Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

every time i try to run mcaffe,pc doctor,or any of the other selection my computer shuts down

Started by dpking1 , Sep 15 2009 05:43 PM

This topic is locked

25 replies to this topic

#1 dpking1

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 15 September 2009 - 05:43 PM

every time i try to run macaffe,pc doctor or any other spyware or maleware my computer shuts down, imanaged to get the 2 ddds files but when i run rootrepeal (i did this twice) the scan will finish then shut my computer down the message i get is a blue screen a problem has been detected and windows has been to prevent damage to your computer.
KERNAL_DATA_IMAGE_ERROR if this is the first time you have seen this stop error screen restart your computer(which happened twice) restart your computer if this appears again follow these steps (Which it doesnt) make sure any new hardware or software is properly installed if this is a new installlation,,ask your hardware or software manufacture for any windows up dates you might need.
Technical information:
*** stop: 0x0000007A (0xc03E18B4, 0xc000000E, 0xF862DE52, 0x1D022860)

*** atapi.sys-ADDRESS F862DE52 base at F861E000,
Date stamp 4802539d
bigining dump of physical memory

In the begining after i would reboot my computer my computer would rebooi would get a message the system has recovered from a serios error please tell microsoft
error signature *
bccode:9c bcp1 A2000000 bcp2 8054e0f0 bcp3 a2000000 bcp484010400 os ver:5_1_2600 sp:3_0 product 768_1
then when i would click on associated files this is what i would get
c:\docume~1\owner\locals~1\temp\wer6c7b.dir00\mini091209_01.dmp
C:docume~1\owner\locals~1\temp\wer6c7b.dir00\sysdata.xml

also when i first tried to run root rpeal i received an error error- invalid PE image found
i hit ok and continued to try to run it.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/15/2002 10:14:29 PM
System Uptime: 9/15/2009 10:29:45 AM (6 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4B266LA
Processor: Intel® Pentium® 4 CPU 1.60GHz | PGA 478 | 1594/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 56.846 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2090: 8/23/2009 10:23:28 AM - System Checkpoint
RP2091: 8/23/2009 1:36:43 PM - System Checkpoint
RP2092: 8/24/2009 1:41:33 PM - System Checkpoint
RP2093: 8/25/2009 2:14:28 PM - System Checkpoint
RP2094: 8/26/2009 3:00:36 AM - Software Distribution Service 3.0
RP2095: 8/27/2009 3:36:21 AM - System Checkpoint
RP2096: 8/28/2009 5:35:35 AM - System Checkpoint
RP2097: 8/29/2009 6:24:26 AM - System Checkpoint
RP2098: 8/30/2009 7:36:33 AM - System Checkpoint
RP2099: 8/31/2009 8:36:36 AM - System Checkpoint
RP2100: 9/1/2009 9:37:30 AM - System Checkpoint
RP2101: 9/2/2009 10:24:31 AM - System Checkpoint
RP2102: 9/3/2009 11:24:33 AM - System Checkpoint
RP2103: 9/4/2009 1:47:43 PM - System Checkpoint
RP2104: 9/5/2009 2:26:31 PM - System Checkpoint
RP2105: 9/6/2009 2:27:35 PM - System Checkpoint
RP2106: 9/7/2009 12:51:47 PM - Installed EarthLink Protection Control Center.
RP2107: 9/8/2009 2:17:20 PM - System Checkpoint
RP2108: 9/9/2009 3:00:46 AM - Software Distribution Service 3.0
RP2109: 9/9/2009 3:30:45 PM - Removed EarthLink Protection Control Center.
RP2110: 9/10/2009 3:35:48 PM - System Checkpoint
RP2111: 9/10/2009 7:51:35 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP2112: 9/11/2009 3:09:40 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP2113: 9/12/2009 3:17:02 PM - System Checkpoint
RP2114: 9/13/2009 3:54:40 PM - System Checkpoint
RP2115: 9/14/2009 3:59:30 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
5700_Help
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
Atomic Pop
Blasterball Wild
Bonjour
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
CCScore
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Custom Info
Dark Orbit
Disney Interactive Compatibility Update May 2002
DocProc
DocProcQFolder
Drivers Install For Linksys Easylink Advisor
EarthLink 5.0
EarthLink Accelerator
EarthLink Common Authentication
EarthLink FastLane
EarthLink MailBox
EarthLink MDAC
EarthLink Setup
EarthLink Software
EarthLink Toolbar
EarthLink Update Manager
EarthLink Webspace
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
eSupportQFolder
GemMaster 2
Google Toolbar for Internet Explorer
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp center
HP Instant Support
HP Officejet All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP RecordNow
HP Solution Center 7.0
HP Update
HPProductAssistant
Inactive HP Printer Drivers (Remove only)
Inbox.com Slideshow Screensaver
InterActual Player
InterVideo WinDVD
iTunes
J5700
Java™ 6 Update 14
Java™ 6 Update 5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Linksys EasyLink Advisor 1.6 (0032)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft XML Parser
MP3 Player Utilities
MSSoap
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MUSICMATCH Jukebox
Notifier
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S 7.0
OfotoXMI
OTtBP
OTtBPSDK
PigPen
ProductContext
Professional Resume Creator
PS2
QuickTime
Redistributed Files
Registry Mechanic 8.0
SabreWing 2
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SFR
SHASTA
SKIN0001
SKINXSDK
SolutionCenter
Space Rocks
Speedway
Spyware Doctor 6.1
staticcr
The Print Shop Premier Edition 5.0
TotalAccess Core Applications
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VPRINTOL
War Games Virtual Warfare Demo
WebFldrs XP
WebReg
WildTangent Channel Manager
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Works Suite OS Pack

==== End Of File ===========================

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 16:21:04.96 on Tue 09/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.95 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
c:\progra~1\inbox\ssaver\CSSaver.exe
C:\WINDOWS\SLIDES~1.SCR
C:\Program Files\Inbox\SSaver\bin\2DSaver\2DSaver.scr
C:\Program Files\Inbox\SSaver\bin\2DSaver\ssfxmodul\ssfxmodul.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.earthlink.net
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uDefault_Page_URL = hxxp://start.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us4.hpwis.com/
uInternet Settings,ProxyServer = http=localhost:8082
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6066\SiteAdv.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink totalaccess\toolbar\ElnkPuB.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: IE_PopupBlocker Class: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\program files\earthlink totalaccess\accelerator\prpl_IePopupBlocker.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink totalaccess\toolbar\ProtctIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink totalaccess\toolbar\uninsttb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6066\SiteAdv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink totalaccess\toolbar\Toolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Acme.PCHButton] c:\progra~1\hpinst~1\plugin\bin\PCHButton.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6028\SiteAdv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McAfeeUpdate] "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\asho1wtt\McAfeeUpdate[1].exe" /RunKey
mRun: [IPInSightMonitor 01] "c:\program files\earthlink totalaccess\fastlane2\IPMon32.exe"
mRun: [IPInSightLAN 01] "c:\program files\earthlink totalaccess\fastlane2\IPClient.exe" -l
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: Refresh Pa&ge with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-image.html
IE: {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\inbox\ssaver\CSSaver.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\earthlink totalaccess\accelerator\prplsf.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: www.planaccount3com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6066\SiteAdv.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\mi3aa1~1\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\mi3aa1~1\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\mi3aa1~1\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\mi3aa1~1\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\mi3aa1~1\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\mi3aa1~1\CENetFlt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-11 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-9-11 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-9-11 39200]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-26 214024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-11 159600]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-1 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-12-26 144704]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-11 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-11 1097096]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-12-26 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-26 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-26 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-26 40552]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-9-11 64392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-9-11 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-9-24 2944]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2005-9-24 12160]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2005-9-24 3968]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-9-24 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-9-24 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-9-24 10368]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-26 34216]
S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\pcdrdrv.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]

=============== Created Last 30 ================

2009-09-12 13:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-11 19:14 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-09-11 19:14 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-09-11 19:14 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-09-11 19:14 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-09-11 17:50 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-11 17:49 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-11 17:49 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-11 17:49 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-11 17:49 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-11 17:49 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-11 17:48 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-11 17:48 <DIR> --d----- c:\docume~1\owner\applic~1\PC Tools
2009-09-11 17:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-11 06:42 1,736 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-10 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-09-10 19:51 <DIR> --d----- c:\program files\common files\iS3
2009-09-10 19:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-08 23:03 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-07 12:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EarthLink Setup Files
2009-09-07 12:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EarthLink
2009-08-21 10:46 <DIR> --d----- c:\docume~1\owner\applic~1\PCMM 2009 Startup Manager Backup

==================== Find3M ====================

2009-09-10 19:35 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-06-10 07:50 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-11-04 11:31 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110420081105\index.dat
2009-06-15 12:08 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2009-06-15 12:08 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2009-06-15 12:08 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:27:25.01 ===============

Attached Files

Attach.txt 9.42KB 3 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 sempai

noypi

Malware Response Team
5,288 posts
OFFLINE

Gender:Male
Location:3 stars and a sun
Local time:02:34 AM

Posted 30 September 2009 - 05:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

#3 sempai

noypi

Malware Response Team
5,288 posts
OFFLINE

Gender:Male
Location:3 stars and a sun
Local time:02:34 AM

Posted 30 September 2009 - 05:20 PM

Edit: double post

Edited by sempai, 30 September 2009 - 05:21 PM.

#4 dpking1

Topic Starter

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 01 October 2009 - 03:07 PM

Attach.txt 10.21KB 8 downloads

DDS.txt 14.72KB 32 downloadsI am still having the same problems and here are the files you requested I have not changed any thing on my computer as reqested.any help would be appreciated.

#5 Farbar

Just Curious

Security Developer
21,719 posts
OFFLINE

Gender:Male
Location:The Netherlands
Local time:08:34 PM

Posted 08 October 2009 - 03:06 AM

imanaged to get the 2 ddds

Hi dpking1,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or Spyware Doctor.
From now on tell me if the system crashed and attach the miniXXXX.dmp file it made. To find it you can use Windows search and the search term will be mini. Make sure you attach the latest minidump file as indicated by the date.:

then when i would click on associated files this is what i would get
c:\docume~1\owner\locals~1\temp\wer6c7b.dir00\mini091209_01.dmp
C:docume~1\owner\locals~1\temp\wer6c7b.dir00\sysdata.xml
Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#6 dpking1

Topic Starter

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 08 October 2009 - 02:55 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2926
Windows 5.1.2600 Service Pack 3

10/8/2009 3:37:18 PM
mbam-log-2009-10-08 (15-37-18).txt

Scan type: Quick Scan
Objects scanned: 122491
Time elapsed: 18 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

This is a copy of the mbam computer did not cut off thanks

#7 Farbar

Just Curious

Security Developer
21,719 posts
OFFLINE

Gender:Male
Location:The Netherlands
Local time:08:34 PM

Posted 08 October 2009 - 03:59 PM

Please download OTL by OldTimer.

Save it to your desktop.
Double click on the OTL icon on your desktop.
Check the "Scan All Users" checkbox.
Check the "Standard Output".
Click Run Scan button.
Two reports will open, copy and paste them to your reply:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

#8 dpking1

Topic Starter

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 08 October 2009 - 05:52 PM

OTL logfile created on: 10/8/2009 6:31:43 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 232.12 Mb Available Physical Memory | 45.38% Memory free
1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.19% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.89 Gb Total Space | 55.92 Gb Free Space | 80.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DWP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\mcafee.com\Agent\mcagent.exe
PRC - [1998/05/07 13:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2006/12/19 22:37:46 | 00,036,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/08/10 21:10:36 | 00,122,880 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
PRC - [2005/08/10 21:10:36 | 00,380,928 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/03/15 19:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/06/30 23:37:10 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2000/08/10 00:41:34 | 00,450,646 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2009/06/30 11:00:02 | 02,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2005/09/01 18:24:56 | 00,942,080 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2008/04/16 03:44:28 | 00,758,272 | ---- | M] (Crawler.com) -- c:\Program Files\Inbox\SSaver\CSSaver.exe
PRC - [2005/07/20 14:23:58 | 00,024,576 | ---- | M] () -- C:\WINDOWS\Slideshow Screensaver.scr
PRC - [2008/04/16 03:44:18 | 00,733,184 | ---- | M] () -- C:\Program Files\Inbox\SSaver\bin\2DSaver\2DSaver.scr
PRC - [2006/11/10 10:31:04 | 00,528,384 | ---- | M] () -- C:\Program Files\Inbox\SSaver\bin\2DSaver\ssfxmodul\ssfxmodul.scr
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/10/08 18:29:36 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/06/17 18:28:46 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
SRV - [2003/09/24 09:00:34 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Disabled | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2001/09/27 20:49:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\Brfilt.sys -- (brfilt [On_Demand | Stopped])
DRV - [2001/08/17 13:12:22 | 00,012,160 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\DRIVERS\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2001/08/17 13:12:24 | 00,003,968 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\DRIVERS\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2001/08/17 13:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrSerWdm.sys -- (BrSerWDM [On_Demand | Stopped])
DRV - [2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2001/08/17 13:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbScn.sys -- (BrUsbScn [On_Demand | Stopped])
DRV - [2001/08/17 08:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2007/03/22 13:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys -- (elagopro [Auto | Running])
DRV - [2007/03/22 13:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys -- (elaunidr [Auto | Running])
DRV - [2002/02/16 00:12:04 | 00,001,652 | ---- | M] () -- C:\WINDOWS\freedom.backup.dat -- (Freedom [On_Demand | Stopped])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/10/20 23:58:52 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/10/20 23:58:58 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005/10/20 23:52:48 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2001/08/08 10:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2001/08/08 10:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2001/08/08 10:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2003/09/24 09:00:34 | 00,032,658 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk [Boot | Running])
DRV - [2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2008/04/13 14:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mf.sys -- (mf [On_Demand | Stopped])
DRV - [2009/07/08 13:44:20 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/07/08 13:43:46 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/07/08 13:44:20 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 18:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2002/11/03 19:51:06 | 00,028,164 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2001/09/27 20:49:00 | 00,702,777 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/17 08:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4.sys -- (nv4 [On_Demand | Stopped])
DRV - [2001/09/16 14:45:04 | 00,013,716 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2008/04/13 14:41:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys -- (ppa3 [Boot | Running])
DRV - [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2001/08/17 16:49:58 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/11/03 04:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/10/12 15:44:12 | 00,114,816 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3SavageNB [On_Demand | Stopped])
DRV - [2001/08/23 15:00:00 | 00,022,400 | ---- | M] () -- C:\WINDOWS\System32\Drivers\SbcpHid.sys -- (SbcpHid [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/09/24 11:27:18 | 00,463,848 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 14:45:38 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [System | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://start.mindspring.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mindspring.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8082

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://start.mindspring.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mindspring.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8082

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..\URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\S-1-5-21-3962937336-3615762775-2885428501-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\S-1-5-21-3962937336-3615762775-2885428501-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\S-1-5-21-3962937336-3615762775-2885428501-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8082

IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?p...cid={SUB_CLSID}
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\S-1-5-21-3962937336-3615762775-2885428501-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?p...cid={SUB_CLSID}
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\S-1-5-21-3962937336-3615762775-2885428501-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/31 14:45:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 03:01:04 | 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPub.dll (EarthLink, Inc.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (IE_PopupBlocker Class) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll (EarthLink, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdate] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ASHO1WTT\McAfeeUpdate[1].exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe File not found
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3962937336-3615762775-2885428501-500..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3962937336-3615762775-2885428501-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: EarthLink Google Search - C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll (EarthLink, Inc.)
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\pac-image.html ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Inbox.com Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Inbox\SSaver\CSSaver.exe (Crawler.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..Trusted Domains: www.planaccount3com ([]https in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://a280.ac-images.myspacecdn.com/image...2fab46850bf.jpg
O24 - Desktop Components:1 () - http://a405.ac-images.myspacecdn.com/image...f89bf2c3124.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 17:36:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{37dd19b0-af68-11dc-9fbe-00e018518eb5}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/12 13:51:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/11 17:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/10 19:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/09/10 19:51:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/09/10 19:51:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/10/08 15:11:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/08 18:29:29 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/10/08 15:11:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/08 15:11:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/08 15:08:57 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/09/11 17:48:42 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/09/08 23:03:37 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2005/08/14 15:14:50 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/08 18:29:36 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/10/08 16:00:02 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{9293434D-1CBA-4F33-9F1C-13F2614F6258}_JAD_Owner.job
[2009/10/08 16:00:02 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{3CB3A072-DE17-40B2-8434-A83D5BF3CB0A}_DWP_Owner.job
[2009/10/08 16:00:02 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{2DA1CF61-AA90-4E2C-9E37-7FDEEF64B7E9}_JAD_Owner.job
[2009/10/08 16:00:01 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{55FFC3CC-AD51-4960-AC2E-B16116E06E55}_JAD_Owner.job
[2009/10/08 15:46:17 | 00,021,543 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/08 15:43:43 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\HPSYSDRV.DAT
[2009/10/08 15:42:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/08 15:42:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/08 15:42:23 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/08 15:11:56 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 15:08:57 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/10/08 09:00:07 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{DF81BA68-4BF2-4DF4-8D49-C91948F6E2D0}_JAD_Owner.job
[2009/10/08 09:00:07 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{A64C9D1C-41DE-4161-9F62-8D1C454800A8}_JAD_Owner.job
[2009/10/08 09:00:07 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{7907C584-2E6B-449E-908D-5EE5FD63FA59}_DWP_Owner.job
[2009/10/08 09:00:01 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{C046B1EB-671E-4A89-8E16-4E9BA662B4DE}_JAD_Owner.job
[2009/10/02 16:00:12 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{D96139FE-6703-4695-852B-057C28ECB26F}_JAD_Owner.job
[2009/10/02 16:00:12 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{7A5024A5-D338-4A6F-899B-7473F20D270C}_DWP_Owner.job
[2009/10/02 16:00:12 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{5A860C5A-0437-462C-8459-24D943DE5137}_JAD_Owner.job
[2009/10/02 16:00:00 | 00,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{22A5D711-53E4-4BE3-8BBC-13E271E49558}_JAD_Owner.job
[2009/10/02 06:54:15 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/02 06:47:51 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/01 20:57:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/01 01:08:05 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/09/30 19:41:39 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EarthLink MailBox.lnk
[2009/09/25 07:47:38 | 00,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/22 14:33:31 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Karen A letter to tommy.doc
[2009/09/15 01:00:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/09/11 17:48:44 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/09/11 13:38:32 | 00,001,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:05:56 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files - No Company Name ==========
[2009/10/08 15:11:56 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/22 14:18:36 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Karen A letter to tommy.doc
[2009/09/21 09:18:47 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EarthLink MailBox.lnk
[2009/09/11 17:49:50 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/11 17:48:44 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/09/11 06:42:43 | 00,001,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/08/22 13:44:29 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/08/11 14:48:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/01/14 17:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/05/15 18:27:19 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/15 16:12:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/05/15 15:39:54 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/05/15 15:19:07 | 00,005,489 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/26 19:26:59 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/31 01:59:36 | 00,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/03/13 19:42:40 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/03/13 19:42:40 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/13 19:42:40 | 00,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/02/21 17:01:25 | 00,000,066 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/02/11 19:09:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/01/18 16:45:39 | 00,001,022 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/09/24 17:56:36 | 00,002,652 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2005/08/14 15:14:50 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/10/29 14:30:34 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/09/16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/01/04 17:31:52 | 00,000,371 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/07/12 15:41:02 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2003/06/18 14:14:13 | 00,000,030 | ---- | C] () -- C:\WINDOWS\earthlink.INI
[2003/06/18 13:59:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2003/06/18 13:53:22 | 00,000,031 | ---- | C] () -- C:\WINDOWS\AUTHMGR.INI
[2003/05/05 12:18:03 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/03/24 17:35:24 | 00,000,065 | ---- | C] () -- C:\WINDOWS\LIVING~1.ini
[2002/10/27 12:25:13 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/09/25 16:37:10 | 00,000,035 | ---- | C] () -- C:\WINDOWS\EARTHL~1.INI
[2002/08/05 13:34:44 | 00,141,296 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2002/03/13 15:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/02/28 22:20:47 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2002/02/28 22:20:47 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2002/02/14 23:01:39 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2002/01/16 17:37:45 | 00,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll
[2002/01/16 17:37:45 | 00,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll
[2002/01/16 12:04:59 | 00,000,377 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/01/16 01:35:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/01/15 23:24:36 | 00,000,026 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2001/11/09 14:41:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 23:43:04 | 00,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 22:45:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 22:45:01 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 22:37:54 | 00,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 22:21:26 | 00,000,186 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 22:21:26 | 00,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 22:21:26 | 00,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 21:49:47 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 17:50:38 | 05,810,086 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2001/11/06 17:40:54 | 00,000,777 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 17:40:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2001/11/06 09:27:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2001/11/06 09:21:55 | 00,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/11/06 09:21:36 | 00,001,022 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 15:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/08 10:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 21:07:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 21:37:50 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 13:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/01/12 04:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

OTL Extras logfile created on: 10/8/2009 6:31:43 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 232.12 Mb Available Physical Memory | 45.38% Memory free
1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.19% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.89 Gb Total Space | 55.92 Gb Free Space | 80.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DWP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl -- (EarthLink, Inc.)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700
"{1047DCFF-70A3-4D75-9E23-28165F82E2CB}" = Custom Info
"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1E6ADBB1-4D4E-4A02-A269-75243222C467}" = GemMaster 2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F72E05E-2371-4C05-9091-B643A9456267}" = EarthLink Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini
"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files
"{419C98C4-D884-4174-B710-CBF3863767DA}" = Space Rocks
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5034E22F-C283-4A1E-9753-AFB1AC87B298}" = EarthLink Accelerator
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E657D86-77B8-4D97-9E31-7D374469D3CB}" = Atomic Pop
"{6F0DE0D5-2556-4A64-9892-07BAE121B7EC}" = SabreWing 2
"{70af630e-2e1b-470f-b600-9ae48f0b94d0}.sdb" = Disney Interactive Compatibility Update May 2002
"{7797C70B-11EB-446A-9B1E-3D9039DB581F}" = TotalAccess Core Applications
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{83670AE5-73B8-49E0-933E-954987391587}" = EarthLink Update Manager
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF0DBCA4-1DBA-4507-89CC-883B25920FFB}" = War Games Virtual Warfare Demo
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B279B0DA-6F60-4FBD-9847-0C9AB79A3674}" = PigPen
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}" = EarthLink Toolbar
"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}" = EarthLink FastLane
"{BF225650-36EB-45E8-9666-572A88F31D59}" = Dark Orbit
"{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}" = EarthLink Common Authentication
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1CD48D-7B18-4254-B43D-AEAB704AB063}" = EarthLink MailBox
"{CDAFD956-97BE-443D-8EF7-F4F094EB5766}_SAV_2DSAVER" = Inbox.com Slideshow Screensaver
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6CAB2F4-26A4-48F4-A35D-CA83063E3928}" = Speedway
"{D6F6456A-DB80-4769-985C-E4F9342202D0}" = Blasterball Wild
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBDB8C5A-E0B9-4C10-A649-59D962E3A07F}" = EarthLink Webspace
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BackWeb-137903 Uninstaller" = hp center
"EarthLink 5.0" = EarthLink 5.0
"EarthLink TotalAccess 2004" = EarthLink Software
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"HP Instant Support" = HP Instant Support
"HP Officejet All-In-One Series" = HP Officejet All-In-One Series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Professional Resume Creator" = Professional Resume Creator
"PS2" = PS2
"QuickTime" = QuickTime
"Registry Mechanic_is1" = Registry Mechanic 8.0
"The Print Shop Premier Edition 5.0" = The Print Shop Premier Edition 5.0
"WildTangentDDC" = WildTangent Channel Manager
"Windows CE Services" = Microsoft ActiveSync 3.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2009 8:28:49 PM | Computer Name = DWP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 8:30:49 PM | Computer Name = DWP | Source = Application Error | ID = 1000
Description = Faulting application mailclnt.exe, version 2005.2.15.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/1/2009 2:20:30 PM | Computer Name = DWP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module protctie.dll, version 4.2.94.0, fault address 0x00007827.

Error - 10/1/2009 2:36:21 PM | Computer Name = DWP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module protctie.dll, version 4.2.94.0, fault address 0x0002f2ad.

Error - 10/1/2009 10:03:58 PM | Computer Name = DWP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2009 7:31:31 PM | Computer Name = DWP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1452 (0x5ac) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Owner\Desktop\dds.pif

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 10/3/2009 1:58:46 AM | Computer Name = DWP | Source = Application Error | ID = 1000
Description = Faulting application TFService.exe, version 4.9.3.31, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00010b2c.

Error - 10/7/2009 4:10:07 PM | Computer Name = DWP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module protctie.dll, version 4.2.94.0, fault address 0x00007827.

Error - 10/8/2009 3:06:24 PM | Computer Name = DWP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/8/2009 6:20:29 PM | Computer Name = DWP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module protctie.dll, version 4.2.94.0, fault address 0x00007827.

[ System Events ]
Error - 10/3/2009 2:05:09 AM | Computer Name = DWP | Source = Service Control Manager | ID = 7034
Description = The ThreatFire service terminated unexpectedly. It has done this
1 time(s).

Error - 10/3/2009 11:35:37 AM | Computer Name = DWP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/3/2009 11:35:37 AM | Computer Name = DWP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/3/2009 11:35:37 AM | Computer Name = DWP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/8/2009 2:54:20 PM | Computer Name = DWP | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/8/2009 3:06:30 PM | Computer Name = DWP | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).

Error - 10/8/2009 3:06:59 PM | Computer Name = DWP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 10/8/2009 3:40:20 PM | Computer Name = DWP | Source = DCOM | ID = 10010
Description = The server {CDAFD956-97BE-443D-8EF7-F4F094EB5766} did not register
with DCOM within the required timeout.

Error - 10/8/2009 3:44:45 PM | Computer Name = DWP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

ok here is the two files Thanks for the help and quick responce
Error - 10/8/2009 3:45:22 PM | Computer Name = DWP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

< End of report >

#9 Farbar

Just Curious

Security Developer
21,719 posts
OFFLINE

Gender:Male
Location:The Netherlands
Local time:08:34 PM

Posted 08 October 2009 - 06:43 PM

I see from the log you are using a registry cleaner (Registry Mechanic). It is even scheduled to run. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.

Please open OTL.

Copy the text in code box and paste it to Custom Scans/Fixes section:

:Processes
explorer.exe

:files
C:\Documents and Settings\All Users\Application Data\PC Tools
:otl
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O4 - HKLM..\RunOnceEx: [] File not found
O15 - HKU\S-1-5-21-3962937336-3615762775-2885428501-1003\..Trusted Domains: internet ([]about in Trusted sites)
O18 - Protocol\Handler\ipp - No CLSID value found

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-
[HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
@="Microsoft Url Search Hook"
[HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]
@="C:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
:commands
[emptytemp]
[Reboot]

Click Run Fix button.
If the fix needed a reboot please do it.
After finished a log will open. Copy and paste the log to your reply.

Download RootRepeal.exe from one of these download locations and save it to your desktop:
http://download.bleepingcomputer.com/rootr.../RootRepeal.exe
http://ad13.geekstogo.com/RootRepeal.exe
http://rootrepeal.psikotick.com/RootRepeal.exe
- Open on your desktop.
- Click the tab.
- Click the button.
- Check all seven boxes:
- Click Ok.
- Check the box for your main system drive (Usually C:), and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

#10 dpking1

Topic Starter

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 09 October 2009 - 02:21 PM

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\PC Tools\ThreatFire moved successfully.
C:\Documents and Settings\All Users\Application Data\PC Tools\Temp moved successfully.
C:\Documents and Settings\All Users\Application Data\PC Tools moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3962937336-3615762775-2885428501-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\@|"Microsoft Url Search Hook" /E : value set successfully!
HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32\\@|"C:\\WINDOWS\\system32\\ieframe.dll" /E : value set successfully!
HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32\\"ThreadingModel"|"Apartment" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"|"Microsoft Url Search Hook" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 226502 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.JAD
->Temp folder emptied: 3565924 bytes
->Temporary Internet Files folder emptied: 1381705 bytes

User: All Users

User: Default User
->Temp folder emptied: 14552447 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Karen
->Temp folder emptied: 16306036 bytes
->Temporary Internet Files folder emptied: 27830705 bytes
->Java cache emptied: 20611 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66252 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 433750 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 104294063 bytes

User: Owner
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\WCESCOMM.LOG scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DFFCC1.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 3025633 bytes
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WVYQQVFY\topic257858[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GS4XNDDY\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 10467871 bytes
->Java cache emptied: 40158263 bytes
->Apple Safari cache emptied: 1220647 bytes

C:\MCAE174.tmp folder deleted successfully.
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 58371 bytes
%systemroot%\System32 .tmp files removed: 4005393 bytes
File delete failed. C:\WINDOWS\temp\mcafee_HeAxcpdp0FvvrNH scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_EfyBrV0QZCq9Ntq scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_kxKqAQjV4lswdDd scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_mgoF5KIJ2R5iCQe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 21188002 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 237.34 mb

OTL by OldTimer - Version 3.0.18.4 log created on 10092009_140116

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\WCESCOMM.LOG moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFFCC1.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WVYQQVFY\topic257858[2].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GS4XNDDY\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\mcafee_HeAxcpdp0FvvrNH not found!
C:\WINDOWS\temp\mcmsc_EfyBrV0QZCq9Ntq moved successfully.
File\Folder C:\WINDOWS\temp\mcmsc_kxKqAQjV4lswdDd not found!
File\Folder C:\WINDOWS\temp\mcmsc_mgoF5KIJ2R5iCQe not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat not found!

Registry entries deleted on Reboot...
Sorry i go to work at 4am so i go to bed early thanks i will do the root kill now and have it shortly

#11 dpking1

Topic Starter

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 09 October 2009 - 03:25 PM

when i tried to run root repeal i had an error box come up and it was titled root repeal error box inside the box was error - invalid p e image found! and then i pressed ok and did the scan and about after 5 min a blue screen came up when i run rootrepeal (i did this twice) the scan will finish then shut my computer down the message i get is a blue screen a problem has been detected and windows has been to prevent damage to your computer.
KERNAL_DATA_IMAGE_ERROR if this is the first time you have seen this stop error screen restart your computer(which happened twice) restart your computer if this appears again follow these steps (Which it doesnt) make sure any new hardware or software is properly installed if this is a new installlation,,ask your hardware or software manufacture for any windows up dates you might need.
Technical information:
***stop 0x00000077 (0x000000e,0xc000000e,0x00000000,0x05f8c000)
Beginning dump of physical memry

#12 Farbar

Just Curious

Security Developer
21,719 posts
OFFLINE

Gender:Male
Location:The Netherlands
Local time:08:34 PM

Posted 09 October 2009 - 03:31 PM

Please follow the Step # 2 from Post # 5.

#13 dpking1

Topic Starter

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 09 October 2009 - 04:18 PM

l_4faedaaa49e04e24850046934d8890fe__1.JPG 130.83KB 6 downloads
I hope this worked it was perty frustrating trying to figure out how to send it to you hope i did it right.

#14 dpking1

Topic Starter

Members
13 posts
OFFLINE

Local time:02:34 PM

Posted 09 October 2009 - 04:21 PM

i can see this didnt work can you help me on how i can contain it and send it to you its not leting me save as an attachement or copy and paste

#15 Farbar

Just Curious

Security Developer
21,719 posts
OFFLINE

Gender:Male
Location:The Netherlands
Local time:08:34 PM

Posted 09 October 2009 - 05:32 PM

A nice picture.

You remove it if it is too private:

Use the windows search advanced options:

Go to start -> Search -> click All files and folders.
Click More advanced options.
Put a check mark in the box nest to search system folders, search hidden files and folders and search sub-folders.
Make sure Case Sensitive box in not checked.
Type mini*.dmp in the upper box and click on search.

Zip the file. Then or attach it OR upload it.

To do that:

Go to the directory where it is located.
Right-click the selected file and select Send To from the Context menu => select Compressed (zip) Folder
Click Yes to any prompt. A zip file will be created in the same directory.

To upload the file:

Click on this link: http://www.bleepingcomputer.com/submit-mal....php?channel=66
Click Browse... and navigate to the zip file and highlight it to select.
Click Open.
Copy the link to this topic in the appropriate box.
Click Send File.

To attach the file:

When you press the ADDREPLY, under the reply window press Browse... show the path to the zip-file on your computer:
Highlight the zip-file and click Open then press the green UPLOAD button.

Alternatively, instead of zipping and attaching, you can upload the file to the following site and give me the link to the file:
http://www.mediafire.com/