Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Police Pro(or something else?)


  • Please log in to reply
17 replies to this topic

#1 antonior

antonior

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 28 September 2009 - 06:13 AM

i have been redirected too over here and been asked too post the link too my old post http://www.bleepingcomputer.com/forums/t/257292/windows-police-pro/
so when i try to to do that preparation for this guide.. i was stuck at running the DDS program
a pop up came up and says "Windows cannot find 'cmd'. Make sure you type the name correctly, and then try again. To search file, click the start button, and then search." it have a botton to click ok also.

BC AdBot (Login to Remove)

 


#2 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 October 2009 - 03:36 PM

OTL Extras logfile created on: 10/1/2009 4:22:45 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.81% Memory free
3.39 Gb Paging File | 2.76 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): C:\pagefile.sys 1576 2152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.03 Gb Total Space | 61.05 Gb Free Space | 42.09% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.37 Gb Free Space | 59.24% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TONY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\mcafeeantivirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"12574:TCP" = 12574:TCP:*:Enabled:BitComet 12574 TCP
"12574:UDP" = 12574:UDP:*:Enabled:BitComet 12574 UDP
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1149931830\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1149931830\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft -- (Blizzard Entertainment)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- (McAfee)
"C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 18a78160\Launcher.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 18a78160\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 6ad63f80\Launcher.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 6ad63f80\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 70cc9d80\Launcher.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 70cc9d80\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 83cc9548\Launcher.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 83cc9548\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\McAfee\MSC\mcinfo.exe" = C:\Program Files\McAfee\MSC\mcinfo.exe:*:Enabled:mcinfo -- (McAfee, Inc.)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin -- (Microsoft Corporation)
"C:\WINDOWS\system32\drwtsn32.exe" = C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:drwtsn32 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\logonui.exe" = C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\q4v5dj.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\q4v5dj.exe:*:Enabled:q4v5dj -- File not found
"C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0345520E-2A04-4A36-BC31-353AE87A6092}" = RPS Diagnostic Utility
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0818687F-F41F-496D-9D6D-DB98F147FC62}" = RPS Firewall
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1E164156-3FA1-4389-9B0B-28E88B879639}" = RPS AsRealtime
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{295F5142-A223-4164-9A6D-6683C08409FC}" = RPS RpsCore
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2F4BFC9D-17D7-447A-AEA2-467892D876B3}" = RPS App Detector
"{310F26F3-C769-48E5-BD0D-53D4366C34CD}" = RPS PopupBlocker
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C73A54-1428-4893-B041-58AA594F4ACD}" = RedLightCenter
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DE72179-FEF4-4846-BF82-62CBFC61F8D7}" = RPS Performance Tool
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4AA73DA8-8D69-44ED-B5D7-CB815C81F83E}" = RPS Zip
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{537654FC-556A-4992-BF3D-ADC05E7009DC}" = RPS AntiFraud
"{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}" = Comcast Universal Installer v1.2
"{58A2663B-56DC-488F-8E29-D44C6DE053B5}" = RPS Security Cleanup
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D11FED9-4214-40A6-A6CA-3CFBAC20DA36}" = RPS Burn
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{904847DA-FBC0-4726-BE73-830FCB9D4E8A}" = RPS Backup
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99E6E9E1-BBCD-4294-93C6-08537A9E92CB}" = RPS AntiSpyware
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC82BF06-223B-42AA-A89F-2D3BCD247366}" = RPS Privacy Manager
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF99E78-879B-4811-BFEF-3CC7057BC00D}" = RPS Ad Blocker
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C70EF769-8296-4ED0-966F-D624BC6D4927}" = Authentium AntiVirus SDK - 2
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D7DF917E-C963-42B4-AD48-837ACA6D8859}" = AT&T Internet Security Suite
"{D7FB76C8-3A76-49A1-B1A4-C686E4B067B9}" = BellSouth Wireless LAN USB Adapter
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E5E7B0D0-20E1-4B1A-B8C9-B9E2B93DE1DE}" = RPS ParentalControl
"{E85A45C2-290F-4C4A-9363-B6399EE648A9}" = RPS AntiVirus
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F24862FD-DDC7-490D-AC02-8797B575D6A9}" = SpaMsiWrapper
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"BigFix" = BigFix
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ComcastToolbar" = Comcast Toolbar
"Deliverance-Online" = Deliverance-Online
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FrostWire" = FrostWire 4.18.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QcDrv" = Logitech® Camera Driver
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"Ragnarok Sakray" = Ragnarok Sakray
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Veoh Web Player Beta" = Veoh Web Player
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2009 4:00:21 AM | Computer Name = TONY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.15.101.0, faulting module
mvsscan.dll, version 13.15.101.0, fault address 0x00019fc0.

Error - 9/28/2009 10:18:23 PM | Computer Name = TONY | Source = Application Error | ID = 1000
Description = Faulting application wow.exe, version 3.2.2.10505, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 9/29/2009 4:00:23 AM | Computer Name = TONY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.15.101.0, faulting module
mvsscan.dll, version 13.15.101.0, fault address 0x00019fc0.

Error - 9/29/2009 6:41:57 PM | Computer Name = TONY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2009 6:42:14 PM | Computer Name = TONY | Source = Application Hang | ID = 1001
Description = Fault bucket 1437517761.

Error - 9/30/2009 4:00:21 AM | Computer Name = TONY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.15.101.0, faulting module
mvsscan.dll, version 13.15.101.0, fault address 0x00019fc0.

Error - 10/1/2009 4:00:12 AM | Computer Name = TONY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.15.101.0, faulting module
mvsscan.dll, version 13.15.101.0, fault address 0x00019fc0.

Error - 10/1/2009 5:13:54 AM | Computer Name = TONY | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Mail -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2762. The arguments are: , ,

Error - 10/1/2009 5:13:56 AM | Computer Name = TONY | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 10/1/2009 5:13:56 AM | Computer Name = TONY | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

[ System Events ]
Error - 10/1/2009 2:54:45 PM | Computer Name = TONY | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/1/2009 2:54:47 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 10/1/2009 2:54:47 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 10/1/2009 2:55:17 PM | Computer Name = TONY | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/1/2009 2:55:17 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 10/1/2009 3:00:00 PM | Computer Name = TONY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/1/2009 3:00:00 PM | Computer Name = TONY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/1/2009 3:06:26 PM | Computer Name = TONY | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/1/2009 3:06:26 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 10/1/2009 4:18:58 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.


< End of report >



OTL logfile created on: 10/1/2009 4:22:45 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.81% Memory free
3.39 Gb Paging File | 2.76 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): C:\pagefile.sys 1576 2152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.03 Gb Total Space | 61.05 Gb Free Space | 42.09% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.37 Gb Free Space | 59.24% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TONY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/28 17:09:14 | 00,293,104 | ---- | M] (AT&T) -- C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
PRC - [2004/10/15 16:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2009/03/26 16:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2004/10/15 16:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/11/27 15:02:46 | 00,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2006/10/09 20:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/12/19 14:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2006/08/11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/04/28 08:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2006/06/10 05:18:30 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/24 14:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/09/08 11:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/05/14 22:25:21 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/24 14:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/04/02 17:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 17:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/09/08 11:21:05 | 00,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/10 04:44:44 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/01 16:22:30 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/10/15 16:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Running])
SRV - [2009/03/26 16:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 12:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/01/15 09:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2006/01/26 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/11/27 15:02:46 | 00,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi [Auto | Running])
SRV - [2006/10/09 20:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/12/01 12:01:02 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2007/02/08 08:25:16 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/04/02 17:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/12/19 14:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - File not found -- -- (MSIServer [On_Demand | Stopped])
SRV - [2006/08/11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/28 08:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2008/04/28 08:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Stopped])
SRV - [2006/06/10 05:18:30 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2008/10/24 10:38:04 | 00,099,056 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe -- (RPSUpdaterR [On_Demand | Stopped])
SRV - [2007/06/28 17:09:14 | 00,293,104 | ---- | M] (AT&T) -- C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe -- (RP_FWS [Auto | Running])
SRV - [2008/04/24 14:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])
SRV - [2008/09/08 11:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/19 01:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [1999/09/10 08:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2006/01/15 09:48:08 | 01,477,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2007/11/26 17:33:52 | 00,835,792 | ---- | M] (Authentium, Inc) -- C:\WINDOWS\System32\DRIVERS\css-dvp.sys -- (CSS DVP [Auto | Running])
DRV - [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2008/04/25 07:38:22 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
DRV - [2005/10/16 09:00:00 | 00,012,928 | ---- | M] (Bo Brantén) -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk [System | Running])
DRV - [2009/03/19 17:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/03/16 20:50:36 | 00,221,440 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2005/03/16 20:51:16 | 01,033,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/04/06 02:20:44 | 04,258,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2005/05/27 05:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2004/03/16 23:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/07/08 13:44:20 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/07/08 13:43:46 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/07/08 13:44:20 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2001/08/17 16:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\DRIVERS\mxnic.sys -- (mxnic [On_Demand | Stopped])
DRV - [2006/08/11 21:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/09/17 07:23:58 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2005/01/31 06:20:04 | 00,211,712 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
DRV - [2004/08/10 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/01/09 07:18:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/04/19 12:24:32 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\System32\DRIVERS\rp_pkt32.sys -- (RPPKT [On_Demand | Running])
DRV - [2008/10/24 10:38:06 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT [Auto | Running])
DRV - [2006/01/18 06:41:00 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2007/02/20 15:07:56 | 00,005,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2003/12/17 20:58:08 | 00,082,888 | ---- | M] (SAMSUNG Electro-Mechanics Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\SWLD23U.sys -- (SWLD23U [On_Demand | Stopped])
DRV - [2003/05/02 13:26:18 | 00,053,690 | R--- | M] (Samsung Electro-Mechanics ) -- C:\WINDOWS\System32\Drivers\swlubtl.sys -- (swlubtl [On_Demand | Stopped])
DRV - [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2005/03/16 20:50:32 | 00,705,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3503
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Creative Commons"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://myspace.com/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.0.20071211
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/14 22:26:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{89588AB1-5A83-4C5E-A5AD-E9C380B02256}: C:\Documents and Settings\Owner\Local Settings\Application Data\{89588AB1-5A83-4C5E-A5AD-E9C380B02256} [2009/04/15 18:55:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/13 13:37:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 04:44:51 | 00,000,000 | ---D | M]

[2008/06/28 17:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/06/28 17:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/01 15:16:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\svlgkq39.default\extensions
[2007/11/20 14:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\svlgkq39.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2008/12/26 13:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\svlgkq39.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/03/04 18:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\svlgkq39.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/08/10 00:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\svlgkq39.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/06/13 00:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\svlgkq39.default\extensions\searchrecs@veoh.com
[2008/12/09 03:24:11 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\svlgkq39.default\searchplugins\aim-search.xml
[2007/10/30 23:11:40 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\svlgkq39.default\searchplugins\aolsearch.xml
[2009/09/30 15:38:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 04:44:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/15 10:35:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/11/30 05:17:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/27 08:23:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2007/08/28 22:04:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\real-networks@partners.mozilla.com
[2009/09/10 04:44:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 04:44:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2006/09/03 17:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/10/30 15:47:52 | 01,380,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 04:44:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/05/14 22:26:26 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/04/06 16:03:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/06 16:03:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/06 16:03:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/06 16:03:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/06 16:03:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/06 16:03:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/06 16:03:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/05/14 22:27:22 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/05/14 22:26:04 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint_.dll
[2008/12/01 12:01:02 | 00,114,540 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (ICQSys (IE PlugIn)) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\System32\dddesot.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (C:\WINDOWS\system32\sdfgerfgf3f.dll) - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\System32\sdfgerfgf3f.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [-FreedomNeedsReboot] C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe (AT&T)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] C:\DOCUME~1\Owner\LOCALS~1\Temp\q4v5dj.exe File not found
O4 - HKCU..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\4085964932.exe File not found
O4 - HKCU..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe File not found
O4 - HKCU..\Run: [system tool] C:\WINDOWS\sysguard.exe File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [Windows Resurections] C:\DOCUME~1\Owner\LOCALS~1\Temp\q4v5dj.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/04 15:42:03 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/04 15:42:03 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/04 15:42:03 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/04 15:42:03 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: myspace.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: regions.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: wthdethecus.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wemetuvi.dll) - C:\WINDOWS\System32\wemetuvi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pawafilo.dll) - C:\WINDOWS\System32\pawafilo.dll File not found
O20 - AppInit_DLLs: (qfloxy.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\sipulako.dll) - C:\WINDOWS\System32\sipulako.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\wofovelo.dll) - C:\WINDOWS\System32\wofovelo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - Winlogon\Notify\__c003F75B: DllName - C:\WINDOWS\system32\__c003F75B.dat - C:\WINDOWS\System32\__c003F75B.dat File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\vtUmKAQH: DllName - vtUmKAQH.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - CLSID or File not found.
O22 - SharedTaskScheduler: {E2BA40A2-74F3-42BD-F434-2604812C8953} - sdfg54y54yhhgth6w4efvrg - C:\WINDOWS\System32\sdfgerfgf3f.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iifEwUOE.dll) - C:\WINDOWS\System32\iifEwUOE.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{d8b20aa1-f860-11da-b187-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b20aa1-f860-11da-b187-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\kebowize
[2009/09/28 07:03:46 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/09/28 07:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/09/28 07:03:38 | 00,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/23 22:27:48 | 00,001,205 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ssjbrolly4005@hotmail.com Sharing Folders Archive.lnk
[2009/09/19 09:04:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/09/19 09:04:03 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/09/19 01:56:02 | 00,001,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Perfect World International.lnk
[2009/09/19 01:42:34 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect World Entertainment
[2009/09/19 01:19:31 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2009/09/19 00:01:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/09/13 14:30:12 | 21,450,26048 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/13 08:10:53 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/09/13 07:10:45 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\bincd32.dat
[2009/09/13 00:38:57 | 00,008,547 | ---- | C] () -- C:\WINDOWS\System32\wispex.html
[2009/09/13 00:38:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/09/13 00:16:16 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/09/13 00:16:09 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/09/13 00:16:08 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/09/13 00:16:08 | 00,000,004 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/09/13 00:16:04 | 00,000,038 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/09/13 00:14:51 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/06/14 08:06:14 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\drivers\SKYNETiqppjnqh.sys
[2009/05/10 11:27:56 | 00,213,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2008/12/26 23:05:57 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/22 19:20:48 | 01,472,971 | -HS- | C] () -- C:\WINDOWS\System32\dscotmmq.ini
[2008/06/22 19:14:44 | 00,745,535 | -HS- | C] () -- C:\WINDOWS\System32\EOUwEfii.ini2
[2008/06/22 19:14:43 | 00,745,540 | -HS- | C] () -- C:\WINDOWS\System32\EOUwEfii.ini
[2008/06/22 10:45:28 | 00,885,354 | -HS- | C] () -- C:\WINDOWS\System32\phsfgiur.ini
[2008/06/22 10:39:26 | 00,752,119 | -HS- | C] () -- C:\WINDOWS\System32\cKQWxyxx.ini2
[2008/06/22 10:39:24 | 00,752,119 | -HS- | C] () -- C:\WINDOWS\System32\cKQWxyxx.ini
[2008/06/21 08:12:32 | 00,896,474 | -HS- | C] () -- C:\WINDOWS\System32\prijqdes.ini
[2008/06/21 08:06:27 | 00,800,248 | -HS- | C] () -- C:\WINDOWS\System32\VCegPqru.ini2
[2008/06/21 08:06:26 | 00,748,718 | -HS- | C] () -- C:\WINDOWS\System32\VCegPqru.ini
[2008/06/20 08:01:14 | 01,064,421 | -HS- | C] () -- C:\WINDOWS\System32\jjkyrqpl.ini
[2008/06/20 07:55:06 | 00,747,045 | -HS- | C] () -- C:\WINDOWS\System32\CIPXFLRu.ini2
[2008/06/20 07:55:05 | 00,749,310 | -HS- | C] () -- C:\WINDOWS\System32\CIPXFLRu.ini
[2008/06/19 10:27:57 | 01,205,645 | -HS- | C] () -- C:\WINDOWS\System32\hllaviyj.ini
[2008/06/18 10:24:44 | 01,537,826 | -HS- | C] () -- C:\WINDOWS\System32\fpmydfba.ini
[2008/06/17 10:24:44 | 01,407,266 | -HS- | C] () -- C:\WINDOWS\System32\yqubvuhw.ini
[2008/06/16 10:25:41 | 01,352,335 | -HS- | C] () -- C:\WINDOWS\System32\twkwvhsi.ini
[2008/06/15 10:25:45 | 01,352,203 | -HS- | C] () -- C:\WINDOWS\System32\wkainevk.ini
[2008/06/15 10:19:39 | 00,780,417 | -HS- | C] () -- C:\WINDOWS\System32\XIhRstwa.ini2
[2008/06/15 10:19:38 | 00,780,417 | -HS- | C] () -- C:\WINDOWS\System32\XIhRstwa.ini
[2008/06/14 07:51:21 | 01,352,981 | -HS- | C] () -- C:\WINDOWS\System32\gjkleigr.ini
[2008/06/13 07:48:20 | 01,801,309 | -HS- | C] () -- C:\WINDOWS\System32\pfxccodr.ini
[2008/06/13 07:42:17 | 00,735,180 | -HS- | C] () -- C:\WINDOWS\System32\uDLTAJjl.ini2
[2008/06/13 07:42:16 | 00,735,418 | -HS- | C] () -- C:\WINDOWS\System32\uDLTAJjl.ini
[2008/06/12 21:44:40 | 01,544,524 | -HS- | C] () -- C:\WINDOWS\System32\rlllifxo.ini
[2008/06/11 21:41:42 | 01,687,897 | -HS- | C] () -- C:\WINDOWS\System32\kummitnw.ini
[2008/06/11 21:35:35 | 00,683,211 | -HS- | C] () -- C:\WINDOWS\System32\EOYJlkkj.ini2
[2008/06/11 21:35:34 | 00,683,211 | -HS- | C] () -- C:\WINDOWS\System32\EOYJlkkj.ini
[2008/06/11 15:38:56 | 01,603,341 | -HS- | C] () -- C:\WINDOWS\System32\pmprcvhv.ini
[2008/06/11 15:32:50 | 00,766,699 | -HS- | C] () -- C:\WINDOWS\System32\nnmmpXbc.ini2
[2008/06/11 15:32:49 | 00,766,757 | -HS- | C] () -- C:\WINDOWS\System32\nnmmpXbc.ini
[2008/06/10 17:33:47 | 01,544,851 | -HS- | C] () -- C:\WINDOWS\System32\qosaftfn.ini
[2008/06/10 17:30:41 | 00,729,624 | -HS- | C] () -- C:\WINDOWS\System32\BKTAHkkj.ini2
[2008/06/10 17:30:40 | 00,729,624 | -HS- | C] () -- C:\WINDOWS\System32\BKTAHkkj.ini
[2008/06/10 15:38:47 | 01,581,176 | -HS- | C] () -- C:\WINDOWS\System32\pioccmpm.ini
[2008/06/10 15:13:38 | 01,584,253 | -HS- | C] () -- C:\WINDOWS\System32\oilelwck.ini
[2008/06/09 16:23:30 | 01,584,133 | -HS- | C] () -- C:\WINDOWS\System32\wouisnlm.ini
[2008/06/09 15:20:19 | 01,831,373 | -HS- | C] () -- C:\WINDOWS\System32\wevukdhu.ini
[2008/06/08 11:43:51 | 01,610,432 | -HS- | C] () -- C:\WINDOWS\System32\viaschvw.ini
[2008/06/07 12:00:25 | 01,610,372 | -HS- | C] () -- C:\WINDOWS\System32\hlamwkgq.ini
[2008/06/06 12:00:21 | 01,610,252 | -HS- | C] () -- C:\WINDOWS\System32\hooogvga.ini
[2008/06/06 11:53:19 | 01,635,001 | -HS- | C] () -- C:\WINDOWS\System32\jocrluaq.ini
[2008/06/05 19:56:26 | 01,630,179 | -HS- | C] () -- C:\WINDOWS\System32\ekenuxhu.ini
[2008/06/05 11:40:27 | 01,672,289 | -HS- | C] () -- C:\WINDOWS\System32\esgiojco.ini
[2008/06/04 11:43:25 | 01,554,465 | -HS- | C] () -- C:\WINDOWS\System32\epkfadqi.ini
[2008/06/03 11:43:33 | 01,514,753 | -HS- | C] () -- C:\WINDOWS\System32\lhnkihex.ini
[2008/06/02 11:37:04 | 01,529,701 | -HS- | C] () -- C:\WINDOWS\System32\hftnuper.ini
[2008/06/01 11:38:30 | 01,502,745 | -HS- | C] () -- C:\WINDOWS\System32\sdlbhpqw.ini
[2008/05/31 11:35:32 | 01,502,685 | -HS- | C] () -- C:\WINDOWS\System32\wyrvpjlo.ini
[2008/05/30 11:39:27 | 01,209,592 | -HS- | C] () -- C:\WINDOWS\System32\nokgvthk.ini
[2008/05/29 11:37:25 | 01,209,532 | -HS- | C] () -- C:\WINDOWS\System32\yufaqwrs.ini
[2008/05/28 11:38:00 | 01,176,311 | -HS- | C] () -- C:\WINDOWS\System32\nugynqsr.ini
[2008/05/27 14:02:27 | 01,090,082 | -HS- | C] () -- C:\WINDOWS\System32\wjnpdjsx.ini
[2008/05/27 09:06:10 | 01,072,046 | -HS- | C] () -- C:\WINDOWS\System32\aywrhvox.ini
[2008/05/26 08:58:30 | 01,114,295 | -HS- | C] () -- C:\WINDOWS\System32\mewmjrxx.ini
[2008/05/26 08:39:56 | 01,016,935 | -HS- | C] () -- C:\WINDOWS\System32\mxefpilm.ini
[2008/05/25 13:00:30 | 00,995,104 | -HS- | C] () -- C:\WINDOWS\System32\jccffhpf.ini
[2008/05/25 10:35:47 | 00,995,044 | -HS- | C] () -- C:\WINDOWS\System32\kwmaqvxq.ini
[2008/05/25 10:32:46 | 00,730,008 | -HS- | C] () -- C:\WINDOWS\System32\Yxwxyccf.ini2
[2008/05/25 10:32:45 | 00,730,008 | -HS- | C] () -- C:\WINDOWS\System32\Yxwxyccf.ini
[2008/05/24 10:30:26 | 00,995,223 | -HS- | C] () -- C:\WINDOWS\System32\gjnrcwsp.ini
[2008/05/23 10:28:14 | 01,120,888 | -HS- | C] () -- C:\WINDOWS\System32\thmeipca.ini
[2008/05/22 10:32:17 | 01,186,037 | -HS- | C] () -- C:\WINDOWS\System32\wbniihiy.ini
[2008/05/21 10:26:19 | 01,335,361 | -HS- | C] () -- C:\WINDOWS\System32\amrengab.ini
[2008/05/21 10:20:15 | 00,895,035 | -HS- | C] () -- C:\WINDOWS\System32\qsuBHkkj.ini
[2008/05/20 20:05:35 | 01,437,993 | -HS- | C] () -- C:\WINDOWS\System32\sjxmljhi.ini
[2008/05/19 20:37:00 | 01,375,707 | -HS- | C] () -- C:\WINDOWS\System32\lsnebaja.ini
[2008/05/18 20:30:07 | 01,698,878 | -HS- | C] () -- C:\WINDOWS\System32\dtxkikku.ini
[2008/05/18 20:24:59 | 00,003,648 | ---- | C] () -- C:\WINDOWS\System32\sdppnxbg.dll
[2008/05/18 08:36:25 | 01,435,492 | -HS- | C] () -- C:\WINDOWS\System32\uhrbpfre.ini
[2008/05/18 08:30:58 | 00,003,648 | ---- | C] () -- C:\WINDOWS\System32\icevngwd.dll
[2008/05/17 08:43:46 | 01,435,372 | -HS- | C] () -- C:\WINDOWS\System32\vudlqrid.ini
[2008/05/17 08:31:44 | 00,003,648 | ---- | C] () -- C:\WINDOWS\System32\pwrwxoxv.dll
[2008/05/16 08:34:46 | 01,437,123 | -HS- | C] () -- C:\WINDOWS\System32\nebosenc.ini
[2008/05/16 08:31:44 | 00,003,648 | ---- | C] () -- C:\WINDOWS\System32\tityibcc.dll
[2008/05/16 08:28:43 | 00,736,043 | -HS- | C] () -- C:\WINDOWS\System32\DJRAJkkj.ini2
[2008/05/16 08:28:41 | 00,736,043 | -HS- | C] () -- C:\WINDOWS\System32\DJRAJkkj.ini
[2008/05/15 13:32:11 | 01,546,566 | -HS- | C] () -- C:\WINDOWS\System32\umcyjnhx.ini
[2008/05/15 13:26:06 | 00,003,648 | ---- | C] () -- C:\WINDOWS\System32\pxqqsqvs.dll
[2008/05/15 04:27:04 | 01,539,258 | -HS- | C] () -- C:\WINDOWS\System32\twxcygwk.ini
[2008/05/15 04:20:56 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/05/15 04:17:55 | 00,003,648 | ---- | C] () -- C:\WINDOWS\System32\lhfhwwwy.dll
[2008/05/11 08:39:05 | 00,057,903 | -HS- | C] () -- C:\WINDOWS\System32\rYbHjkkj.ini2
[2008/05/11 08:39:04 | 00,057,903 | -HS- | C] () -- C:\WINDOWS\System32\rYbHjkkj.ini
[2008/05/08 20:46:48 | 00,008,646 | -HS- | C] () -- C:\WINDOWS\System32\bJStwyay.ini2
[2008/05/08 20:46:48 | 00,008,646 | -HS- | C] () -- C:\WINDOWS\System32\bJStwyay.ini
[2008/05/05 16:50:41 | 00,057,776 | -HS- | C] () -- C:\WINDOWS\System32\UuBLkUvw.ini2
[2008/05/05 16:50:38 | 00,057,776 | -HS- | C] () -- C:\WINDOWS\System32\UuBLkUvw.ini
[2008/04/27 19:25:39 | 00,037,804 | -HS- | C] () -- C:\WINDOWS\System32\EMmmlnnn.ini2
[2008/04/27 19:25:38 | 00,037,804 | -HS- | C] () -- C:\WINDOWS\System32\EMmmlnnn.ini
[2008/04/27 03:36:59 | 00,017,071 | -HS- | C] () -- C:\WINDOWS\System32\QtEMnnnn.ini2
[2008/04/27 03:36:57 | 00,017,071 | -HS- | C] () -- C:\WINDOWS\System32\QtEMnnnn.ini
[2008/04/26 21:21:04 | 00,049,731 | -HS- | C] () -- C:\WINDOWS\System32\kUvFOnpo.ini2
[2008/04/26 21:21:02 | 00,049,731 | -HS- | C] () -- C:\WINDOWS\System32\kUvFOnpo.ini
[2008/04/25 20:42:21 | 00,006,524 | -HS- | C] () -- C:\WINDOWS\System32\RttwDcdd.ini2
[2008/04/25 20:42:18 | 00,006,524 | -HS- | C] () -- C:\WINDOWS\System32\RttwDcdd.ini
[2008/04/25 15:54:57 | 00,018,832 | -HS- | C] () -- C:\WINDOWS\System32\VvGilnnn.ini2
[2008/04/25 15:54:56 | 00,018,832 | -HS- | C] () -- C:\WINDOWS\System32\VvGilnnn.ini
[2008/04/17 16:35:15 | 00,034,679 | -HS- | C] () -- C:\WINDOWS\System32\CLmVwGgh.ini2
[2008/04/17 16:35:14 | 00,034,679 | -HS- | C] () -- C:\WINDOWS\System32\CLmVwGgh.ini
[2008/04/16 19:28:02 | 00,009,389 | -HS- | C] () -- C:\WINDOWS\System32\HRttsBeg.ini2
[2008/04/16 19:28:01 | 00,009,389 | -HS- | C] () -- C:\WINDOWS\System32\HRttsBeg.ini
[2008/04/09 04:03:44 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/07 14:01:07 | 00,000,070 | ---- | C] () -- C:\WINDOWS\60283FF6.ini
[2007/02/20 15:07:56 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/12/21 22:48:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/12/16 15:09:42 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/16 17:13:43 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/11/16 17:13:19 | 00,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/11/04 00:00:34 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/11/04 00:00:15 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/11/04 00:00:13 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:10 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 21:43:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 21:43:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 21:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 21:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/10 05:27:58 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/06/10 05:22:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 19:49:16 | 00,001,442 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 00,000,497 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:33 | 00,000,744 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 19:48:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/01 14:55:14 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/01 14:55:11 | 00,006,961 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/01 14:55:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/01 14:54:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/01 14:54:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/01 14:54:07 | 21,450,26048 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/28 10:18:24 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/28 07:03:38 | 00,000,063 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/09/25 04:33:52 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 22:27:48 | 00,001,205 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ssjbrolly4005@hotmail.com Sharing Folders Archive.lnk
[2009/09/19 09:04:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/09/19 01:56:02 | 00,001,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Perfect World International.lnk
[2009/09/18 16:33:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/15 01:00:03 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/09/13 13:45:27 | 00,000,058 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/09/13 13:45:27 | 00,000,004 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/09/13 13:38:48 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\bincd32.dat
[2009/09/13 08:10:54 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/09/13 00:16:16 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/09/13 00:16:09 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/09/13 00:16:04 | 00,000,038 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/09/01 20:42:33 | 00,431,376 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/01 20:42:33 | 00,070,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:20 AM

Posted 05 October 2009 - 09:50 PM

Hello antonior,

Please tell me the antivirus you are using.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 07 October 2009 - 07:42 AM

McAfee SecurityCenter

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:20 AM

Posted 07 October 2009 - 12:05 PM

Hi antonior,

Let's clear out your temp files first

Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

Then close Firefox and then reopen it.


Now let's see what else is in the PC

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it combo-fix.exe
  • Disable your McAfee SecurityCenter. Otherwise it may interfere with our tools. To Disable McAfeee Security Center
    Posted Image
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by SifuMike, 07 October 2009 - 12:07 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 09 October 2009 - 02:10 PM

i wasnt able to produce an log :( when i save it as combo-fix.exe on my desktop and double click it... it show a bar with lines and it fills up fast and nothing happen afterwards and yes i had disable my McAfee

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:20 AM

Posted 09 October 2009 - 02:56 PM

You can try running Combo-Fix with
SAFE MODE WITH NETWORKING

How to boot to Safe Mode with Networking
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode with Networking" from the menu......,then press the "Enter" key.



When you bootup to the safe mode menu screen, select from the following option:
Safe Mode with Networking
This option loads all these files and drivers and the services and drivers necessary to start networking.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 14 October 2009 - 02:45 PM

had started up in safe mode with networking and still didnt work, also am using firefox if it means anything too. had rename the file combo-fix.exe as said and nothing :(

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:20 AM

Posted 14 October 2009 - 02:50 PM

Use IE not Firefox.

Try it again.

Are you waiting while Combo-Fix runs to completion? It my take one half hour or longer to complete.

Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work!

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

Edited by SifuMike, 14 October 2009 - 02:56 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 16 October 2009 - 02:25 PM

i went too try do this with IE and windows police pro had popped up :(

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:20 AM

Posted 16 October 2009 - 02:29 PM

i went too try do this with IE and windows police pro had popped up



Of course it popups! :( You have not run any program to remove it.

Did ComboFix run?



Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 16 October 2009 - 02:42 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 16 October 2009 - 03:58 PM

dunno if i should post it but here the log.

Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/16/2009 4:57:08 PM
mbam-log-2009-10-16 (16-57-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 215423
Time elapsed: 31 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 29
Registry Values Infected: 9
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\rotscxpkltfqxo.dll (Rootkit.TDSS) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77dc0b63-ff35-4ba9-8be8-aa9eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0b63-ff35-4ba9-8be8-aa9eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0b63-ff35-4ba9-8be8-aa9eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003f75b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\skynettkalxudy (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System tool (Rogue.SysGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVCHOST.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\pump.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:
\\?\globalroot\systemroot\system32\rotscxpkltfqxo.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\Windows Police Pro.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icevngwd.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lhfhwwwy.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plugie.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwrwxoxv.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxqqsqvs.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdppnxbg.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tityibcc.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yexuwqeupc.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcm80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcp80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcr80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETltqowktq.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETpappyrdq.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM87824c17.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM87824c17.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\SKYNETiqppjnqh.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.

#13 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 16 October 2009 - 04:13 PM

had restart pc after log and got an error, here what the info it gave me
BCCode : 1000008e BCP1 : C0000005 BCP2 : B60E228F BCP3 : B556FD70
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

dunno if that gotta deal with the problem tho

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:20 AM

Posted 16 October 2009 - 05:38 PM

Hi antonior


Yes, you did the right thing by posting the Malwarebytes log. I need to see what it removed.

But you will need to run it again.


Please read and follow this
Remove Windows Police Pro (Removal Guide)
then post the Malwarebytes log.

Edited by SifuMike, 16 October 2009 - 06:04 PM.
insert removal guide

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 antonior

antonior
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 17 October 2009 - 06:54 AM

here is the 2nd one, first time i done it i done it in safe mood with network btw 2nd time it didnt came up but i did the scan again


Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3

10/17/2009 7:51:00 AM
mbam-log-2009-10-17 (07-51-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 218429
Time elapsed: 2 hour(s), 21 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\rotscxpkltfqxo.dll (Rootkit.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\rotscxpkltfqxo.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rotscxcdjmwhtj.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxepewstll.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxpkltfqxo.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxpyargftq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\rotscxmphqixns.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\rotscxrhvrapqqhe.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxbisrgvnk.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxltoqxwbt.dat (Rootkit.TDSS) -> Delete on reboot.

edit...

when i had reboot scurity tool pop up and it doesnt show my icon on desktop. so i open firefox again and follow the steps to get it remove, when i start to do step number 6 "Scroll through the list of running programs until you see a process that has a filename consisting of random numbers and that has a shield icon next to it. An example Security Tool process has a filename of 01880320.exe. When you see this process, select it by left-clicking on it once so it becomes highlighted. Then click on the red X button as shown in the image below. " i wasnt able to find the filename but it had only pop up once. rebooting now again.

Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3

10/17/2009 8:27:50 AM
mbam-log-2009-10-17 (08-27-50).txt

Scan type: Quick Scan
Objects scanned: 106984
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rotscxviqxevbo (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\03944121 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

Edited by antonior, 17 October 2009 - 07:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users