Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS log


  • This topic is locked This topic is locked
12 replies to this topic

#1 dacer123

dacer123

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 25 April 2009 - 09:42 PM

Here is the DDS log that everyone posts. I hope I'm doing this right. The problem I'm having is that my computer hangs and is extremely slow for the first 20 minutes after booting, mostly once I open my IE. After it gets done doing whatever it's doing that is hanging the system, it seems to run fine. I'm thinking something in the background is trying to do something and it's consuming resources. I've tried to defrag the system in safe mode. I also ran a system scan with my McAfee that came installed with my comcast cable internet service. I also ran Startup Inspector, but it doesn't show anything.

Here's my DDS log. I'll do the HIJACK this log in my next post so you have everything you need.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/5/2005 11:37:12 PM
System Uptime: 4/25/2009 7:27:33 PM (3 hours ago)

Motherboard: Dell Inc. | | 0J8885
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 28.872 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP747: 2/23/2009 9:18:07 PM - Software Distribution Service 3.0
RP748: 2/24/2009 8:16:12 PM - Software Distribution Service 3.0
RP749: 2/25/2009 8:43:07 PM - System Checkpoint
RP750: 2/25/2009 9:01:18 PM - Software Distribution Service 3.0
RP751: 2/26/2009 5:42:08 PM - Software Distribution Service 3.0
RP752: 2/26/2009 10:51:27 PM - Software Distribution Service 3.0
RP753: 2/28/2009 9:28:59 AM - Software Distribution Service 3.0
RP754: 2/28/2009 10:40:53 PM - Software Distribution Service 3.0
RP755: 3/2/2009 6:47:34 AM - Software Distribution Service 3.0
RP756: 3/3/2009 5:26:35 PM - Software Distribution Service 3.0
RP757: 3/3/2009 5:30:12 PM - Software Distribution Service 3.0
RP758: 3/3/2009 9:34:07 PM - Software Distribution Service 3.0
RP759: 3/4/2009 9:33:24 PM - Software Distribution Service 3.0
RP760: 3/5/2009 5:34:39 PM - Software Distribution Service 3.0
RP761: 3/5/2009 8:28:29 PM - Software Distribution Service 3.0
RP762: 3/7/2009 8:44:55 AM - Software Distribution Service 3.0
RP763: 3/7/2009 7:16:10 PM - Software Distribution Service 3.0
RP764: 3/7/2009 11:10:04 PM - Software Distribution Service 3.0
RP765: 3/8/2009 8:02:10 PM - Software Distribution Service 3.0
RP766: 3/10/2009 8:13:52 PM - Software Distribution Service 3.0
RP767: 3/12/2009 5:19:09 PM - Software Distribution Service 3.0
RP768: 3/12/2009 7:24:00 PM - Software Distribution Service 3.0
RP769: 3/12/2009 8:32:29 PM - Software Distribution Service 3.0
RP770: 3/14/2009 8:39:32 AM - Software Distribution Service 3.0
RP771: 3/15/2009 8:20:34 AM - Software Distribution Service 3.0
RP772: 3/15/2009 9:29:02 PM - Software Distribution Service 3.0
RP773: 3/17/2009 7:02:56 PM - Software Distribution Service 3.0
RP774: 3/17/2009 10:22:59 PM - Software Distribution Service 3.0
RP775: 3/19/2009 5:17:52 PM - Software Distribution Service 3.0
RP776: 3/19/2009 5:22:13 PM - Software Distribution Service 3.0
RP777: 3/19/2009 8:43:43 PM - Software Distribution Service 3.0
RP778: 3/19/2009 9:24:04 PM - Software Distribution Service 3.0
RP779: 3/20/2009 9:52:16 PM - Software Distribution Service 3.0
RP780: 3/22/2009 8:14:27 AM - Software Distribution Service 3.0
RP781: 3/22/2009 9:47:46 PM - Software Distribution Service 3.0
RP782: 3/23/2009 5:36:40 PM - Software Distribution Service 3.0
RP783: 3/23/2009 5:41:09 PM - Software Distribution Service 3.0
RP784: 3/24/2009 6:20:43 PM - Software Distribution Service 3.0
RP785: 3/24/2009 8:53:37 PM - Software Distribution Service 3.0
RP786: 3/25/2009 9:19:41 PM - Cleaned registry with Windows Live OneCare safety scanner
RP787: 3/25/2009 9:32:08 PM - Software Distribution Service 3.0
RP788: 3/26/2009 6:31:16 PM - Software Distribution Service 3.0
RP789: 3/27/2009 4:42:48 PM -
RP790: 3/27/2009 4:43:54 PM - Software Distribution Service 3.0
RP791: 3/27/2009 5:06:44 PM - Uninstall
RP792: 3/27/2009 5:10:34 PM -
RP793: 3/28/2009 9:01:57 AM - Software Distribution Service 3.0
RP794: 3/28/2009 12:32:52 PM - Software Distribution Service 3.0
RP795: 3/29/2009 1:37:34 PM - System Checkpoint
RP796: 3/29/2009 9:35:32 PM - Software Distribution Service 3.0
RP797: 3/30/2009 9:05:35 PM - Software Distribution Service 3.0
RP798: 3/30/2009 9:38:08 PM - Uninstall
RP799: 3/30/2009 9:40:13 PM - Software Distribution Service 3.0
RP800: 3/31/2009 9:40:27 PM - Software Distribution Service 3.0
RP801: 3/31/2009 11:05:20 PM - Printer Driver Microsoft XPS Document Writer Installed
RP802: 4/1/2009 6:39:53 AM - Printer Driver Microsoft XPS Document Writer Installed
RP803: 4/1/2009 6:46:55 AM - Software Distribution Service 3.0
RP804: 4/1/2009 5:33:22 PM - Software Distribution Service 3.0
RP805: 4/1/2009 9:25:40 PM - Software Distribution Service 3.0
RP806: 4/2/2009 6:24:17 PM - Software Distribution Service 3.0
RP807: 4/2/2009 9:04:53 PM - Software Distribution Service 3.0
RP808: 4/4/2009 10:22:02 AM - Software Distribution Service 3.0
RP809: 4/4/2009 10:49:28 AM - Software Distribution Service 3.0
RP810: 4/4/2009 1:39:24 PM - Software Distribution Service 3.0
RP811: 4/4/2009 3:21:48 PM - Software Distribution Service 3.0
RP812: 4/5/2009 8:51:52 AM - Software Distribution Service 3.0
RP813: 4/5/2009 9:04:44 PM - Software Distribution Service 3.0
RP814: 4/5/2009 10:03:29 PM - Software Distribution Service 3.0
RP815: 4/6/2009 7:49:22 PM - Software Distribution Service 3.0
RP816: 4/6/2009 8:55:11 PM - Software Distribution Service 3.0
RP817: 4/9/2009 9:27:13 PM - Software Distribution Service 3.0
RP818: 4/11/2009 7:58:34 AM - Software Distribution Service 3.0
RP819: 4/12/2009 1:43:33 PM - Software Distribution Service 3.0
RP820: 4/12/2009 6:34:47 PM - Software Distribution Service 3.0
RP821: 4/13/2009 11:57:35 AM - Software Distribution Service 3.0
RP822: 4/13/2009 12:07:49 PM - Software Distribution Service 3.0
RP823: 4/14/2009 8:03:48 PM - Software Distribution Service 3.0
RP824: 4/16/2009 6:45:48 PM - System Checkpoint
RP825: 4/16/2009 10:24:36 PM - Software Distribution Service 3.0
RP826: 4/18/2009 11:39:08 AM - System Checkpoint
RP827: 4/19/2009 3:00:28 AM - Software Distribution Service 3.0
RP828: 4/19/2009 9:39:20 PM - Software Distribution Service 3.0
RP829: 4/21/2009 5:29:20 PM - Software Distribution Service 3.0
RP830: 4/21/2009 10:00:42 PM - Software Distribution Service 3.0
RP831: 4/22/2009 6:26:04 PM - Software Distribution Service 3.0
RP832: 4/23/2009 4:39:33 PM - Software Distribution Service 3.0
RP833: 4/23/2009 4:53:09 PM - Software Distribution Service 3.0
RP834: 4/23/2009 10:03:17 PM - Software Distribution Service 3.0
RP835: 4/25/2009 11:02:59 AM - Software Distribution Service 3.0
RP836: 4/25/2009 5:31:56 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Access Drivers
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
All American Trophy Bass 2
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
ATI Control Panel
ATI Display Driver
Cabela's Big Game Hunter 2006 Season
Cabela's Big Game Hunter III
Cabela's Grand Slam
Caillou® Party Fun & Games™
CCScore
Comcast High-Speed Internet Install Wizard
Cook'n Simple Home Cooking
Data Desk/XL
Deal Info
Deer's Revenge
Deer's Revenge XP Sp2 Fix
Deer Avenger 2
Deer Hunter 4
Deer Hunter Demo
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support Center
Dell System Restore
DellSupport
Demolition Champions
Desktop Doctor
Detective Barbie® 2 The Vacation Mystery™
Dirt Track Racing 2
Dora's Carnival 2: Boardwalk Adventure
DTR Pinball 1.0d
Duck Hunter Pro
Dynasty (remove only)
Easy Chef's - Low Calorie
Escape From Paradise (remove only)
ESSBrwr
ESSCDBK
ESScore
Essentials of Health Information Management
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ExamView Pro
Express Dictate Uninstall
Express Scribe
FA Alphabet and Numbers
fflink
Field & Stream® Trophy Bass 3D
Fisher-Price® Ready for Preschool
Get High Speed Internet!
Go, Diego, Go!: Safari Rescue
Harry Potter
Harry Potter and the Prisoner of Azkaban™
Harry Potter II
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hunting Expedition Pack
Hunting Unlimited
Hunting Unlimited 4 1.0
Indeo® software
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
JumpStart PreSchool v1.4
jv16 PowerTools 2008
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Leadfoot
LeapFrog® LeapPrint
Learn2 Player (Uninstall Only)
Lexmark 2300 Series
Lexmark Fax Solutions
Macromedia Flash Player
McAfee SecurityCenter
McAfee Shredder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Standard for Students and Teachers
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser
Millennium Gamepak Gold
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Muppet Babies - Air, Land and Sea
Muppet Babies - Sorting and Thinking
Musicmatch for Windows Media Player
Musicmatch® Jukebox
My Way Search Assistant
netbrdg
NetZero
NetZeroInstallers
Offroad Arena
OfotoXMI
Photo Click
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
Rapala Pro Fishing
Real Pool
RealPlayer
Saturday Night Speedway
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
Shockwave
skin0001
SKINXSDK
SmartFTP Client
SmartFTP Client 2.5 Setup Files (remove only)
SmartFTP Client 3.0 Setup Files (remove only)
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
staticcr
The Print Shop
Tiger Woods 99 PGA TOUR Golf
Titanic
tooltips
Ulead Photo Explorer 8.0 SE Basic
Uninstall Startup Inspector
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
USA Bass
VPRINTOL
WCW Nitro PC
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WIRELESS
Works Upgrade
Yahoo! Messenger
Zoboomafoo Animal Alphabet™

==== Event Viewer Messages From Past Week ========

4/20/2009 10:28:53 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2009 8:38:00 AM, error: Service Control Manager [7022] - The McAfee Real-time Scanner service hung on starting.
4/18/2009 8:35:48 AM, error: Print [23] - Printer Export To Web failed to initialize because a suitable Web Export driver could not be found.

==== End Of File ===========================

Attached Files


Edited by dacer123, 25 April 2009 - 09:46 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:37 PM

Posted 07 May 2009 - 09:21 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 dacer123

dacer123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 09 May 2009 - 08:55 PM

Here's the log you requested.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Casey Broom at 21:50:17.84 on Sat 05/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.140 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Casey Broom\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {4316CFAD-3CC2-463F-8111-70976DB7F7DF} - No File
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\x1IEBHO.dll
BHO: {68E17D34-DB68-4A06-8DA7-31D8430E0C4F} - No File
BHO: {7370F91F-6994-4595-9949-601FA2261C8D} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search - ?p=ZSzed055YYUS_ZC
IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238547890905
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AutorunsDisabled - rqRKASlL.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyxVmlk

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-21 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-21 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-10-21 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-21 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-21 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-21 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-21 40488]
S3 gel90xne;gel90xne;c:\docume~1\mitchb~1\locals~1\temp\gel90xne.sys [2004-9-13 15872]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-21 33832]
S4 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]

=============== Created Last 30 ================

2009-04-26 19:17 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-26 19:17 1,409 a------- c:\windows\QTFont.for
2009-04-16 18:01 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 18:01 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 18:01 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 18:01 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 18:01 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 18:01 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 18:01 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 18:01 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 18:01 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 18:01 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:52 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 17:52 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 17:52 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-07 18:16 42,902 a------- c:\docume~1\caseyb~1\applic~1\wklnhst.dat
2009-05-04 21:12 101,128 a------- c:\docume~1\caseyb~1\applic~1\GDIPFONTCACHEV1.DAT
2009-04-26 20:32 6,921,327 a------- c:\windows\PUZZLES.DAT
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2006-08-27 21:21 32 a----r-- c:\documents and settings\all users\hash.dat
2006-04-13 22:15 97,280 a------- c:\program files\Group Fantastic.ppt
2006-02-05 21:56 563,712 a------- c:\documents and settings\casey broom\370_gotomypc.exe
2006-01-25 18:26 774,144 a------- c:\program files\RngInterstitial.dll
2008-11-19 18:09 23 a--sh--- c:\windows\system32\bfdabf4_z.dll
2005-09-04 22:01 178,718 a--sh--- c:\windows\system32\edeeg.bak1
2005-09-06 18:14 179,711 a--sh--- c:\windows\system32\edeeg.bak2
2008-08-03 22:43 749,530 a--sh--- c:\windows\system32\klmVxyxx.ini2
2008-09-29 15:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 21:52:01.14 ===============

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:37 PM

Posted 10 May 2009 - 11:18 AM

Hello, dacer123 :thumbup2:
We need to back up your registry
  • Please download ERUNT and save it to your desktop.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 dacer123

dacer123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 11 May 2009 - 05:10 PM

Here is the OTListIT:

OTListIt logfile created on: 5/11/2009 5:27:44 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Casey Broom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.07 Mb Total Physical Memory | 98.19 Mb Available Physical Memory | 19.25% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.54 Gb Total Space | 29.66 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
Drive D: | 254.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROOM1
Current User Name: Casey Broom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/03/30 04:57:08 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2007/01/16 14:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/03/23 00:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/09 07:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2006/11/03 20:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/04/24 13:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/01/16 14:59:50 | 04,838,952 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2006/11/30 22:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/11 17:27:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey Broom\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (ACDaemon [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/03/30 04:57:08 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/07/25 15:25:18 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcgcoms.exe -- (lxcg_device [On_Demand | Stopped])
SRV - [2007/01/16 14:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 10:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/03/30 05:03:06 | 01,035,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/04/22 04:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/10/14 21:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/09/13 03:39:26 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Mitch Broom\Local Settings\Temp\gel90xne.sys -- (gel90xne [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 13:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2007/07/13 07:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/11/02 16:12:14 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 20:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/05/13 11:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 11:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/03/31 20:22:16 | 00,180,096 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2005/05/31 06:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2008/07/12 09:36:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/31 22:28:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {4316CFAD-3CC2-463F-8111-70976DB7F7DF} - Reg Error: Key error. File not found
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (United Online, Inc.)
O2 - BHO: (no name) - {68E17D34-DB68-4A06-8DA7-31D8430E0C4F} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {7370F91F-6994-4595-9949-601FA2261C8D} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZSzed055YYUS_ZC File not found
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228" (United Online, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227" (United Online, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 87 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 87 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 87 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 87 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..Trusted Domains: 88 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1238547890905 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:AutorunsDisabled () -
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxVmlk) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/15 06:45:38 | 00,000,000 | R--D | M] - D:\AutoPlay.kit -- [ CDFS ]
O32 - AutoRun File - [2004/11/03 06:10:15 | 00,675,840 | R--- | M] (School Zone Interactive) - D:\Autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2004/12/14 12:24:22 | 00,001,534 | R--- | M] () - D:\Autoplay.ini -- [ CDFS ]
O32 - AutoRun File - [2004/12/14 12:22:47 | 00,000,125 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/05/11 17:27:13 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Casey Broom\Desktop\OTListIt2.exe
[2009/05/11 17:26:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/11 17:25:23 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Casey Broom\Desktop\NTREGOPT.lnk
[2009/05/11 17:25:23 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Casey Broom\Desktop\ERUNT.lnk
[2009/05/11 17:25:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/11 17:23:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Casey Broom\Desktop\erunt-setup.exe
[2009/04/26 19:17:21 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/26 19:17:21 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/25 22:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Casey Broom\Local Settings\Apps
[2009/04/16 18:01:39 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 18:01:38 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 18:01:38 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 18:01:38 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 18:01:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 18:01:37 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 18:01:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 18:01:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 18:01:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 18:01:34 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 17:52:13 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 17:52:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 17:52:06 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 21:28:53 | 00,062,330 | ---- | C] () -- C:\Documents and Settings\Casey Broom\My Documents\February bank statement.pdf
[2009/04/15 21:28:30 | 00,065,475 | ---- | C] () -- C:\Documents and Settings\Casey Broom\My Documents\March bank statement.pdf
[2009/03/07 21:33:06 | 00,000,051 | ---- | C] () -- C:\WINDOWS\SSAWDEMO.INI
[2008/11/19 18:09:35 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\bfdabf4_z.dll
[2008/08/03 14:01:46 | 01,487,974 | -HS- | C] () -- C:\WINDOWS\System32\ovblvben.ini
[2008/08/03 14:00:19 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/07/31 19:13:23 | 01,487,914 | -HS- | C] () -- C:\WINDOWS\System32\fkeanuhe.ini
[2008/07/30 20:47:12 | 00,749,530 | -HS- | C] () -- C:\WINDOWS\System32\klmVxyxx.ini2
[2008/07/30 20:47:11 | 00,749,530 | -HS- | C] () -- C:\WINDOWS\System32\klmVxyxx.ini
[2007/08/05 12:05:43 | 00,000,409 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2007/08/05 11:26:30 | 00,000,095 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2007/03/17 15:13:37 | 00,000,896 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
[2007/03/17 15:13:33 | 00,000,144 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
[2007/03/17 15:13:11 | 00,000,373 | ---- | C] () -- C:\WINDOWS\SETUPEXE.INI
[2007/03/05 13:34:28 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/14 10:13:29 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/13 21:24:38 | 00,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2006/10/10 22:39:46 | 00,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006/09/01 17:41:43 | 00,000,073 | ---- | C] () -- C:\WINDOWS\PUZZLES.INI
[2006/08/10 11:01:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/08 17:37:44 | 00,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/07/28 21:34:14 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/28 18:14:26 | 00,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/28 18:14:24 | 00,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2006/07/28 16:01:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Export to web.INI
[2006/07/28 16:00:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2006/07/26 21:10:08 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/06/10 20:42:31 | 00,002,793 | ---- | C] () -- C:\WINDOWS\SportballChallenge.ini
[2006/05/13 22:14:25 | 00,000,396 | ---- | C] () -- C:\WINDOWS\LuckyStreakPoker.ini
[2006/05/07 15:33:41 | 00,000,524 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2006/04/30 15:31:36 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Preschol.ini
[2006/04/30 13:35:28 | 00,000,698 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/03/19 10:45:58 | 00,000,059 | ---- | C] () -- C:\WINDOWS\dhp.ini
[2006/02/26 16:13:37 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/02/26 16:13:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/02/22 22:20:59 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/01/08 12:26:31 | 00,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/11/21 21:25:30 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/11/21 21:23:57 | 00,000,558 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/09/06 21:05:43 | 00,000,072 | ---- | C] () -- C:\WINDOWS\DREVENGE.INI
[2005/09/04 22:01:00 | 00,179,579 | -HS- | C] () -- C:\WINDOWS\System32\edeeg.ini
[2005/08/28 20:27:24 | 00,000,340 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/23 21:15:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/08/18 17:27:25 | 00,000,243 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/12 18:19:43 | 00,000,373 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/08/06 11:46:36 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/08/06 11:41:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/03 20:23:37 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/03 20:18:22 | 00,000,504 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/03 20:14:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/03 19:46:30 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/25 15:31:30 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/07/25 15:27:22 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/07/25 15:26:58 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/07/25 15:25:26 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/07/25 15:24:46 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/07/25 15:24:14 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/07/25 15:19:36 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2005/07/07 05:12:28 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2005/05/19 19:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,525 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/10 19:55:38 | 00,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/03/22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/11 17:27:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey Broom\Desktop\OTListIt2.exe
[2009/05/11 17:25:23 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Desktop\NTREGOPT.lnk
[2009/05/11 17:25:23 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Desktop\ERUNT.lnk
[2009/05/11 17:23:33 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Casey Broom\Desktop\erunt-setup.exe
[2009/05/11 16:56:26 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/11 16:55:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/11 16:55:07 | 00,017,563 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/11 16:53:34 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Casey Broom\Local Settings\desktop.ini
[2009/05/11 16:53:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 16:53:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 16:52:59 | 53,492,5312 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/10 22:03:06 | 06,684,672 | ---- | M] () -- C:\Documents and Settings\Casey Broom\My Documents\My Money.mny
[2009/05/10 22:03:04 | 09,804,502 | R--- | M] () -- C:\Documents and Settings\Casey Broom\My Documents\Banking.mbf
[2009/05/07 18:16:02 | 00,042,902 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Application Data\wklnhst.dat
[2009/05/05 17:43:54 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/05/04 21:12:34 | 00,101,128 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/27 18:14:21 | 00,000,073 | ---- | M] () -- C:\WINDOWS\PUZZLES.INI
[2009/04/26 20:32:36 | 06,921,327 | ---- | M] () -- C:\WINDOWS\PUZZLES.DAT
[2009/04/26 19:32:59 | 05,957,632 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/26 19:32:59 | 03,126,272 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/26 19:17:21 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/26 19:17:21 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/19 21:23:46 | 00,002,174 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Application Data\evpro32.prf
[2009/04/18 08:40:36 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/18 08:40:35 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/18 08:40:32 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 22:31:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 21:28:53 | 00,062,330 | ---- | M] () -- C:\Documents and Settings\Casey Broom\My Documents\February bank statement.pdf
[2009/04/15 21:28:31 | 00,065,475 | ---- | M] () -- C:\Documents and Settings\Casey Broom\My Documents\March bank statement.pdf
< End of report >


Here is the Extra Log:


OTListIt Extras logfile created on: 5/11/2009 5:27:49 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Casey Broom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.07 Mb Total Physical Memory | 98.19 Mb Available Physical Memory | 19.25% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.54 Gb Total Space | 29.66 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
Drive D: | 254.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROOM1
Current User Name: Casey Broom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1209:TCP" = 1209:TCP:*:Enabled:IPCD3
"8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2006/11/30 22:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
File not found -- C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe:*:Disabled:Skyworks Ten Pin Championship Bowling
File not found -- C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe:*:Disabled:Bejeweled2
[2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/04/07 18:37:04 | 00,086,016 | ---- | M] (AndNow LCC) -- C:\My Games\SmallBall Baseball\smallball.exe:*:Disabled:SmallBall BaseBall
File not found -- C:\My Games\Pearl Harbor - Zero Hour\phz.exe:*:Enabled:phz
File not found -- C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe:*:Disabled:Feeding Frenzy
[2006/10/12 02:35:24 | 00,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/11/09 13:28:30 | 00,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary
[2000/08/21 13:37:30 | 01,752,064 | ---- | M] () -- C:\Program Files\Deer Hunter 4\Deer Hunter 4.exe:*:Enabled:Deer Hunter 4
[1998/11/12 11:13:14 | 00,335,872 | ---- | M] () -- C:\Program Files\WCW Nitro PC\nitro.exe:*:Disabled:nitro
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/07/29 18:31:42 | 07,165,216 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0
[2006/07/28 15:10:28 | 00,050,768 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1155222192\ee\aim6.exe:*:Disabled:AIM
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
[2005/07/11 17:35:18 | 00,011,352 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
[2006/04/20 13:10:13 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1155222192\ee\aolsoftware.exe:*:Disabled:AOL Services
File not found -- C:\WINDOWS\surfmonkey\SMProxy.exe:*:Disabled:EarthLink Parental Controls
[2008/10/30 15:16:42 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{28B80CEB-9340-4726-84D3-DF70C4349782}" = Cabela's Big Game Hunter 2006 Season
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5188D24B-9003-41B9-BC5D-7FEBA5C8F3AE}" = Dirt Track Racing 2
"{52496559-216D-483F-AC79-9F9B089F4274}" = Muppet Babies - Air, Land and Sea
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110522523}" = Offroad Arena
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C6C2BE2-C88D-469F-8649-ACAB2A5518B1}" = Deal Info
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter and the Prisoner of Azkaban™
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA7632CD-454A-11D5-B5D0-0010B543C735}" = Leadfoot
"{BCB5B1F6-5C55-4BCB-9192-77C63D166D2B}" = Saturday Night Speedway
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}" = Rapala Pro Fishing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D91EBEEC-700D-44A1-A394-6EBD1D93F281}" = Muppet Babies - Sorting and Thinking
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E249CA45-5A83-11D5-BC5C-00008640B504}" = LeapFrog® LeapPrint
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{e3e97d9d-891b-4331-9621-d8b71960b0c3}.sdb" = Deer's Revenge XP Sp2 Fix
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Activision_GSUninstallKey" = Cabela's Grand Slam
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"All American Trophy Bass 2" = All American Trophy Bass 2
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"BBHDKey" = Deer's Revenge
"Caillou® Party Fun & Games™" = Caillou® Party Fun & Games™
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Cook'n Simple Home Cooking" = Cook'n Simple Home Cooking
"Data Desk/XL" = Data Desk/XL
"Deer Avenger 2" = Deer Avenger 2
"Deer Hunter 4" = Deer Hunter 4
"Deer Hunter Demo" = Deer Hunter Demo
"Detective Barbie® 2 The Vacation Mystery™" = Detective Barbie® 2 The Vacation Mystery™
"Dirt Track Racing Pinball DEMO_is1" = DTR Pinball 1.0d
"Dora's Carnival 2: Boardwalk Adventure" = Dora's Carnival 2: Boardwalk Adventure
"Duck Hunter Pro" = Duck Hunter Pro
"Dynasty" = Dynasty (remove only)
"Easy Chef's - Low Calorie" = Easy Chef's - Low Calorie
"ERUNT_is1" = ERUNT 1.1j
"Escape From Paradise" = Escape From Paradise (remove only)
"Essentials of Health Information Management_is1" = Essentials of Health Information Management
"ExamView Pro" = ExamView Pro
"Express" = Express Dictate Uninstall
"FA Alphabet and Numbers" = FA Alphabet and Numbers
"FPRdyPre" = Fisher-Price® Ready for Preschool
"Go, Diego, Go!: Safari Rescue" = Go, Diego, Go!: Safari Rescue
"HeadGames_BigGameHunter3UninstallKey" = Cabela's Big Game Hunter III
"Hunting Expedition Pack" = Hunting Expedition Pack
"Hunting Unlimited" = Hunting Unlimited
"Hunting Unlimited 4" = Hunting Unlimited 4 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"jv16 PowerTools 2008_is1" = jv16 PowerTools 2008
"Lexmark 2300 Series" = Lexmark 2300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Product_Name" = Millennium Gamepak Gold
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"PRSCHOOL_1.4" = JumpStart PreSchool v1.4
"Real Pool" = Real Pool
"RealPlayer 6.0" = RealPlayer
"Scribe" = Express Scribe
"Shockwave" = Shockwave
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Smash_up_Derby_usa_v2" = Demolition Champions
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TBass3D.exe" = Field & Stream® Trophy Bass 3D
"The Print Shop 10.0" = The Print Shop
"Tiger Woods 99 PGA TOUR Golf" = Tiger Woods 99 PGA TOUR Golf
"Titanic" = Titanic
"USA Bass" = USA Bass
"WCW Nitro PC" = WCW Nitro PC
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Yahoo! Messenger" = Yahoo! Messenger
"Zoboomafoo Animal Alphabet™" = Zoboomafoo Animal Alphabet™

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2009 8:32:58 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3516 (0xdbc) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Casey
Broom\Local Settings\Temp\_tf4F.tmp by C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 4/11/2009 8:41:28 PM | Computer Name = BROOM1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2009 8:25:18 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3244 (0xcac) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All
Users\Application Data\McAfee\MCLOGS\MISP\mcnasvc\mcnasvc001.log by c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 4/20/2009 10:27:46 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2720 (0xaa0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\WINDOWS\WindowsUpdate.log

by C:\WINDOWS\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/22/2009 6:40:30 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3736 (0xe98) Thread address : 0x00410B23 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\WINDOWS\Prefetch\MPCMDRUN.EXE-177DBF1A.pf

by **\MPCMDRUN.EXE 4(203)(0) 4(203)(0) 7200(203)(0) 7595(203)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 4/26/2009 11:11:11 AM | Computer Name = BROOM1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 7:55:59 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 128 (0x80) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All
Users\Application Data\McAfee\MCLOGS\MISP\mcupdmgr\mcupdmgr002.log by c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

4(391)(0) 4(391)(0) 7200(63)(0) 7595(63)(0) 7005(63)(0) 7004(63)(0) 5006(63)(0)

5004(63)(0)

Error - 4/29/2009 8:08:05 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3328 (0xd00) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Microsoft
Office\Office10\MSOSTYLE.DLL by C:\Program Files\Windows Defender\MsMpEng.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/3/2009 1:29:07 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2772 (0xad4) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Microsoft
Office\Office10\MSOSTYLE.DLL by C:\Program Files\Windows Defender\MsMpEng.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/4/2009 8:56:46 PM | Computer Name = BROOM1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3808 (0xee0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\comm.drv

by C:\Program Files\Windows Defender\MsMpEng.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 5/6/2009 5:29:17 PM | Computer Name = BROOM1 | Source = Print | ID = 23
Description = Printer Export To Web failed to initialize because a suitable Web
Export driver could not be found.

Error - 5/6/2009 5:32:16 PM | Computer Name = BROOM1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 5/6/2009 5:32:16 PM | Computer Name = BROOM1 | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053

Error - 5/7/2009 4:57:10 PM | Computer Name = BROOM1 | Source = Print | ID = 23
Description = Printer Export To Web failed to initialize because a suitable Web
Export driver could not be found.

Error - 5/8/2009 5:33:25 PM | Computer Name = BROOM1 | Source = Print | ID = 23
Description = Printer Export To Web failed to initialize because a suitable Web
Export driver could not be found.

Error - 5/8/2009 5:35:00 PM | Computer Name = BROOM1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 5/8/2009 5:35:00 PM | Computer Name = BROOM1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 5/9/2009 9:31:55 AM | Computer Name = BROOM1 | Source = Print | ID = 23
Description = Printer Export To Web failed to initialize because a suitable Web
Export driver could not be found.

Error - 5/10/2009 8:21:43 PM | Computer Name = BROOM1 | Source = Print | ID = 23
Description = Printer Export To Web failed to initialize because a suitable Web
Export driver could not be found.

Error - 5/11/2009 4:53:53 PM | Computer Name = BROOM1 | Source = Print | ID = 23
Description = Printer Export To Web failed to initialize because a suitable Web
Export driver could not be found.


< End of report >


Here's the GMER list:


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-11 18:09:36
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF4D449AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF4D44A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF4D44958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF4D4496C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF4D44A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF4D44A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF4D44AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF4D44AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF4D449EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF4D44B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF4D44A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF4D44930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF4D44944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF4D449BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF4D44B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF4D44AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF4D44AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF4D44A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF4D44B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF4D44B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF4D44996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF4D44982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF4D44A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF4D44A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF4D44B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF4D44A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF4D449D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Attached Files



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:37 PM

Posted 11 May 2009 - 08:13 PM

Hello, dacer123 :thumbup2:
We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otli
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {4316CFAD-3CC2-463F-8111-70976DB7F7DF} - Reg Error: Key error. File not found
    O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (United Online, Inc.)
    O2 - BHO: (no name) - {68E17D34-DB68-4A06-8DA7-31D8430E0C4F} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {7370F91F-6994-4595-9949-601FA2261C8D} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll ()
    O4 - HKLM..\Run: [] File not found
    O15 - HKU\S-1-5-21-3717062616-655209259-2242942787-1006\..Trusted Domains: internet ([]about in Trusted sites)
    O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O24 - Desktop Components:AutorunsDisabled () - 
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxVmlk) - File not found
    :files
    C:\Program Files\NetZero
    C:\WINDOWS\System32\bfdabf4_z.dll
    C:\WINDOWS\System32\ovblvben.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\System32\fkeanuhe.ini
    C:\WINDOWS\System32\klmVxyxx.ini2
    C:\WINDOWS\System32\klmVxyxx.ini
    C:\WINDOWS\orun32.ini
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Also please let me know how things are running....

In your next reply, please include the following:
  • OTListIt2 Fix Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 dacer123

dacer123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 12 May 2009 - 06:31 PM

Here's the fixit log:

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4316CFAD-3CC2-463F-8111-70976DB7F7DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4316CFAD-3CC2-463F-8111-70976DB7F7DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52706EF7-D7A2-49AD-A615-E903858CF284}\ deleted successfully.
C:\Program Files\NetZero\qsacc\x1IEBHO.dll unregistered successfully.
C:\Program Files\NetZero\qsacc\x1IEBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68E17D34-DB68-4A06-8DA7-31D8430E0C4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68E17D34-DB68-4A06-8DA7-31D8430E0C4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7370F91F-6994-4595-9949-601FA2261C8D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ deleted successfully.
C:\Program Files\NetZero\toolbar.dll unregistered successfully.
C:\Program Files\NetZero\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\AutorunsDisabled\ deleted successfully.
File not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\xxyxVmlk deleted successfully.
========== FILES ==========
C:\Program Files\NetZero\staging moved successfully.
C:\Program Files\NetZero\qsacc\Help moved successfully.
C:\Program Files\NetZero\qsacc moved successfully.
C:\Program Files\NetZero\pool moved successfully.
C:\Program Files\NetZero\lib\security moved successfully.
C:\Program Files\NetZero\lib moved successfully.
C:\Program Files\NetZero\images\dialog moved successfully.
C:\Program Files\NetZero\images\buttons moved successfully.
C:\Program Files\NetZero\images\anima moved successfully.
C:\Program Files\NetZero\images moved successfully.
C:\Program Files\NetZero\Help moved successfully.
C:\Program Files\NetZero\cache moved successfully.
C:\Program Files\NetZero\bin moved successfully.
C:\Program Files\NetZero\basket moved successfully.
C:\Program Files\NetZero moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\bfdabf4_z.dll
C:\WINDOWS\System32\bfdabf4_z.dll NOT unregistered.
C:\WINDOWS\System32\bfdabf4_z.dll moved successfully.
C:\WINDOWS\System32\ovblvben.ini moved successfully.
C:\WINDOWS\pskt.ini moved successfully.
C:\WINDOWS\System32\fkeanuhe.ini moved successfully.
C:\WINDOWS\System32\klmVxyxx.ini2 moved successfully.
C:\WINDOWS\System32\klmVxyxx.ini moved successfully.
C:\WINDOWS\orun32.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

OTListIt2 by OldTimer - Version 2.0.15.6 log created on 05122009_192904

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:37 PM

Posted 12 May 2009 - 08:50 PM

Hello, dacer123 :thumbup2:
How are things running now (After reboot)?

In your next reply, please include the following:
  • A new OTListIt2 log (Scan Mode Again)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 dacer123

dacer123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 14 May 2009 - 04:21 PM

Hi Billy,

The computer is running a better. I still have a problem that I just figured out what it is. My McAfee does this installation thing sometimes when I boot up and it takes just about all my resources. Very frustruating.

Here's my log:

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4316CFAD-3CC2-463F-8111-70976DB7F7DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4316CFAD-3CC2-463F-8111-70976DB7F7DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52706EF7-D7A2-49AD-A615-E903858CF284}\ not found.
File C:\Program Files\NetZero\qsacc\x1IEBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68E17D34-DB68-4A06-8DA7-31D8430E0C4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68E17D34-DB68-4A06-8DA7-31D8430E0C4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7370F91F-6994-4595-9949-601FA2261C8D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ not found.
File C:\Program Files\NetZero\toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_USERS\S-1-5-21-3717062616-655209259-2242942787-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\AutorunsDisabled\ not found.
File not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\xxyxVmlk scheduled to be deleted on reboot.
========== FILES ==========
File\Folder C:\Program Files\NetZero not found.
File\Folder C:\WINDOWS\System32\bfdabf4_z.dll not found.
File\Folder C:\WINDOWS\System32\ovblvben.ini not found.
File\Folder C:\WINDOWS\pskt.ini not found.
File\Folder C:\WINDOWS\System32\fkeanuhe.ini not found.
File\Folder C:\WINDOWS\System32\klmVxyxx.ini2 not found.
File\Folder C:\WINDOWS\System32\klmVxyxx.ini not found.
File\Folder C:\WINDOWS\orun32.ini not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

OTListIt2 by OldTimer - Version 2.0.15.6 log created on 05142009_164021

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. :HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\xxyxVmlk scheduled to be deleted on reboot.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:37 PM

Posted 14 May 2009 - 09:05 PM

Hello, dacer123 :thumbup2:

My McAfee does this installation thing sometimes when I boot up and it takes just about all my resources

Not much I can do about that problem. It's a McAfee deal. You can try reinstalling using the instructions here:
http://service.mcafee.com/FAQDocument.aspx?id=TS100507

Can you use the "Run Scan" method on OTLI2, please? :)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 dacer123

dacer123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 16 May 2009 - 07:41 AM

I think this is the log you needed. Also, the system is still running really slow again this morning.



OTListIt logfile created on: 5/16/2009 8:30:37 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Casey Broom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.07 Mb Total Physical Memory | 87.31 Mb Available Physical Memory | 17.12% Memory free
1.22 Gb Paging File | 0.44 Gb Available in Paging File | 36.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.54 Gb Total Space | 30.06 Gb Free Space | 42.61% Space Free | Partition Type: NTFS
Drive D: | 254.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROOM1
Current User Name: Casey Broom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/03/30 04:57:08 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2007/01/16 14:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/03/23 00:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/09 07:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2006/11/03 20:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/04/24 13:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/01/16 14:59:50 | 04,838,952 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2006/11/30 22:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2006/11/03 20:20:06 | 00,293,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/05/11 17:27:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey Broom\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (ACDaemon [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/03/30 04:57:08 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/07/25 15:25:18 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcgcoms.exe -- (lxcg_device [On_Demand | Stopped])
SRV - [2007/01/16 14:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 10:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/03/30 05:03:06 | 01,035,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/04/22 04:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/10/14 21:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/09/13 03:39:26 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Mitch Broom\Local Settings\Temp\gel90xne.sys -- (gel90xne [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Running])
DRV - [2007/12/02 13:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2007/07/13 07:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/11/02 16:12:14 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 20:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/05/13 11:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 11:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/03/31 20:22:16 | 00,180,096 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2005/05/31 06:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2008/07/12 09:36:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/31 22:28:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &Search - ?p=ZSzed055YYUS_ZC File not found
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228" File not found
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227" File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 88 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1238547890905 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/15 06:45:38 | 00,000,000 | R--D | M] - D:\AutoPlay.kit -- [ CDFS ]
O32 - AutoRun File - [2004/11/03 06:10:15 | 00,675,840 | R--- | M] (School Zone Interactive) - D:\Autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2004/12/14 12:24:22 | 00,001,534 | R--- | M] () - D:\Autoplay.ini -- [ CDFS ]
O32 - AutoRun File - [2004/12/14 12:22:47 | 00,000,125 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/05/12 19:29:04 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/11 17:27:13 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Casey Broom\Desktop\OTListIt2.exe
[2009/05/11 17:26:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/11 17:25:23 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Casey Broom\Desktop\NTREGOPT.lnk
[2009/05/11 17:25:23 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Casey Broom\Desktop\ERUNT.lnk
[2009/05/11 17:25:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/11 17:23:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Casey Broom\Desktop\erunt-setup.exe
[2009/04/26 19:17:21 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/26 19:17:21 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/25 22:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Casey Broom\Local Settings\Apps
[2009/04/16 18:01:39 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 18:01:38 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 18:01:38 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 18:01:38 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 18:01:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 18:01:37 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 18:01:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 18:01:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 18:01:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 18:01:34 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 17:52:13 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 17:52:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 17:52:06 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/07 21:33:06 | 00,000,051 | ---- | C] () -- C:\WINDOWS\SSAWDEMO.INI
[2007/08/05 12:05:43 | 00,000,409 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2007/08/05 11:26:30 | 00,000,095 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2007/03/17 15:13:37 | 00,000,896 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
[2007/03/17 15:13:33 | 00,000,144 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
[2007/03/17 15:13:11 | 00,000,373 | ---- | C] () -- C:\WINDOWS\SETUPEXE.INI
[2007/03/05 13:34:28 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/14 10:13:29 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/13 21:24:38 | 00,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2006/10/10 22:39:46 | 00,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006/09/01 17:41:43 | 00,000,073 | ---- | C] () -- C:\WINDOWS\PUZZLES.INI
[2006/08/10 11:01:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/08 17:37:44 | 00,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/07/28 21:34:14 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/28 18:14:26 | 00,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/28 18:14:24 | 00,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2006/07/28 16:01:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Export to web.INI
[2006/07/28 16:00:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2006/07/26 21:10:08 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/06/10 20:42:31 | 00,002,793 | ---- | C] () -- C:\WINDOWS\SportballChallenge.ini
[2006/05/13 22:14:25 | 00,000,396 | ---- | C] () -- C:\WINDOWS\LuckyStreakPoker.ini
[2006/05/07 15:33:41 | 00,000,524 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2006/04/30 15:31:36 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Preschol.ini
[2006/04/30 13:35:28 | 00,000,698 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/03/19 10:45:58 | 00,000,059 | ---- | C] () -- C:\WINDOWS\dhp.ini
[2006/02/26 16:13:37 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/02/26 16:13:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/02/22 22:20:59 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/01/08 12:26:31 | 00,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/11/21 21:25:30 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/11/21 21:23:57 | 00,000,558 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/09/06 21:05:43 | 00,000,072 | ---- | C] () -- C:\WINDOWS\DREVENGE.INI
[2005/09/04 22:01:00 | 00,179,579 | -HS- | C] () -- C:\WINDOWS\System32\edeeg.ini
[2005/08/28 20:27:24 | 00,000,340 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/23 21:15:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/08/18 17:27:25 | 00,000,243 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/12 18:19:43 | 00,000,373 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/08/06 11:46:36 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/08/06 11:41:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/03 20:23:37 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/03 20:18:22 | 00,000,504 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/03 20:14:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/03 19:46:30 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/25 15:31:30 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/07/25 15:27:22 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/07/25 15:26:58 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/07/25 15:25:26 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/07/25 15:24:46 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/07/25 15:24:14 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/07/25 15:19:36 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2005/07/07 05:12:28 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2005/05/19 19:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,525 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/10 19:55:38 | 00,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/03/22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/16 08:34:32 | 00,042,898 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Application Data\wklnhst.dat
[2009/05/16 08:11:21 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/16 07:52:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/16 07:51:43 | 00,017,563 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/16 07:50:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Casey Broom\Local Settings\desktop.ini
[2009/05/16 07:50:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/16 07:50:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/16 07:50:23 | 53,492,5312 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/11 17:27:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey Broom\Desktop\OTListIt2.exe
[2009/05/11 17:25:23 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Desktop\NTREGOPT.lnk
[2009/05/11 17:25:23 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Desktop\ERUNT.lnk
[2009/05/11 17:23:33 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Casey Broom\Desktop\erunt-setup.exe
[2009/05/10 22:03:06 | 06,684,672 | ---- | M] () -- C:\Documents and Settings\Casey Broom\My Documents\My Money.mny
[2009/05/10 22:03:04 | 09,804,502 | R--- | M] () -- C:\Documents and Settings\Casey Broom\My Documents\Banking.mbf
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 17:43:54 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/05/04 21:12:34 | 00,101,128 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/27 18:14:21 | 00,000,073 | ---- | M] () -- C:\WINDOWS\PUZZLES.INI
[2009/04/26 20:32:36 | 06,921,327 | ---- | M] () -- C:\WINDOWS\PUZZLES.DAT
[2009/04/26 19:32:59 | 05,957,632 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/26 19:32:59 | 03,126,272 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/26 19:17:21 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/26 19:17:21 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/19 21:23:46 | 00,002,174 | ---- | M] () -- C:\Documents and Settings\Casey Broom\Application Data\evpro32.prf
[2009/04/18 08:40:36 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/18 08:40:35 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/18 08:40:32 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 22:31:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:37 PM

Posted 17 May 2009 - 05:28 PM

Hello, dacer123 :thumbup2:
Anything other than slow at this point?

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:37 PM

Posted 22 May 2009 - 06:40 PM

Hello, dacer123 :thumbup2:
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users