Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mu Computers HijackThis Logs


  • Please log in to reply
8 replies to this topic

#1 pochinero

pochinero

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 30 September 2009 - 05:49 PM

Well I've ran the HijackThis, the RootRepeal and the DDS programs but don't know what to do now! I'm attaching the reports that were generated for the programs. My computer doesn't allow me access to all of its files, says "Access Denied". I really don't know what's up with my computer but I know there's something going on that isn't good.

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 18 October 2009 - 11:49 AM

Hello pochinero

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 pochinero

pochinero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 24 October 2009 - 10:36 AM

OTL logfile created on: 10/24/2009 8:07:06 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.52 Mb Total Physical Memory | 492.88 Mb Available Physical Memory | 48.53% Memory free
2.39 Gb Paging File | 1.84 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 5.42 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-ECECF7F4
Current User Name: home user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Anti-Virus\fsqh.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\Common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\FSAUA\program\fsaua.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\FSAUA\program\fsus.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\FSGUI\fsguidll.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\FSPC\fspc.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FSAUA [On_Demand | Running]) -- C:\Program Files\Charter Security Suite\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (FSDFWD [On_Demand | Running]) -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter [Auto | Running]) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSMA [Auto | Running]) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSORSPClient [On_Demand | Running]) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (fsssvc [Auto | Running]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Iprip [Auto | Running]) -- C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LPDSVC [Auto | Running]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (p2pgasvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Pctspk [On_Demand | Stopped]) -- C:\WINDOWS\System32\pctspk.exe (PCtel, Inc.)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- File not found
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ServiceLayer [Auto | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (SPTISRV [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (aeaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtmElan [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atmlane.sys (Microsoft Corporation)
DRV - (ATMEPVCM [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atmepvc.sys (Microsoft Corporation)
DRV - (BTKRNL [Boot | Running]) -- C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.)
DRV - (BTSERIAL [Auto | Running]) -- C:\WINDOWS\System32\drivers\btserial.sys ()
DRV - (BTSLBCSP [Auto | Running]) -- C:\WINDOWS\System32\drivers\btslbcsp.sys (WIDCOMM, Inc.)
DRV - (DIGIRPS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\digirlpt.sys (Digi International, Inc.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (E1000 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (fsbts [Boot | Running]) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (F-Secure Filter [Disabled | Stopped]) -- C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Gatekeeper [On_Demand | Running]) -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS [System | Running]) -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Recognizer [Disabled | Stopped]) -- C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys ()
DRV - (FSFW [Boot | Running]) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntelS51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelS51.sys (Intel Corporation)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (L8042mou [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (msloop [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\loop.sys (Microsoft Corporation)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Ptilink [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Ptserli [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ptserli.sys (PCTEL, INC.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8029 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8029.SYS (Realtek Semiconductor Corporation)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SISNIC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (smrt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smrt.sys (Sony Corporation)
DRV - (smwdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYWBMS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS (Sony Corporation)
DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (Vmodem [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Vpctcom [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys (PCtel, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Charter Security Suite\Spam Control\fsscoepl.dll (F-Secure Corporation)
MOD - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\umdmxfrm.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?action=mini...amp;mn=80945382

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 40 0B 7D 18 52 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 10:38:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/05 08:55:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/10 22:19:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/07 02:32:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/16 05:46:17 | 00,000,000 | ---D | M]

[2009/10/08 02:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\mozilla\Extensions
[2009/10/08 02:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/23 01:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\mozilla\Firefox\Profiles\9kvbw17u.default\extensions
[2009/10/08 21:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\mozilla\Firefox\Profiles\9kvbw17u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/07 02:32:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/07 02:32:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] File not found
O4 - HKLM..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter Security Suite\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter Security Suite\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([go] http in Local intranet)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1197592744937 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1197361005896 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1197444589375 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Br...018/flashax.cab (FlashXControl Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 68.189.122.26 68.116.46.70
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/09 18:47:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/08 01:04:55 | 00,000,000 | ---D | M] - C:\AUTOTECH -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/10/07 07:25:54 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data
[2009/10/07 07:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Adobe
[2009/10/08 09:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\F-Secure
[2009/10/07 07:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Help
[2009/10/07 07:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Hewlett-Packard
[2009/10/07 07:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Identities
[2009/10/07 07:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\InterTrust
[2009/10/07 07:50:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Logitech
[2009/10/07 07:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Macromedia
[2009/10/07 07:25:54 | 00,000,000 | --SD | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Microsoft
[2009/10/07 07:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Mozilla
[2009/10/07 07:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\MSN6
[2009/10/08 01:58:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\PC Suite
[2009/10/07 07:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Real
[2009/10/07 07:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Sun
[2009/10/11 04:01:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Windows Live Writer
[2009/10/07 07:25:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data
[2009/10/07 07:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\Adobe
[2009/10/07 07:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\FullTiltPoker
[2009/10/07 07:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\Help
[2009/10/07 07:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\Identities
[2009/10/07 07:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\Microsoft
[2009/10/08 02:24:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\Mozilla
[2009/10/07 07:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\Symantec
[2009/10/11 04:01:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\Windows Live Writer
[2009/09/27 07:27:27 | 00,000,000 | ---D | C] -- C:\Program Files\Free Chess
[2009/10/20 22:28:59 | 00,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2009/09/30 12:26:44 | 00,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2009/10/01 09:09:06 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/09/29 20:08:53 | 00,000,000 | ---D | C] -- C:\Program Files\JL2008A
[2009/10/07 02:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/27 08:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Sep 15 2009 (E)
[2009/09/30 11:48:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/20 23:34:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/10/16 06:27:57 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/10/16 06:27:56 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/10/16 06:27:56 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/10/16 06:27:55 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/10/16 06:27:55 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/10/16 06:27:55 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/10/16 06:27:54 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/10/16 06:27:54 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/10/16 06:27:54 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/10/16 06:27:54 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/10/16 06:27:53 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/10/16 06:27:53 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/10/16 06:27:53 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/10/16 06:27:52 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/10/16 06:27:52 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/10/16 06:27:52 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/10/16 06:27:51 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/10/16 06:27:51 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/10/16 06:27:51 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/10/16 06:27:50 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/10/16 06:27:50 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/10/16 06:27:50 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/10/16 06:27:50 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/10/16 06:27:47 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/10/16 06:27:40 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/10/16 06:27:40 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/10/16 06:27:33 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/10/16 05:45:18 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/16 05:15:37 | 00,079,872 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2009/10/16 04:14:36 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/10/16 03:28:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop
[2009/10/16 02:37:45 | 00,000,000 | ---D | C] -- C:\Owner
[2009/10/14 09:45:13 | 00,000,000 | ---D | C] -- C:\Temp
[2009/10/10 03:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Documents\Free Chess
[2009/10/07 07:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Documents\My Documents
[2009/10/07 07:25:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Documents\My Sharing Folders
[2009/10/07 02:42:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Documents\Downloads
[2009/10/01 07:49:01 | 00,000,000 | ---D | C] -- C:\XPSETUP
[2009/10/01 03:22:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/30 23:37:12 | 00,000,000 | ---D | C] -- C:\Fport-2.0
[2009/09/27 23:18:31 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/09/27 23:18:31 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/09/27 23:18:31 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/09/27 23:18:31 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/09/27 23:18:31 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/09/27 23:18:31 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/09/27 04:08:06 | 00,000,000 | ---D | C] -- C:\Free Chess
[2009/09/25 08:47:31 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\drivers\mxnic.sys
[2009/09/25 08:47:31 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2009/09/24 11:52:19 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\My Documents\My Stationery

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/24 08:03:13 | 00,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2009/10/24 06:07:48 | 00,149,629 | ---- | M] () -- C:\Documents and Settings\My Documents\PGE bill.pdf
[2009/10/24 00:04:01 | 00,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009/10/23 00:42:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/23 00:42:52 | 00,012,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/23 00:42:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/21 13:06:09 | 04,291,418 | -H-- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\IconCache.db
[2009/10/20 22:29:02 | 00,000,781 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Real Chess 3D.lnk
[2009/10/16 05:46:17 | 00,001,765 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\Adobe Reader 9.lnk
[2009/10/16 05:25:17 | 00,033,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/10/16 05:15:46 | 00,567,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 05:15:46 | 00,471,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 05:15:46 | 00,086,240 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 23:46:50 | 00,450,112 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Netdiag 15102009 234650.htm
[2009/10/14 14:11:16 | 00,057,572 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\FASTWiz.html
[2009/10/14 08:44:20 | 00,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/14 05:19:28 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 03:04:29 | 00,000,400 | ---- | M] () -- C:\Documents and Settings\My Documents\Shortcut (6) to Documents.lnk
[2009/10/12 02:38:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/09 09:06:29 | 00,031,648 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/09 04:29:12 | 00,010,621 | ---- | M] () -- C:\out.dat
[2009/10/07 11:12:39 | 00,004,608 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 09:47:39 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\My Documents\Shortcut (3) to Documents.lnk
[2009/10/07 09:25:07 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\My Documents\Shortcut (2) to Documents.lnk
[2009/10/07 07:51:51 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\setup_ldm.iss
[2009/10/07 02:32:11 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\Mozilla Firefox.lnk
[2009/10/07 01:14:15 | 00,551,884 | ---- | M] () -- C:\Documents and Settings\My Documents\How to post a HijackThis Log.mht
[2009/10/03 11:01:26 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\ImgBurn.lnk
[2009/10/02 11:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 07:13:09 | 00,000,552 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/10/01 03:58:12 | 00,001,857 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\MSN Installer.lnk
[2009/09/30 23:11:30 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/09/28 14:09:03 | 00,000,762 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/28 14:09:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/28 14:09:03 | 00,000,183 | -HS- | M] () -- C:\boot.ini
[2009/09/25 04:45:06 | 00,001,809 | ---- | M] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\Bing Maps 3D.lnk

========== Files - No Company Name ==========
[2009/10/24 06:07:48 | 00,149,629 | ---- | C] () -- C:\Documents and Settings\My Documents\PGE bill.pdf
[2009/10/20 22:29:02 | 00,000,781 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Real Chess 3D.lnk
[2009/10/17 03:17:46 | 00,000,508 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009/10/16 05:46:17 | 00,001,765 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\Adobe Reader 9.lnk
[2009/10/16 05:16:00 | 00,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/10/15 23:46:50 | 00,450,112 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Netdiag 15102009 234650.htm
[2009/10/14 14:11:11 | 00,057,572 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\FASTWiz.html
[2009/10/14 10:07:05 | 00,118,895 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\FASTWiz.log
[2009/10/14 03:04:29 | 00,000,400 | ---- | C] () -- C:\Documents and Settings\My Documents\Shortcut (6) to Documents.lnk
[2009/10/09 04:26:55 | 00,010,621 | ---- | C] () -- C:\out.dat
[2009/10/07 11:12:38 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 07:51:50 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\setup_ldm.iss
[2009/10/07 07:43:56 | 00,004,288 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\HPCOM_48BitScanUpdate.log
[2009/10/07 07:43:56 | 00,002,159 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2009/10/07 07:43:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\desktop.ini
[2009/10/07 07:43:21 | 04,291,418 | -H-- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\IconCache.db
[2009/10/07 07:43:21 | 00,031,648 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/07 02:32:11 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\Mozilla Firefox.lnk
[2009/10/07 01:14:02 | 00,551,884 | ---- | C] () -- C:\Documents and Settings\My Documents\How to post a HijackThis Log.mht
[2009/10/01 09:09:08 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\ImgBurn.lnk
[2009/10/01 08:49:20 | 00,002,048 | ---- | C] () -- C:\w2ksect.bin
[2009/10/01 03:58:12 | 00,001,857 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\MSN Installer.lnk
[2009/09/28 04:32:44 | 00,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/09/27 08:23:52 | 00,001,776 | ---- | C] () -- C:\Program Files\ChessMCE.lnk
[2009/09/25 04:45:05 | 00,001,809 | ---- | C] () -- C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\Desktop\home user\Desktop\Bing Maps 3D.lnk
[2009/09/11 13:52:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/09/11 13:39:05 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/05/03 14:07:17 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/05/03 13:08:52 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/11 05:46:17 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\EDIT.INI
[2009/03/16 20:04:53 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2009/02/16 21:55:51 | 00,000,552 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/01 09:06:23 | 00,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2009/01/30 05:10:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2009/01/30 01:37:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/10 22:20:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/12/04 00:08:00 | 00,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/12/04 00:08:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/11/27 23:03:02 | 00,000,765 | ---- | C] () -- C:\WINDOWS\ONFORMAT.INI
[2008/11/27 23:03:02 | 00,000,341 | ---- | C] () -- C:\WINDOWS\RECMGRUN.INI
[2008/11/27 23:02:47 | 00,003,455 | ---- | C] () -- C:\WINDOWS\RECVCALL.INI
[2008/08/10 21:51:50 | 00,000,044 | ---- | C] () -- C:\WINDOWS\atechloc.ini
[2008/08/10 21:51:43 | 00,000,083 | ---- | C] () -- C:\WINDOWS\atech.ini
[2008/08/03 18:59:05 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/12/11 05:15:31 | 00,001,245 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/09/19 16:35:38 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/19 16:34:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/19 16:27:38 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/19 16:14:42 | 00,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2003/04/11 03:03:36 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/04/11 03:00:00 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/11 02:59:50 | 00,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/11 02:56:30 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/04/11 02:55:36 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/04/11 02:54:28 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/04/11 00:29:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/09 18:58:30 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/09 18:56:09 | 00,000,805 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/09 18:39:01 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/04/09 18:39:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/04/09 18:38:29 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/04/09 18:38:28 | 00,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/09 18:38:21 | 00,000,762 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/04/09 18:38:20 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/09 11:42:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/03/09 21:30:44 | 00,016,352 | ---- | C] () -- C:\WINDOWS\System32\HPZUCI12.DLL
[2002/11/27 04:30:32 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/05/16 00:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 19:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/07/09 02:01:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/05 16:46:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/07/24 09:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/29 07:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Administrator
[2009/02/28 03:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/12/10 23:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/10/16 05:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2009/10/06 16:32:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/03/01 23:13:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/07/09 01:57:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/02/25 08:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2003/04/11 03:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0527
[2003/04/11 03:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/12/16 02:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/04/23 05:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/25 04:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/07 20:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/12/29 22:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/03/15 01:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2003/04/09 18:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/19 11:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/17 14:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/11 04:01:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data
[2009/10/19 21:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\F-Secure
[2003/04/11 02:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\InterTrust
[2009/03/09 01:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\MSN6
[2009/10/08 01:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\PC Suite
[2009/10/13 00:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home user.VALUED-ECECF7F4\Application Data\Windows Live Writer
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/23 00:42:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/24 00:04:01 | 00,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ezSP_Px.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\etc\Hosts:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System\setup.inf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\windows-kb890830-v2.8.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\Samsung_PC_Studio_321_GJ9.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\oformat.com:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\ISProBENT.tlb:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\feeds.opml:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\factory.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\DotNetInstaller.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\Default.rdp:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\My Documents\cvtarea.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\home user.VALUED-ECECF7F4\all users\administrator\Desktop\Desktop\RAWViewerSetup.exe:SummaryInformation
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
< End of report >
OTL Extras logfile created on: 10/24/2009 8:07:06 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.52 Mb Total Physical Memory | 492.88 Mb Available Physical Memory | 48.53% Memory free
2.39 Gb Paging File | 1.84 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 5.42 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-ECECF7F4
Current User Name: home user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- C:\WINDOWS\notepad.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{17800CFC-97EC-40A5-AB42-A8B66DC74D77}" = EGS Recipe Center
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.5
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{27C5164D-ED0E-4D64-B788-93305BD62100}" = PictureGear Studio 1.0
"{28336AFC-722C-4E17-B286-2A7C906183C0}" = ImageStation Tour
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2FD177C0-A752-11DC-8314-0800200C9A66}" = Windows Live SkyDrive Upload Tool
"{30642CE1-217B-40C0-92E2-6BF849599D9E}" = Network Smart Capture
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3147661C-2807-49EC-B971-3B0F23D95018}" = VAIO DeepSea Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{36FE914F-1B2B-4D83-B3E1-032A508E9EC4}" = Experience VAIO
"{374E48BA-CBC1-4134-86B9-7A97B0E76B2E}" = Home Office Page for Experience VAIO
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}" = ArcSoft PhotoImpression 4
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.5
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{92BF38A8-5616-4209-87A3-D910B45A1D98}" = Homescan Internet Transporter
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = NEF Codec
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}" = VAIO Media Setup 2.5
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.5
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{EDEAF307-51B7-41FF-8B08-AE646117172E}" = Microsoft Upgrade Offer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6A4C8A4-1E9A-48F2-8232-9408B11439A3}" = Threats and Countermeasures Guide Tools and Templates
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software
"{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}" = DVD Creation
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Ardfry DNG CODEC_is1" = DNG CODEC Version 1.0
"ATI Display Driver" = ATI Display Driver
"Bejeweled 2 Deluxe®" = Bejeweled 2 Deluxe®
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"Digital Camera_is1" = Uninstall Digital Camera Drivers
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"F-Secure Product 444" = Charter Security Suite
"getPlus®_ocx" = getPlus®_ocx
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HP Photo Printing Software" = HP Photo Printing Software
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"HP PSC Cartridge Compatibility Utility" = HP PSC 1100/1200/1300 series Cartridge Compatibility Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ILanSnmp" = Intel® LAN Adapters SNMP Agent
"ImgBurn" = ImgBurn
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"Intel® 536EP Modem" = Intel® 536EP Modem
"LimeWire" = LimeWire 5.2.13
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"My Favorite Recipes" = My Favorite Recipes
"NicProvider" = Intel® PRO Network Adapters WMI Provider (Build 2.0)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-02-25-01
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealChess_is1" = Real Chess
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"Sudokusweep" = SudokuSweep
"Super Mah Jong" = Super Mah Jong
"VAIOSoft Recovery Manager" = VAIOSoft Recovery Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2009 11:41:41 AM | Computer Name = VALUED-ECECF7F4 | Source = F-Secure Anti-Virus | ID = 103
Description = 2 2009-10-14 08:41:37-07:00 valued-ececf7f4 VALUED-ECECF7F4\home
user F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\TEMP\FSAUA.TMP\INFOPAK_CC.SP.F-SECURE.COM_80_305858681\FS@HYDRA.INI
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 10/14/2009 6:35:41 PM | Computer Name = VALUED-ECECF7F4 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2009-10-14 15:35:41-07:00 valued-ececf7f4 VALUED-ECECF7F4\home
user F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\WINDOWS\system32\drivers\acpi.sys
\Device\HarddiskVolume2\Program Files\Charter Security Suite\FSAUA\subscriptions\avh_avpe


Error - 10/16/2009 12:46:42 AM | Computer Name = VALUED-ECECF7F4 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2009-10-15 21:46:41-07:00 valued-ececf7f4 VALUED-ECECF7F4\home
user F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\WINDOWS\system32\wbem\Logs\wbemess.log
\Device\HarddiskVolume2\WINDOWS\system32\ws2help.dll \Device\HarddiskVolume2\Program
Files\Charter Security Suite\FSAUA\subscriptions\avh_avpe

Error - 10/16/2009 3:46:55 AM | Computer Name = VALUED-ECECF7F4 | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: -2147483576. This error code indicates the cause of the error.

Error - 10/16/2009 5:02:08 AM | Computer Name = VALUED-ECECF7F4 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2009-10-16 02:02:08-07:00 valued-ececf7f4 VALUED-ECECF7F4\home
user F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\MY
RECEIVED FILES\NETFX20SP1_X86.EXE was aborted due to exceeded scanning time limit.
The file may be in use or reading it was too slow (e.g. network connection was
under stress).

Error - 10/16/2009 6:14:21 AM | Computer Name = VALUED-ECECF7F4 | Source = Application Error | ID = 1000
Description = Faulting application free chess.exe, version 0.0.0.0, faulting module
free chess.exe, version 0.0.0.0, fault address 0x00008481.

Error - 10/16/2009 8:25:07 AM | Computer Name = VALUED-ECECF7F4 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2009-10-16 05:25:07-07:00 valued-ececf7f4 VALUED-ECECF7F4\home
user F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\CHARTER
SECURITY SUITE\FSAUA\INSTALLATION_STATUS\HYDRAWIN_1255689991 was aborted due to
exceeded scanning time limit. The file may be in use or reading it was too slow
(e.g. network connection was under stress).

Error - 10/17/2009 2:49:47 AM | Computer Name = VALUED-ECECF7F4 | Source = Application Hang | ID = 1002
Description = Hanging application fsavaui.exe, version 7.26.1300.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2009 6:33:50 AM | Computer Name = VALUED-ECECF7F4 | Source = Application Error | ID = 1000
Description = Faulting application free chess.exe, version 0.0.0.0, faulting module
free chess.exe, version 0.0.0.0, fault address 0x00008481.

Error - 10/17/2009 7:59:38 AM | Computer Name = VALUED-ECECF7F4 | Source = Application Hang | ID = 1002
Description = Hanging application FsDiagUi.exe, version 7.26.1300.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/21/2009 3:31:58 AM | Computer Name = VALUED-ECECF7F4 | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2 (0x2).

Error - 10/21/2009 12:16:42 PM | Computer Name = VALUED-ECECF7F4 | Source = RemoteAccess | ID = 20103
Description = Unable to load C:\WINDOWS\System32\iprtrmgr.dll.

Error - 10/21/2009 12:16:46 PM | Computer Name = VALUED-ECECF7F4 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/21/2009 12:16:46 PM | Computer Name = VALUED-ECECF7F4 | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2 (0x2).

Error - 10/21/2009 3:25:18 PM | Computer Name = VALUED-ECECF7F4 | Source = RemoteAccess | ID = 20103
Description = Unable to load C:\WINDOWS\System32\iprtrmgr.dll.

Error - 10/21/2009 3:25:23 PM | Computer Name = VALUED-ECECF7F4 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/21/2009 3:25:23 PM | Computer Name = VALUED-ECECF7F4 | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2 (0x2).

Error - 10/23/2009 3:43:12 AM | Computer Name = VALUED-ECECF7F4 | Source = RemoteAccess | ID = 20103
Description = Unable to load C:\WINDOWS\System32\iprtrmgr.dll.

Error - 10/23/2009 3:43:17 AM | Computer Name = VALUED-ECECF7F4 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/23/2009 3:43:17 AM | Computer Name = VALUED-ECECF7F4 | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2 (0x2).


< End of report >

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-24 20:58:28
Windows 5.1.2600 Service Pack 3
Running: difolklv.exe; Driver: C:\DOCUME~1\HOMEUS~1.VAL\LOCALS~1\Temp\kfxyyaob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xF6C7DC44]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xF6C7DC5E]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xF6C7CE02]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xF6C7D12A]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xF6C7CB4E]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xF6C7D55C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xF6C7E7FA]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xF6C7D3AC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xF6C7C9D4]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xF6C7CE36]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xF6C7CFB0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateProcess [0xF6C7C934]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xF6C7CA8A]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xF6C7CEFA]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [D4, C9, C7, F6, 36, CE, C7, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0102237E C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0013048456c3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0013048456c3@002566a0a4b0 0x30 0x17 0x0F 0xDF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013048456c3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013048456c3@002566a0a4b0 0x30 0x17 0x0F 0xDF ...

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by pochinero, 24 October 2009 - 11:21 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 24 October 2009 - 05:18 PM

Hi do you have the other log?
The second program I asked you to download?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 pochinero

pochinero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 24 October 2009 - 11:36 PM

I modified my earlier post and added the results.log file as an attachment. I reread your instructions again and saw that you asked that I copy/paste the contents in my reply so I did that also. I started before work and finishing now after work. Thank you for your time and knowledge and I await your next reply.
Pennee

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 25 October 2009 - 06:14 AM

What files say Access denied?

Install Run Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by kahdah, 25 October 2009 - 06:15 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 pochinero

pochinero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 26 October 2009 - 12:34 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3035
Windows 5.1.2600 Service Pack 3

10/26/2009 9:50:31 AM
mbam-log-2009-10-26 (09-50-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 249867
Time elapsed: 2 hour(s), 45 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

I'm going to do the online scanner next and will post results when it is finished.
pochinero

#8 pochinero

pochinero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 26 October 2009 - 05:45 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=a20a72f24144a24faabc057cf4a64d4e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-26 06:00:27
# local_time=2009-10-26 11:00:27 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2154536 2154536 0 0
# compatibility_mode=2305 16775141 100 99 0 20615570 1255681032 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46872
# found=0
# cleaned=0
# scan_time=2617
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=a20a72f24144a24faabc057cf4a64d4e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-26 07:11:12
# local_time=2009-10-26 12:11:12 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2158126 2158126 0 0
# compatibility_mode=2305 16775141 100 99 0 20619160 1255684622 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=139563
# found=0
# cleaned=0
# scan_time=3270
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=a20a72f24144a24faabc057cf4a64d4e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-26 09:58:41
# local_time=2009-10-26 02:58:41 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2163257 2163257 0 0
# compatibility_mode=2305 16775141 100 99 0 20624291 1255689753 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=139688
# found=0
# cleaned=0
# scan_time=8190

Here are the results of the online scanner you asked me to do. Should I be uninstalling these programs after I have ran them? pochinero

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 27 October 2009 - 06:22 AM

Looks good let me know of any remaining problems.
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users