name = DRAGONFLY | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 11/7/2009 1:12:29 AM | Computer Name = DRAGONFLY | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 11/7/2009 1:12:52 AM | Computer Name = DRAGONFLY | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 11/7/2009 1:13:15 AM | Computer Name = DRAGONFLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 11/7/2009 1:41:56 AM | Computer Name = DRAGONFLY | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.

< End of report >

Thank you again for your help Sam. Let me know what parts of the fixing summary are unneccesary so i can keep the post as concise as possible for you

#4 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 07 November 2009 - 09:24 AM

That's excellent! Just keep doing exactly what you have been.

Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:

ViewpointMediaPlayer
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2

Before running this next step we need to disable Winpatrol so it doesn't interfere with the fix.
Right-click the running icon of Winpatrol in the sytem tray and choose exit.

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2009/08/06 20:47:34 | 00,089,600 | -HS- | M] () -- C:\WINDOWS\system32\faviloze.dll
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\WebBrowser: (no name) - {1AC85D88-F777-471B-B541-48450C23F34D} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..\Toolbar\WebBrowser: (no name) - {968631B6-4729-440D-9BF4-251F5593EC9A} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lapapipud] C:\WINDOWS\System32\faviloze.DLL ()
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (rafegoge.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\faviloze.dll) - C:\WINDOWS\system32\faviloze.dll ()
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O21 - SSODL: dafidoyab - {0f0c3302-25bd-4f5f-a65b-36fc416a3c0c} - C:\WINDOWS\system32\faviloze.dll ()
O22 - SharedTaskScheduler: {0f0c3302-25bd-4f5f-a65b-36fc416a3c0c} - tokatiluy - C:\WINDOWS\system32\faviloze.dll ()
O33 - MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\Shell - "" = AutoRun
O33 - MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e38b16d7-6598-11dc-bd1f-0003253c2750}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Owner.Serenity\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Serenity\My Documents\*.tmp -> ]
[2009/08/06 20:47:34 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\faviloze.dll
[2009/08/06 20:47:33 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\gutasima.dll
[2009/08/06 08:47:09 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\yaseviha.dll
[2009/08/05 20:46:46 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\kufuzoku.dll
[2009/08/05 08:46:23 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\tuyizizu.dll
[2009/08/05 08:46:23 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\zapegisi.dll
[2009/08/04 20:46:04 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\nonebaku.dll
[2009/07/26 15:33:12 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\dijekaha.dll
[2009/07/26 03:32:19 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\safudude.dll

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
You will get a log that shows the results of the fix. Please post it.
Then also run and post a new OTL log.

#5 kierkan

New Member

Group: Members
Posts: 7
Joined: 06-November 09

Posted 07 November 2009 - 11:52 AM

I'm including a list of notable popups, a new .dll file being picked up by winpatrol and the McAfee scan that ran automatically last night:

Popups:

Free Dell XPS M1530 - Windows Internet Explorer
Facebook Rewards - Windows Internet Explorer
Smacchat NCAA Football Blog - Windows Internet Explorer

new .dll files:

wekenopo.dll

McAfee Automatic Scan details from last night

c:\documents and settings\owner.serenity\applicationdata\winpatrol\vault\dokupoye.dll.tmp (Vundo.gen.cc) Repaired

c:\documents and settings\owner.serenity\applicationdata\winpatrol\vault\zzdokupoye.dll.tmp.bak_ (Vundo.gen.cc) Quarantined

c:\windows\system32\dijekaha.dll (Vundo.gen.ab) scan after restart

CLSID\{0f0c3302-25bd-4f5f-a65b-36fc416a3c0c}\InprocServer32 (Artemis! 48DADB293738) quarantined

HKCR\CLSID\{0f0c3302-25bd-4f5f-a65b-36fc416a3c0c}\InprocServer32 (Artemis! 48DADB293738) quarantined

CLSID\{0f0c3302-25bd-4f5f-a65b-36fc416a3c0c}\InprocServer32 (Artemis! 48DADB293738) quarantined

HKCR\CLSID\{0f0c3302-25bd-4f5f-a65b-36fc416a3c0c}\InprocServer32 (Artemis! 48DADB293738) quarantined

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lapapipud (Artemis! 48DADB293738) quarantined

C:\WINDOWS\SYSTEM32\FAVILOZE.DLL (Artemis! 48DADB293738) scan after restart

As for how the fix went:

Begin Fix Procedure (detailed in previous post)

Add/Remove programs step went off without a hitch
OTL code pasted and RunFix went well, McAfee logo box popped up during temp file clear but i didn't notice a problem
new file appeared on my desktop after reboot (Thumbs.db)
let me know if you need it attached or posted

.
got this popup again when i went to post this reply (Free Dell XPS M1530 - Windows Internet Explorer)

Reboot OTL Log:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1AC85D88-F777-471B-B541-48450C23F34D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC85D88-F777-471B-B541-48450C23F34D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{968631B6-4729-440D-9BF4-251F5593EC9A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{968631B6-4729-440D-9BF4-251F5593EC9A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lapapipud deleted successfully.
C:\WINDOWS\system32\faviloze.dll moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:rafegoge.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\faviloze.dll deleted successfully.
File C:\WINDOWS\system32\faviloze.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\dafidoyab not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f0c3302-25bd-4f5f-a65b-36fc416a3c0c}\ not found.
File C:\WINDOWS\system32\faviloze.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0f0c3302-25bd-4f5f-a65b-36fc416a3c0c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f0c3302-25bd-4f5f-a65b-36fc416a3c0c}\ not found.
File C:\WINDOWS\system32\faviloze.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e38b16d6-6598-11dc-bd1f-0003253c2750}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e38b16d6-6598-11dc-bd1f-0003253c2750}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e38b16d6-6598-11dc-bd1f-0003253c2750}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e38b16d6-6598-11dc-bd1f-0003253c2750}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e38b16d7-6598-11dc-bd1f-0003253c2750}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e38b16d7-6598-11dc-bd1f-0003253c2750}\ not found.
File C:\RECYCLED\appmgmt.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET425.tmp deleted successfully.
C:\WINDOWS\System32\SET426.tmp deleted successfully.
C:\WINDOWS\System32\SET428.tmp deleted successfully.
C:\WINDOWS\System32\SET429.tmp deleted successfully.
C:\WINDOWS\System32\SET42A.tmp deleted successfully.
C:\WINDOWS\System32\SET42C.tmp deleted successfully.
C:\WINDOWS\System32\SET42E.tmp deleted successfully.
C:\WINDOWS\System32\SET42F.tmp deleted successfully.
C:\WINDOWS\System32\SET430.tmp deleted successfully.
C:\WINDOWS\System32\SET433.tmp deleted successfully.
C:\WINDOWS\System32\SET436.tmp deleted successfully.
C:\WINDOWS\System32\SET437.tmp deleted successfully.
C:\WINDOWS\System32\SET439.tmp deleted successfully.
C:\WINDOWS\System32\SET43B.tmp deleted successfully.
C:\WINDOWS\System32\SET43C.tmp deleted successfully.
C:\WINDOWS\System32\SET43D.tmp deleted successfully.
C:\WINDOWS\System32\SET43E.tmp deleted successfully.
C:\WINDOWS\System32\SET43F.tmp deleted successfully.
C:\WINDOWS\System32\SET440.tmp deleted successfully.
C:\WINDOWS\System32\SET444.tmp deleted successfully.
C:\WINDOWS\System32\SET445.tmp deleted successfully.
C:\WINDOWS\System32\SET446.tmp deleted successfully.
C:\WINDOWS\System32\SET447.tmp deleted successfully.
C:\WINDOWS\System32\SET448.tmp deleted successfully.
C:\WINDOWS\System32\SET449.tmp deleted successfully.
C:\WINDOWS\System32\SET44A.tmp deleted successfully.
C:\WINDOWS\System32\SET44B.tmp deleted successfully.
C:\WINDOWS\System32\SET44C.tmp deleted successfully.
C:\WINDOWS\System32\SET44D.tmp deleted successfully.
C:\WINDOWS\System32\SET44E.tmp deleted successfully.
C:\WINDOWS\System32\SET450.tmp deleted successfully.
C:\WINDOWS\System32\SET451.tmp deleted successfully.
C:\WINDOWS\System32\SET452.tmp deleted successfully.
C:\WINDOWS\System32\SET454.tmp deleted successfully.
C:\WINDOWS\System32\SET476.tmp deleted successfully.
C:\WINDOWS\System32\SET477.tmp deleted successfully.
C:\WINDOWS\System32\SET4A4.tmp deleted successfully.
C:\WINDOWS\System32\SET4AF.tmp deleted successfully.
C:\WINDOWS\System32\SET4BB.tmp deleted successfully.
C:\WINDOWS\System32\SET4CC.tmp deleted successfully.
C:\WINDOWS\System32\SET4CE.tmp deleted successfully.
C:\WINDOWS\System32\SET4DD.tmp deleted successfully.
C:\WINDOWS\System32\SET81.tmp deleted successfully.
C:\WINDOWS\System32\SET8D.tmp deleted successfully.
C:\WINDOWS\System32\SET96.tmp deleted successfully.
C:\WINDOWS\System32\SET97.tmp deleted successfully.
C:\WINDOWS\System32\SET98.tmp deleted successfully.
C:\WINDOWS\System32\SET99.tmp deleted successfully.
C:\WINDOWS\System32\SET9B.tmp deleted successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\000002_.tmp deleted successfully.
C:\WINDOWS\000003_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\dllcache\SET400.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET40C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET40F.tmp deleted successfully.
C:\Documents and Settings\Owner.Serenity\My Documents\~WRL0341.tmp deleted successfully.
File C:\WINDOWS\System32\faviloze.dll not found.
C:\WINDOWS\system32\gutasima.dll moved successfully.
C:\WINDOWS\system32\yaseviha.dll moved successfully.
C:\WINDOWS\system32\kufuzoku.dll moved successfully.
C:\WINDOWS\system32\tuyizizu.dll moved successfully.
C:\WINDOWS\system32\zapegisi.dll moved successfully.
C:\WINDOWS\system32\nonebaku.dll moved successfully.
C:\WINDOWS\system32\dijekaha.dll moved successfully.
C:\WINDOWS\system32\safudude.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 249247 bytes
->FireFox cache emptied: 1076018 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 396289231 bytes

User: Owner

User: Owner.Serenity
->Temp folder emptied: 2524938 bytes
->Temporary Internet Files folder emptied: 242922914 bytes
->Java cache emptied: 53122460 bytes
->FireFox cache emptied: 58153678 bytes
->Google Chrome cache emptied: 9113943 bytes
->Apple Safari cache emptied: 14859713 bytes

User: OWNER~1~SER

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 241251 bytes
RecycleBin emptied: 461667311 bytes

Total Files Cleaned = 1182.92 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11072009_112601

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcmsc_1tRlkelGUYxHBbt not found!
File\Folder C:\WINDOWS\temp\mcmsc_3pEan1tRtFA3jEd not found!
File\Folder C:\WINDOWS\temp\mcmsc_3pEan1tRtFA3jEd-journal not found!
File\Folder C:\WINDOWS\temp\mcmsc_xX1iBnCi7NhoJM6 not found!

Registry entries deleted on Reboot...

New OTL log after reboot and scan <quick scan with all users box checked>:

OTL logfile created on: 11/7/2009 11:39:43 AM - Run 2
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner.Serenity\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 58.32% Memory free
3.19 Gb Paging File | 2.57 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.84 Gb Total Space | 19.94 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 2.39 Gb Free Space | 55.45% Space Free | Partition Type: FAT32
Drive E: | 112.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGONFLY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
PRC - [2009/11/02 17:01:04 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/09 13:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/09 13:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/16 20:15:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/30 13:58:57 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/04/27 13:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/03/17 00:07:50 | 00,655,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\DriveIcon\DriveIcon.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2003/08/27 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE
PRC - [2003/01/01 23:07:25 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2002/03/08 02:33:10 | 00,300,544 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/03/08 02:30:24 | 00,169,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/12/12 19:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [2001/08/10 06:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
PRC - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
MOD - [2009/08/07 08:47:48 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\system32\wekenopo.dll
MOD - [2008/04/14 04:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0296171240286150mcinstcleanup)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\6to4svc.dll -- (6to4)
SRV - [2007/05/28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/10/05 19:26:18 | 00,024,072 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/04/27 13:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2003/08/27 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/01/01 23:07:25 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2002/03/08 02:33:10 | 00,300,544 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/08/10 06:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE -- (Speed Disk service)
SRV - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3414
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\S-1-5-21-3809071761-2721935120-1864773369-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/30 13:59:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/04 22:10:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 00:21:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 11:20:41 | 00,000,000 | ---D | M]

[2009/09/23 19:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Extensions
[2009/09/23 19:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/07 02:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions
[2007/11/26 01:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/11/26 01:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
[2009/09/24 17:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2007/10/24 09:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/23 19:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{aae0f2a8-c136-48b3-aa32-636de15b2b26}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\savecomplete@perlprogrammer.com
[2007/11/26 01:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\stickis@activeweave.com
[2008/03/23 19:11:45 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\searchplugins\aolsearch.xml
[2008/08/29 10:01:37 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\searchplugins\siteadvisor.xml
[2009/11/07 11:24:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 00:19:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/01 06:16:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/07 00:19:05 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 00:19:05 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/09/03 12:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/07/26 18:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006/05/17 12:09:22 | 00,484,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/07 00:19:07 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/01/30 13:59:39 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/11 00:30:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/11 00:30:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/11 00:30:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2008/01/30 14:00:26 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/01/30 13:59:17 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DriveIcons] C:\Program Files\DriveIcon\DriveIcon.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [lapapipud] C:\WINDOWS\System32\wekenopo.DLL ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006..\Run: [Google Update] C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 101 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 101 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 102 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 102 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3809071761-2721935120-1864773369-1006\..Trusted Domains: 102 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1155603074640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\) - C:\WINDOWS\System32\ [2009/11/07 11:26:05 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (c:\windows\system32\wekenopo.dll) - C:\WINDOWS\system32\wekenopo.dll ()
O20 - AppInit_DLLs: (rafegoge.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: nijakolut - {c42dddee-2c4d-4221-b6b7-81cd7b7fb761} - C:\WINDOWS\system32\wekenopo.dll ()
O22 - SharedTaskScheduler: {c42dddee-2c4d-4221-b6b7-81cd7b7fb761} - gahurihor - C:\WINDOWS\system32\wekenopo.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2005/07/24 10:33:58 | 00,000,053 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell - "" = AutoRun
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/07 11:26:01 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/07 00:43:27 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
[2009/11/07 00:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Serenity\Application Data\Malwarebytes
[2009/11/07 00:29:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 00:28:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 00:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/07 00:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/07 00:25:07 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Serenity\Desktop\mbam-setup.exe
[2009/10/29 20:46:08 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Serenity\Desktop\spybotsd162.exe
[2009/10/29 20:36:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2007/02/22 22:49:06 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/11/07 11:30:57 | 00,013,939 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/07 11:30:42 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/07 11:30:15 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 11:29:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 11:29:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/07 11:27:54 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\NTUSER.DAT
[2009/11/07 11:27:54 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Serenity\ntuser.ini
[2009/11/07 11:19:22 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\ralivaso
[2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
[2009/11/07 00:37:49 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Serenity\Desktop\mbam-setup.exe
[2009/11/07 00:33:56 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 18:57:20 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/11/06 17:17:32 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/11/04 06:51:26 | 00,002,737 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/01 21:39:59 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\My Documents\(TCNJ) essay rewrite.doc
[2009/11/01 20:49:01 | 00,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 20:49:01 | 00,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 20:49:01 | 00,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 00:00:09 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/31 21:59:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/29 20:56:53 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Serenity\Desktop\spybotsd162.exe
[2009/10/29 20:36:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Desktop\HijackThis.lnk
[2009/10/28 20:44:27 | 01,578,024 | -H-- | M] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\IconCache.db

========== Files Created - No Company Name ==========

[2009/11/07 00:29:03 | 00,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 21:39:59 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\My Documents\(TCNJ) essay rewrite.doc
[2009/10/29 20:36:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Desktop\HijackThis.lnk
[2009/10/15 19:46:36 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/07 08:47:48 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\wekenopo.dll
[2009/08/07 08:47:48 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\desoyahi.dll
[2008/11/26 23:44:03 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/09/09 12:33:49 | 00,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/09/03 23:34:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DarkStone.INI
[2008/08/12 20:56:38 | 00,000,398 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/03/23 18:57:32 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2008/03/05 15:01:36 | 01,578,024 | -H-- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\IconCache.db
[2008/01/13 13:08:20 | 00,000,153 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2007/12/27 22:38:51 | 00,000,092 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/10/18 01:15:01 | 00,000,756 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/18 12:08:52 | 00,000,104 | ---- | C] () -- C:\WINDOWS\OPHD.ini
[2007/06/18 09:56:27 | 00,000,300 | ---- | C] () -- C:\WINDOWS\OPLS.INI
[2007/03/26 10:45:18 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/02/20 14:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/17 21:30:50 | 00,000,082 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2007/02/10 22:56:32 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/24 15:56:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2007/01/10 23:53:36 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/10 23:18:56 | 00,000,103 | ---- | C] () -- C:\WINDOWS\OPHG.ini
[2007/01/08 15:39:49 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Application Data\wklnhst.dat
[2007/01/05 14:53:30 | 00,151,602 | ---- | C] () -- C:\WINDOWS\System32\pspnt.dll
[2007/01/05 14:52:07 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/01/05 14:52:07 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/01/05 14:52:07 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/01/05 14:52:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2007/01/05 14:52:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/01/05 14:52:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/01/05 14:52:04 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/01/05 14:52:04 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/01/05 14:52:02 | 00,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2007/01/05 14:51:44 | 00,000,447 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/05 14:51:44 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/05 14:51:43 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/05 14:21:58 | 00,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2006/11/12 17:04:00 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2006/10/16 23:20:01 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/10/01 23:21:00 | 00,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/24 21:09:06 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/09/24 21:02:33 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/09/10 19:33:40 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/09/04 17:51:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/30 23:37:35 | 00,002,737 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 09:18:19 | 00,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2006/08/18 09:18:18 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\NT_Tuner.dll
[2006/08/09 09:03:02 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/08 00:20:16 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/07 23:55:00 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\fusioncache.dat
[2006/08/04 20:36:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner.Serenity\Application Data\desktop.ini
[2006/08/04 20:35:59 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/28 20:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/01/12 12:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 00,001,274 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 00,000,514 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:33 | 00,001,204 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 18:48:30 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/09 12:00:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/01 23:08:26 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2003/01/01 22:53:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/01 22:25:25 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2003/01/01 22:25:24 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/01/01 22:25:23 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/01/01 22:25:21 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/01/01 22:25:18 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2001/09/18 11:00:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/11/10 14:18:48 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2003/01/01 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/11/26 23:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/11 04:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/04/18 15:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BeInSync Settings
[2008/08/23 03:30:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/08/12 20:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/03/14 19:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2008/08/29 09:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/01/08 13:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/04/18 15:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/09 22:01:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/08 08:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/11/07 11:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/18 15:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/10/11 00:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2003/01/01 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2008/12/16 02:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/11/26 23:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\acccore
[2009/11/06 03:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Azureus
[2007/10/02 21:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\bang
[2009/02/05 01:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\CiscoCAA
[2009/05/29 23:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\GetRightToGo
[2007/05/20 16:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Inspiration Software
[2009/01/09 21:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Jane s Hotel
[2006/08/11 11:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Leadertech
[2007/02/28 19:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\OverDrive
[2007/07/11 05:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\PersonalBrain
[2008/11/26 23:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\QQ Games Plugin
[2003/01/01 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SampleView
[2008/05/25 17:29:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SecuROM
[2009/01/11 20:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Sierra Entertainment
[2008/08/24 18:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SPORE Creature Creator
[2008/05/25 17:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SystemRequirementsLab
[2008/11/26 23:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Tencent
[2007/03/07 17:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\TuneUp Software
[2007/05/22 08:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Uniblue
[2007/07/24 10:56:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\webex
[2008/08/25 00:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Windows Desktop Search
[2008/08/29 10:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Windows Search
[2008/08/25 01:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\WinPatrol
[2009/08/03 00:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Wizards of the Coast
[2007/04/18 15:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Zeon
[2009/11/06 17:17:32 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2004/08/10 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/15 00:37:49 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 00:00:09 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/07 11:29:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C647387D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE253B51
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86A8CE8D
< End of report >

Thanks for your help. Laptop's running faster already

This post has been edited by kierkan: 07 November 2009 - 12:00 PM

#6 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 07 November 2009 - 05:31 PM

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2009/08/07 08:47:48 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\system32\wekenopo.dll
O4 - HKLM..\Run: [lapapipud] C:\WINDOWS\System32\wekenopo.DLL ()
O20 - AppInit_DLLs: (c:\windows\system32\wekenopo.dll) - C:\WINDOWS\system32\wekenopo.dll ()
O20 - AppInit_DLLs: (rafegoge.dll) - File not found
O21 - SSODL: nijakolut - {c42dddee-2c4d-4221-b6b7-81cd7b7fb761} - C:\WINDOWS\system32\wekenopo.dll ()
O22 - SharedTaskScheduler: {c42dddee-2c4d-4221-b6b7-81cd7b7fb761} - gahurihor - C:\WINDOWS\system32\wekenopo.dll ()
[2009/08/07 08:47:48 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\wekenopo.dll
[2009/08/07 08:47:48 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\desoyahi.dll

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
You will get a log that shows the results of the fix. Please post it.
Then also run and post a new OTL log.

After rebooting, try running Malwarebytes again.
If successful, please post the resulting log.

#7 kierkan

New Member

Group: Members
Posts: 7
Joined: 06-November 09

Posted 08 November 2009 - 12:14 AM

ran the fix, no problems. Got Malwarebytes to run and removed a bunch of stuff. the logs are below:

first OTL log

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lapapipud not found.
File C:\WINDOWS\System32\wekenopo.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wekenopo.dll deleted successfully.
File C:\WINDOWS\system32\wekenopo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:rafegoge.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\nijakolut deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c42dddee-2c4d-4221-b6b7-81cd7b7fb761}\ deleted successfully.
File C:\WINDOWS\system32\wekenopo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{c42dddee-2c4d-4221-b6b7-81cd7b7fb761} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c42dddee-2c4d-4221-b6b7-81cd7b7fb761}\ not found.
File C:\WINDOWS\system32\wekenopo.dll not found.
File C:\WINDOWS\System32\wekenopo.dll not found.
File C:\WINDOWS\System32\desoyahi.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: Owner.Serenity
->Temp folder emptied: 802 bytes
->Temporary Internet Files folder emptied: 470292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32665299 bytes
->Google Chrome cache emptied: 40188626 bytes
->Apple Safari cache emptied: 0 bytes

User: OWNER~1~SER

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 83064 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70.04 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11072009_192033

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL log after reboot:

OTL logfile created on: 11/7/2009 7:27:31 PM - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner.Serenity\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 63.27% Memory free
3.19 Gb Paging File | 2.61 Gb Available in Paging File | 81.72% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.84 Gb Total Space | 18.13 Gb Free Space | 20.41% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 2.39 Gb Free Space | 55.45% Space Free | Partition Type: FAT32
Drive E: | 112.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGONFLY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
PRC - [2009/11/02 17:01:04 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/09 13:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/09 13:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/16 20:15:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/30 13:58:57 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007/02/12 08:17:02 | 00,267,840 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/04/27 13:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/03/17 00:07:50 | 00,655,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\DriveIcon\DriveIcon.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2003/08/27 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE
PRC - [2003/01/01 23:07:25 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2002/03/08 02:33:10 | 00,300,544 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/03/08 02:30:24 | 00,169,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/12/12 19:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [2001/08/10 06:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
PRC - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
MOD - [2008/04/14 04:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/02/12 08:17:10 | 00,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0296171240286150mcinstcleanup)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\6to4svc.dll -- (6to4)
SRV - [2007/05/28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/10/05 19:26:18 | 00,024,072 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/04/27 13:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2003/08/27 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/01/01 23:07:25 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2002/03/08 02:33:10 | 00,300,544 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/08/10 06:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE -- (Speed Disk service)
SRV - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/30 13:59:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/04 22:10:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 00:21:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 11:20:41 | 00,000,000 | ---D | M]

[2009/09/23 19:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Extensions
[2009/09/23 19:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/07 02:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions
[2007/11/26 01:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/11/26 01:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
[2009/09/24 17:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2007/10/24 09:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/23 19:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\{aae0f2a8-c136-48b3-aa32-636de15b2b26}
[2007/10/24 09:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\savecomplete@perlprogrammer.com
[2007/11/26 01:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\extensions\stickis@activeweave.com
[2008/03/23 19:11:45 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\searchplugins\aolsearch.xml
[2008/08/29 10:01:37 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Application Data\Mozilla\Firefox\Profiles\8bu1jndm.default\searchplugins\siteadvisor.xml
[2009/11/07 12:49:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 00:19:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/01 06:16:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/07 00:19:05 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 00:19:05 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/09/03 12:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/07/26 18:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006/05/17 12:09:22 | 00,484,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/07 00:19:07 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/01/30 13:59:39 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/11 00:30:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/11 00:30:15 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/11 00:30:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/11 00:30:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2008/01/30 14:00:26 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/01/30 13:59:17 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DriveIcons] C:\Program Files\DriveIcon\DriveIcon.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 102 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1155603074640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2005/07/24 10:33:58 | 00,000,053 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell - "" = AutoRun
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b57ba10-cbd8-11dd-bdf8-0003253c2750}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/07 11:26:01 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/07 00:43:27 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
[2009/11/07 00:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Serenity\Application Data\Malwarebytes
[2009/11/07 00:29:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 00:28:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 00:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/07 00:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/07 00:25:07 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Serenity\Desktop\mbam-setup.exe
[2009/10/29 20:46:08 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Serenity\Desktop\spybotsd162.exe
[2009/10/29 20:36:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2007/02/22 22:49:06 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/11/07 19:23:47 | 00,013,939 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/07 19:23:07 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 19:22:35 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/07 19:22:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 19:22:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/07 19:20:54 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\NTUSER.DAT
[2009/11/07 19:20:54 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Serenity\ntuser.ini
[2009/11/07 19:03:11 | 01,578,446 | -H-- | M] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\IconCache.db
[2009/11/07 11:19:22 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\ralivaso
[2009/11/07 00:43:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Serenity\Desktop\OTL.exe
[2009/11/07 00:37:49 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Serenity\Desktop\mbam-setup.exe
[2009/11/07 00:33:56 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 18:57:20 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/11/06 17:17:32 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/11/04 06:51:26 | 00,002,737 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/01 21:39:59 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\My Documents\(TCNJ) essay rewrite.doc
[2009/11/01 20:49:01 | 00,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 20:49:01 | 00,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 20:49:01 | 00,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 00:00:09 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/31 21:59:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/29 20:56:53 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Serenity\Desktop\spybotsd162.exe
[2009/10/29 20:36:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.Serenity\Desktop\HijackThis.lnk

========== Files Created - No Company Name ==========

[2009/11/07 00:29:03 | 00,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 21:39:59 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\My Documents\(TCNJ) essay rewrite.doc
[2009/10/29 20:36:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Desktop\HijackThis.lnk
[2009/10/15 19:46:36 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/26 23:44:03 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/09/09 12:33:49 | 00,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/09/03 23:34:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DarkStone.INI
[2008/08/12 20:56:38 | 00,000,398 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/03/23 18:57:32 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2008/03/05 15:01:36 | 01,578,446 | -H-- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\IconCache.db
[2008/01/13 13:08:20 | 00,000,153 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2007/12/27 22:38:51 | 00,000,092 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/10/18 01:15:01 | 00,000,756 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/18 12:08:52 | 00,000,104 | ---- | C] () -- C:\WINDOWS\OPHD.ini
[2007/06/18 09:56:27 | 00,000,300 | ---- | C] () -- C:\WINDOWS\OPLS.INI
[2007/03/26 10:45:18 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/02/20 14:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/17 21:30:50 | 00,000,082 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2007/02/10 22:56:32 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/24 15:56:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2007/01/10 23:53:36 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/10 23:18:56 | 00,000,103 | ---- | C] () -- C:\WINDOWS\OPHG.ini
[2007/01/08 15:39:49 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Application Data\wklnhst.dat
[2007/01/05 14:53:30 | 00,151,602 | ---- | C] () -- C:\WINDOWS\System32\pspnt.dll
[2007/01/05 14:52:07 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/01/05 14:52:07 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/01/05 14:52:07 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/01/05 14:52:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2007/01/05 14:52:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/01/05 14:52:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/01/05 14:52:04 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/01/05 14:52:04 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/01/05 14:52:02 | 00,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2007/01/05 14:51:44 | 00,000,447 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/05 14:51:44 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/05 14:51:43 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/05 14:21:58 | 00,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2006/11/12 17:04:00 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2006/10/16 23:20:01 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/10/01 23:21:00 | 00,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/24 21:09:06 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/09/24 21:02:33 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/09/10 19:33:40 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/09/04 17:51:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/30 23:37:35 | 00,002,737 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 09:18:19 | 00,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2006/08/18 09:18:18 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\NT_Tuner.dll
[2006/08/09 09:03:02 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/08 00:20:16 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/07 23:55:00 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\fusioncache.dat
[2006/08/04 20:36:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner.Serenity\Application Data\desktop.ini
[2006/08/04 20:35:59 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Owner.Serenity\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/28 20:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/01/12 12:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 00,001,274 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 00,000,514 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:33 | 00,001,204 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 18:48:30 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/09 12:00:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/01 23:08:26 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2003/01/01 22:53:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/01 22:25:25 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2003/01/01 22:25:24 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/01/01 22:25:23 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/01/01 22:25:21 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/01/01 22:25:18 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2001/09/18 11:00:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/11/10 14:18:48 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/11/26 23:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/11 04:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/04/18 15:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BeInSync Settings
[2008/08/23 03:30:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/08/12 20:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/03/14 19:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2008/08/29 09:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/01/08 13:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/04/18 15:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/09 22:01:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/08 08:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/11/07 11:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/18 15:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/10/11 00:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/11/26 23:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\acccore
[2009/11/06 03:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Azureus
[2007/10/02 21:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\bang
[2009/02/05 01:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\CiscoCAA
[2009/05/29 23:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\GetRightToGo
[2007/05/20 16:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Inspiration Software
[2009/01/09 21:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Jane s Hotel
[2006/08/11 11:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Leadertech
[2007/02/28 19:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\OverDrive
[2007/07/11 05:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\PersonalBrain
[2008/11/26 23:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\QQ Games Plugin
[2003/01/01 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SampleView
[2008/05/25 17:29:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SecuROM
[2009/01/11 20:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Sierra Entertainment
[2008/08/24 18:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SPORE Creature Creator
[2008/05/25 17:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\SystemRequirementsLab
[2008/11/26 23:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Tencent
[2007/03/07 17:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\TuneUp Software
[2007/05/22 08:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Uniblue
[2007/07/24 10:56:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\webex
[2008/08/25 00:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Windows Desktop Search
[2008/08/29 10:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Windows Search
[2008/08/25 01:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\WinPatrol
[2009/08/03 00:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Wizards of the Coast
[2007/04/18 15:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Serenity\Application Data\Zeon
[2009/11/06 17:17:32 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2004/08/10 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/15 00:37:49 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 00:00:09 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/07 19:22:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C647387D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE253B51
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86A8CE8D
< End of report >

Malwarbytes log

Malwarebytes' Anti-Malware 1.41
Database version: 3119
Windows 5.1.2600 Service Pack 3

11/7/2009 10:35:20 PM
mbam-log-2009-11-07 (22-35-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 355513
Time elapsed: 2 hour(s), 54 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\_OTL\MovedFiles\11072009_112601\C_WINDOWS\system32\dijekaha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_112601\C_WINDOWS\system32\kufuzoku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_112601\C_WINDOWS\system32\nonebaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_112601\C_WINDOWS\system32\safudude.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_112601\C_WINDOWS\system32\tuyizizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_112601\C_WINDOWS\system32\yaseviha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_112601\C_WINDOWS\system32\zapegisi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

This post has been edited by kierkan: 08 November 2009 - 12:31 AM

#8 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 08 November 2009 - 11:08 AM

Your logs look pretty good to me. How is your computer behaving now?

#9 kierkan

New Member

Group: Members
Posts: 7
Joined: 06-November 09

Posted 08 November 2009 - 01:43 PM

working great

. you guys were fantastic. Thank you so much. You kept me from reformatting my hardrive and reloading all my backup. Thanks again.

#10 Buckeye_Sam

Malware Expert

Group: Malware Response Team
Posts: 17,382
Joined: 23-December 04
Gender:Male
Location:Pickerington, Ohio

Posted 09 November 2009 - 07:38 AM

I'm glad I could help you out.

It's time to clean up.

Make sure you have an Internet Connection.
Double-click OTL.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

================

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

You can find instructions on how to enable and reenable system restore here:

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.