Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New Technique Recycles Exploit Chain to Keep Antivirus Silent

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Infected with AntiVirusPro 2010 / Twext.exe / Seres.exe / Other (most likely)

Started by yonderwanderer , Oct 07 2009 10:17 PM

Please log in to reply

19 replies to this topic

#1 yonderwanderer

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 07 October 2009 - 10:17 PM

Rebooted today and found myself in a world of malware and trojan hurt. Pops for AntivirusPro2010, seres.exe, twext.exe, and no idea what else. I've run DDS and RootRepeal, and pasted in the reports as well as attaching the necessary logfiles. McAfee's found a number of things - some it says it fixes, but then they reappear. On bootup it picks up something in Russian asking for access, which I then proceed to block. Beyond that, I need help. I fear this one might be kind of rough. Thank you in advance for anything you can do.

DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 20:33:32.62 on Wed 10/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1201 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Bill\Application Data\svcst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\srcssc.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Documents and Settings\Bill\Application Data\seres.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sirius.com/siriusinternetradio
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [calc] rundll32.exe c:\docume~1\bill\ntuser.dll,_IWMPEvents@0
uRun: [mserv] c:\documents and settings\bill\application data\svcst.exe
uRun: [svchost] c:\documents and settings\bill\application data\svcst.exe
uRun: [ttool] c:\windows\srcssc.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
StartupFolder: c:\documents and settings\bill\start menu\programs\startup\mhbupd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-7-19 26112]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-7 206256]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 214024]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-25 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-25 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-25 144704]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2007-4-10 16168]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-1 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-1 35272]
S2 sfx;sfx;c:\windows\system32\SvchoSt.ExE -k sfx [2006-2-28 14336]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2006-8-25 14976]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [2009-9-26 132096]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-28 38496]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-25 606736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-1 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-1 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-7 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-10-7 1097096]

=============== Created Last 30 ================

2009-10-07 20:15 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 20:14 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-07 20:14 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 20:14 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 20:14 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-07 20:14 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-07 20:13 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-07 20:13 <DIR> --d----- c:\docume~1\bill\applic~1\PC Tools
2009-10-07 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-07 19:45 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-10-07 19:45 233,584 a------- c:\docume~1\bill\applic~1\lizkavd.exe
2009-10-07 19:40 58,368 a------- c:\windows\srcssc.exe
2009-10-07 19:40 276,480 a------- c:\docume~1\bill\applic~1\svcst.exe
2009-10-07 19:40 <DIR> --dsh--- c:\windows\system32\twain_32
2009-10-07 19:40 276,480 a------- c:\docume~1\bill\applic~1\seres.exe
2009-10-07 19:34 4,958,588 -------- c:\windows\{00000001-00000000-00000009-00001102-00000004-20021102}.BAK
2009-10-07 17:38 <DIR> --dsh--- c:\windows\system32\twain32
2009-09-26 11:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\M-Audio
2009-09-26 11:25 132,096 a------- c:\windows\system32\drivers\mausbft.sys
2009-09-26 11:25 245,248 a------- c:\windows\system32\M-AudioFastTrackControlPanelApplet.cpl
2009-09-26 11:25 244,224 a------- c:\windows\system32\M-AudioProducerUSBControlPanelApplet.cpl
2009-09-26 11:25 124,800 a------- c:\windows\system32\drivers\mausbpr.sys
2009-09-26 11:25 356,864 a------- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-09-26 11:25 2,424,066 a------- c:\windows\system32\madiousb.dll
2009-09-26 11:25 244,736 a------- c:\windows\system32\M-AudioMicroControlPanelApplet.cpl
2009-09-26 11:25 124,800 a------- c:\windows\system32\drivers\mausbmr.sys
2009-09-26 11:25 21,504 a------- c:\windows\system32\mausbasio.dll
2009-09-26 11:23 <DIR> --d----- c:\program files\M-Audio
2009-09-26 11:07 75,375 a------- c:\windows\system32\mausbasio.bqj
2009-09-24 17:42 <DIR> --d----- c:\program files\iPod
2009-09-24 17:42 <DIR> --d----- c:\program files\iTunes
2009-09-10 21:44 45,056 a---h--- c:\windows\system32\mlfcache.dat
2009-09-10 18:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 18:13 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 13:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2005-09-20 10:05 456,768 ac------ c:\windows\inf\wg311t\WG311T13.sys
2004-10-19 18:58 35,232 ac------ c:\windows\inf\wg311t\ME_INST.EXE
2004-10-19 18:58 26,112 ac------ c:\windows\inf\wg311t\install.exe

============= FINISH: 20:36:32.55 ===============

-------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/07 20:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA955000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A50000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8061000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF798F000 Size: 5248 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\scandisk.lnk
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Bill\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\calc.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_1peirez3e23lyiy
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_cahglna2czly66j
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_gncsbxmjrkp7ucl
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_sxhpcakvwr9odd9
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ukicbeiwjdwd2v3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_xf9dcm4ylysmp5e
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_xrpkuiexatixxwb
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_i07wz4nmyol8pae
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_iugi8bf1kz2dwmz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_4i7rktysuz0zyf5
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_kzfqvh4qclqazy1
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_ru83guxkk4vcfe3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0567.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0524.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0497.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0498.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0499.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0500.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0501.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0509.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0510.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0511.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0512.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0515.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0516.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0517.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0519.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0520.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0521.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0522.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0525.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0527.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0539.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0541.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0542.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0544.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0545.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0546.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0555.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0556.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0557.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0558.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0561.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0562.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0564.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0566.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0568.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0571.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0572.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0574.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0575.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0576.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0577.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0578.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0579.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0580.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0581.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0582.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0583.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0584.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0585.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0586.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0587.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0589.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0591.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0592.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0593.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0594.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0595.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0596.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0597.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0599.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0600.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0601.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0602.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0604.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0605.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0606.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0607.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0608.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0610.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0611.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0612.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0613.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0614.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0615.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0616.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0617.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0618.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0619.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0621.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0622.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0623.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0624.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0625.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0627.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0629.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0631.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0632.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0634.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0635.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0637.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0638.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0640.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0641.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0642.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0643.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0644.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0650.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0651.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0652.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0653.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0654.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0655.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0657.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0658.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0660.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0661.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0662.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0664.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0665.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0666.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0668.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0669.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0670.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0672.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0674.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0675.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0676.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0677.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0678.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0680.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0683.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0684.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0685.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0686.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0687.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0688.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0690.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0691.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0692.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0693.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0694.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0695.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0696.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0698.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0699.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0701.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0703.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0704.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0706.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0707.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0708.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0709.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0713.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0715.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0716.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0717.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0718.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0721.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0724.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0729.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0730.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0738.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0744.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0746.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0747.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0748.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0749.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0750.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0751.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0752.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0753.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0754.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0755.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0756.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0757.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0758.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0759.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest Trip\100_0760.JPG
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Northwest TripSSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7978d72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf79599a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7959b98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7979568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7979820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7977a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7979c8a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7959656

Stealth Objects
-------------------
Object: Hidden Handle [Index: 2692, Type: Event]
Process: services.exe (PID: 1032) Address: 0x862e1e88 Size: -

Object: Hidden Code [Driver: ACPI, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88305d40 Size: 708

==EOF==

Attached Files

ark.txt 60.67KB 1 downloads
Attach.txt 12.56KB 1 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 11 October 2009 - 11:02 PM

As an update, I ran MBAM, and it seemed to clean out a fair amount. However, it left me with a new set of issues. On bootup, it pops a box telling me ntuser.dll is missing in a rundll box. It disables my network at random. It has issues launched virus/spyware programs at times (sometimes they run, sometimes not). And when I try to boot into safe mode, I get a blue screen (flashes quickly and then restarts). I fear I've now done more harm than good. (As an aside, I'm not trying to bump this, just provide current info). I've attached new DDS and RootRepeal logs.

DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 20:49:27.37 on Sun 10/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1427 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\srcssc.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sirius.com/siriusinternetradio
uInternet Settings,ProxyOverride = <local>;*.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [calc] rundll32.exe c:\docume~1\bill\ntuser.dll,_IWMPEvents@0
uRun: [mserv] c:\documents and settings\bill\application data\svcst.exe
uRun: [ttool] c:\windows\srcssc.exe
StartupFolder: c:\documents and settings\bill\start menu\programs\startup\mhbupd32.exe
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\xidydojn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\bill\application data\mozilla\firefox\profiles\xidydojn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-7-19 26112]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-7 206256]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 214024]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-25 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-25 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-25 144704]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2007-4-10 16168]
S2 sfx;sfx;c:\windows\system32\SvchoSt.ExE -k sfx [2006-2-28 14336]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2006-8-25 14976]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [2009-9-26 132096]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-25 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-1 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-1 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-1 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-1 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-7 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-10-7 1097096]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]

=============== Created Last 30 ================

2009-10-09 06:25 4,958,588 a------- c:\windows\{00000001-00000000-00000009-00001102-00000004-20021102}.BAK
2009-10-08 15:58 19,794 a------- c:\windows\ypynuwim.exe
2009-10-08 15:58 15,293 a------- c:\docume~1\bill\applic~1\ynuwew.bin
2009-10-08 15:58 14,373 a------- c:\windows\ejobilumo.dat
2009-10-08 15:58 19,291 a------- c:\docume~1\alluse~1\applic~1\enyfepu.sys
2009-10-08 15:58 14,617 a------- c:\windows\akijyfocah.bat
2009-10-08 15:58 14,512 a------- c:\windows\vizubozi.ban
2009-10-08 15:58 14,315 a------- c:\program files\common files\ywugih.sys
2009-10-08 15:58 13,301 a------- c:\docume~1\alluse~1\applic~1\venidi.reg
2009-10-08 15:58 13,213 a------- c:\program files\common files\wyhom.bat
2009-10-08 15:58 11,812 a------- c:\windows\senepemar.vbs
2009-10-08 15:58 11,080 a------- c:\docume~1\alluse~1\applic~1\azusuqab.vbs
2009-10-08 15:58 10,737 a------- c:\windows\awod.dat
2009-10-08 15:58 10,173 a------- c:\windows\system32\abecur._sy
2009-10-08 15:58 19,058 a------- c:\docume~1\alluse~1\applic~1\ejezuhoqet.sys
2009-10-08 15:58 17,813 a------- c:\windows\kinurify.reg
2009-10-08 15:58 14,200 a------- c:\windows\ozalyxugi._dl
2009-10-08 15:58 12,880 a------- c:\program files\common files\tyjiziburi.bat
2009-10-08 07:28 14,989 a------- c:\windows\imaj._sy
2009-10-08 07:28 12,848 a------- c:\docume~1\alluse~1\applic~1\osimyvo.exe
2009-10-08 07:28 19,554 a------- c:\windows\system32\yqakalu.reg
2009-10-08 07:28 17,641 a------- c:\program files\common files\exuma.sys
2009-10-08 07:28 13,091 a------- c:\windows\system32\ryrevypum.sys
2009-10-08 07:28 13,478 a------- c:\windows\system32\owinaniqac.lib
2009-10-08 07:28 10,995 a------- c:\windows\wylyp.sys
2009-10-08 07:28 18,762 a------- c:\program files\common files\veviguk.scr
2009-10-08 07:28 17,672 a------- c:\windows\molyseqyn.bat
2009-10-08 07:28 14,679 a------- c:\docume~1\bill\applic~1\vulaku.exe
2009-10-08 07:28 19,181 a------- c:\windows\fywagube.sys
2009-10-07 20:15 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 20:14 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-07 20:14 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 20:14 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 20:14 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-07 20:14 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-07 20:13 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-07 20:13 <DIR> --d----- c:\docume~1\bill\applic~1\PC Tools
2009-10-07 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-07 19:56 0 a--sh--- C:\scandisk.lnk
2009-10-07 19:45 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-10-07 19:45 233,584 a------- c:\docume~1\bill\applic~1\lizkavd.exe
2009-10-07 19:40 58,368 a------- c:\windows\srcssc.exe
2009-09-26 11:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\M-Audio
2009-09-26 11:25 132,096 a------- c:\windows\system32\drivers\mausbft.sys
2009-09-26 11:25 245,248 a------- c:\windows\system32\M-AudioFastTrackControlPanelApplet.cpl
2009-09-26 11:25 244,224 a------- c:\windows\system32\M-AudioProducerUSBControlPanelApplet.cpl
2009-09-26 11:25 124,800 a------- c:\windows\system32\drivers\mausbpr.sys
2009-09-26 11:25 356,864 a------- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-09-26 11:25 2,424,066 a------- c:\windows\system32\madiousb.dll
2009-09-26 11:25 244,736 a------- c:\windows\system32\M-AudioMicroControlPanelApplet.cpl
2009-09-26 11:25 124,800 a------- c:\windows\system32\drivers\mausbmr.sys
2009-09-26 11:25 21,504 a------- c:\windows\system32\mausbasio.dll
2009-09-26 11:23 <DIR> --d----- c:\program files\M-Audio
2009-09-26 11:07 75,375 a------- c:\windows\system32\mausbasio.bqj
2009-09-24 17:42 <DIR> --d----- c:\program files\iPod
2009-09-24 17:42 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-10-08 15:58 13,020 a------- c:\program files\common files\uxiw._sy
2009-09-10 21:44 45,056 a---h--- c:\windows\system32\mlfcache.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 13:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2005-09-20 10:05 456,768 ac------ c:\windows\inf\wg311t\WG311T13.sys
2004-10-19 18:58 35,232 ac------ c:\windows\inf\wg311t\ME_INST.EXE
2004-10-19 18:58 26,112 ac------ c:\windows\inf\wg311t\install.exe

============= FINISH: 20:51:59.87 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/11 21:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAB10B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A50000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA77DD000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF798F000 Size: 5248 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\sqlite_5edhot1dum4pedv
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_cmrpzwgparvfecx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_d72fxzneh6x0syp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_mwuwkacchxgfdlj
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_nyb97j9lbupinla
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_rftli7dxmx3c2fk
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_tnqcyruuhtauhaz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_culjrliygp4dvvj
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_oygxubc3p1h06em
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_vv7joent5mhtqg6
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_hnnd2jqcelwclcd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_imqxpgbnqrgazgp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_nsgcd3o1qoe0x38
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_pv91dbvzbardqyi
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_qvt8vsya4xtzfrr
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_rvvethpacmbvmhw
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_xvbiy94vxdwx8ni
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_5yrdjgrbtt6y061
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_aoh6qannqktcotw
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_dhpfna8sbvl2tex
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_epxoy5zmc0gunwj
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_jm5htuqmuafnk2a
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_m8p5ni1lithxb4v
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_elsoizzwhvylzzy
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ez9brnibwhgzuue
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\Bill\Recent\Attach10-11.txt.lnk
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Bill\Recent\RootRepeal report 10-11-09 (16-15-25).txt.lnk
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HelpAssistant\Desktop\Attach10-11.txt
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036414.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036450.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036468.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036486.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036504.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036522.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036540.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036404.SDB
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036405.SDB
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036406.DSC
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036407.DSC
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036408.DSC
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036409.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036410.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036411.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036412.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036413.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036415.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036416.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036417.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036419.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036421.lnk
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036422.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036423.HLP
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036433.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036434.inf
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036435.TAG
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036436.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036437.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036438.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036440.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036441.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036442.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036443.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036444.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036446.inf
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036447.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036448.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036449.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036451.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036452.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036453.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036454.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036455.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036456.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036457.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036458.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036459.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036460.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036461.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036462.DLL
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036463.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036464.INI
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036465.ins
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036466.lid
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036467.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036469.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036470.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036471.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036472.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036473.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036474.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036475.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036476.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036477.inf
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036478.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036479.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036480.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036481.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036482.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036484.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036485.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036487.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036488.lnk
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036489.lnk
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036490.ffp
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036491.ffp
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036492.ffp
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036493.ffp
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036494.ffp
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036495.ffp
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036496.ffp
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036497.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036498.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036499.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036500.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036501.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036502.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036503.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036505.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036506.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036507.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036508.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036509.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036510.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036511.nfo
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036512.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036513.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036514.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036515.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036516.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036517.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036518.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036519.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036520.lnk
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036521.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036523.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036524.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036525.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036526.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036527.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036528.mfl
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036529.mfl
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036530.inf
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036531.pif
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036532.ini
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036533.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036534.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036535.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036536.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036537.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036538.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036539.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036541.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036542.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036543.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036544.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036545.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036546.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036547.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036548.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036549.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036550.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036551.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036552.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036553.ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036554.dll
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\A0036555.exe
Status: Could not get file information (Error 0xc0000008)

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\Dc105.old
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\Dc292.old
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\Dc296.old
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\Dc309.old
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\Dc379.lnk
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{01FBDA6D-E74F-40BA-84BB-0A97BDDFC03C}\RP158\desktop.ini
Status: Locked to the Windows API!

Path: C:\Documents and Settings\LocalService\Application Data\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\2DA66BB5C4D4DB141EFDF448E15CFA24FE5BC7DB
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\LocalService\Application Data\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89a
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D69.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D6A.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D6B.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D6C.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D6D.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D6E.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D6F.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D70.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D71.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS04D72.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\MicSSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7978d72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf79599a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7959b98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7979568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7979820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7977a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7979c8a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7959656

Stealth Objects
-------------------
Object: Hidden Code [Driver: ACPI, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x887afd40 Size: 708

==EOF==

Thanks again.

Attached Files

ark10_11.txt 60.44KB 0 downloads
Attach10_11.txt 12.61KB 0 downloads

#3 kahdah

Security Colleague
11,138 posts
OFFLINE

Gender:Male
Location:Florida
Local time:05:23 AM

Posted 24 October 2009 - 10:25 AM

Hello yonderwanderer

Welcome to BleepingComputer

==========================

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download This file. Note its name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here

#4 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 25 October 2009 - 12:13 PM

Ok, so I ran OTL. Before I move on to the next step, I wanted to run this by you. In OTL there were no check boxes for the purity and LOP checks. Also, if I try running it again it doesn't produce an extras.txt file. First scan files are below. Should I move forward or is there something else I should do?

Thanks!

OTL logfile created on: 10/25/2009 11:03:16 AM - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.91% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 0.49 Gb Free Space | 0.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.75 Gb Total Space | 11.39 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEFUNKBOX
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\srcssc.exe (?????????? ??????????)
PRC - C:\WINDOWS\System32\acs.exe ()
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\GEARSec.exe (GEAR Software)

========== Win32 Services (SafeList) ==========

SRV - (0165561256487643mcinstcleanup [Auto | Stopped]) -- C:\WINDOWS\Temp\0165561256487643mcinst.exe (McAfee, Inc.)
SRV - (ACS [Auto | Running]) -- C:\WINDOWS\System32\acs.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Auto | Running]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Disabled | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Stopped]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Norton Ghost [Disabled | Stopped]) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ppped [Disabled | Stopped]) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (TermService [Auto | Running]) -- C:\WINDOWS\System32\termsrv32.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AR5211 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\WG311T13.sys (Atheros Communications, Inc.)
DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (aslm75 [System | Running]) -- C:\WINDOWS\System32\drivers\aslm75.sys ()
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (COMMONFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (dot4ufd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hppaufd0.sys (HP)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GearAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hap17v2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (iteraid [Boot | Running]) -- C:\WINDOWS\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KORGUMDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\KORGUMDS.SYS (KORG Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MAUSBFT [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mausbft.sys (Avid Technology, Inc.)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PfDetNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (PQIMount [System | Running]) -- C:\WINDOWS\System32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQV2i [Boot | Running]) -- C:\WINDOWS\System32\drivers\PQV2i.sys (StorageCraft)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\saHook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/siriusinternetradio
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?rls=ig&hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/09/10 18:13:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/09/10 18:13:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2009/01/19 19:45:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 16:10:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 17:00:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/20 13:26:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/22 05:35:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/22 05:35:48 | 00,000,000 | ---D | M]

[2008/11/30 11:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions
[2008/11/30 11:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/25 10:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions
[2009/09/04 21:51:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/05 15:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/20 21:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\moveplayer@movenetworks.com
[2009/04/17 16:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\support@ancestry.com
[2009/10/25 10:45:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/22 05:35:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/20 13:26:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/29 06:29:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/22 05:35:40 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/22 05:35:41 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 15:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/03/02 07:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2008/09/03 18:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 12:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 16:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/01/17 05:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2009/01/14 10:05:06 | 00,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2007/07/02 09:42:20 | 00,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2009/09/22 05:35:44 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/04/07 20:27:25 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/05/01 15:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/14 06:06:26 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/14 06:06:27 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/14 06:06:27 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/14 06:06:27 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/14 06:06:27 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/14 06:06:27 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/14 06:06:27 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [calc] C:\DOCUME~1\Bill\ntuser.DLL File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [mserv] C:\Documents and Settings\Bill\Application Data\svcst.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [ttool] C:\WINDOWS\srcssc.exe (?????????? ??????????)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk = C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/12 20:29:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e0eca850-be50-11dd-9102-00038a000015}\Shell\AutoRun\command - "" = G:\Centrum\Centrum.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/09/26 11:26:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\M-Audio
[2009/10/07 20:13:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/07 20:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/23 17:20:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\AVG8
[2009/09/26 11:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\InstallShield
[2009/10/07 20:13:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\PC Tools
[2009/09/26 11:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\M-Audio
[2009/10/07 20:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/07 19:45:19 | 00,000,000 | ---D | C] -- C:\Program Files\AntivirusPro_2010
[2009/09/26 11:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2009/10/23 17:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/10/07 20:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/25 10:18:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/25 10:09:26 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2009/10/23 17:20:34 | 00,889,840 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Bill\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/14 17:07:55 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/10/07 20:51:01 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe
[2009/10/07 20:15:25 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/07 20:14:46 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/07 20:14:46 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/07 20:14:23 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/07 19:45:16 | 00,233,584 | ---- | C] (vikbnerobeb) -- C:\Documents and Settings\Bill\Application Data\lizkavd.exe
[2009/10/07 19:40:50 | 00,058,368 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\srcssc.exe
[2009/09/26 11:26:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\M-Audio Session
[2009/09/26 11:25:55 | 00,132,096 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\mausbft.sys
[2009/09/26 11:25:54 | 00,245,248 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioFastTrackControlPanelApplet.cpl
[2009/09/26 11:25:31 | 00,244,224 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioProducerUSBControlPanelApplet.cpl
[2009/09/26 11:25:31 | 00,124,800 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\mausbpr.sys
[2009/09/26 11:25:05 | 00,356,864 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
[2009/09/26 11:25:04 | 02,424,066 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\madiousb.dll
[2009/09/26 11:25:04 | 00,244,736 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioMicroControlPanelApplet.cpl
[2009/09/26 11:25:04 | 00,124,800 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\mausbmr.sys
[2009/09/26 11:25:03 | 00,021,504 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\mausbasio.dll
[2007/04/09 11:32:58 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/10/25 10:13:49 | 00,291,328 | ---- | M] () -- C:\zt486tv5.exe
[2009/10/25 10:12:04 | 00,015,491 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/25 10:09:29 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2009/10/25 10:05:58 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/25 10:04:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/25 10:04:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 10:04:35 | 00,079,008 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/10/25 10:04:32 | 21,467,50464 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/25 10:02:03 | 00,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/25 10:02:03 | 00,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/25 10:02:03 | 00,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/25 10:02:03 | 00,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/25 10:02:03 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/23 17:26:11 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sar_15_sfx.exe
[2009/10/23 17:20:38 | 00,889,840 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Bill\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/22 09:51:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/18 23:13:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/18 22:16:23 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/16 17:02:10 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 17:34:05 | 00,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 17:34:05 | 00,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 17:34:04 | 00,531,002 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 17:24:52 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/13 22:11:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\New Shortcut
[2009/10/11 16:01:51 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat
[2009/10/11 13:10:28 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/11 11:29:45 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-20021102}.CDF
[2009/10/11 11:29:45 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-20021102}.BAK
[2009/10/10 03:04:07 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 15:58:21 | 00,019,794 | ---- | M] () -- C:\WINDOWS\ypynuwim.exe
[2009/10/08 15:58:21 | 00,016,410 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\naxakex.vbs
[2009/10/08 15:58:21 | 00,015,293 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\ynuwew.bin
[2009/10/08 15:58:21 | 00,014,373 | ---- | M] () -- C:\WINDOWS\ejobilumo.dat
[2009/10/08 15:58:21 | 00,013,321 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\eteqolyzih.inf
[2009/10/08 15:58:21 | 00,011,373 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\zijihis._sy
[2009/10/08 15:58:21 | 00,011,083 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jeva.ban
[2009/10/08 15:58:21 | 00,010,324 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ogasaxa.exe
[2009/10/08 15:58:20 | 00,019,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\enyfepu.sys
[2009/10/08 15:58:20 | 00,014,617 | ---- | M] () -- C:\WINDOWS\akijyfocah.bat
[2009/10/08 15:58:20 | 00,014,512 | ---- | M] () -- C:\WINDOWS\vizubozi.ban
[2009/10/08 15:58:20 | 00,014,315 | ---- | M] () -- C:\Program Files\Common Files\ywugih.sys
[2009/10/08 15:58:20 | 00,013,301 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\venidi.reg
[2009/10/08 15:58:20 | 00,013,213 | ---- | M] () -- C:\Program Files\Common Files\wyhom.bat
[2009/10/08 15:58:20 | 00,013,020 | ---- | M] () -- C:\Program Files\Common Files\uxiw._sy
[2009/10/08 15:58:20 | 00,012,880 | ---- | M] () -- C:\Program Files\Common Files\tyjiziburi.bat
[2009/10/08 15:58:20 | 00,011,812 | ---- | M] () -- C:\WINDOWS\senepemar.vbs
[2009/10/08 15:58:20 | 00,011,080 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\azusuqab.vbs
[2009/10/08 15:58:20 | 00,010,737 | ---- | M] () -- C:\WINDOWS\awod.dat
[2009/10/08 15:58:20 | 00,010,173 | ---- | M] () -- C:\WINDOWS\System32\abecur._sy
[2009/10/08 15:58:19 | 00,019,058 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ejezuhoqet.sys
[2009/10/08 15:58:19 | 00,017,813 | ---- | M] () -- C:\WINDOWS\kinurify.reg
[2009/10/08 15:58:19 | 00,014,879 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\lisut.dl
[2009/10/08 15:58:19 | 00,014,200 | ---- | M] () -- C:\WINDOWS\ozalyxugi._dl
[2009/10/08 07:28:35 | 00,012,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\osimyvo.exe
[2009/10/08 07:28:34 | 00,014,989 | ---- | M] () -- C:\WINDOWS\imaj._sy
[2009/10/08 07:28:34 | 00,014,091 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\joxeq.db
[2009/10/08 07:28:34 | 00,010,209 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\eweleneh.pif
[2009/10/08 07:28:33 | 00,019,554 | ---- | M] () -- C:\WINDOWS\System32\yqakalu.reg
[2009/10/08 07:28:33 | 00,017,641 | ---- | M] () -- C:\Program Files\Common Files\exuma.sys
[2009/10/08 07:28:33 | 00,013,478 | ---- | M] () -- C:\WINDOWS\System32\owinaniqac.lib
[2009/10/08 07:28:33 | 00,013,091 | ---- | M] () -- C:\WINDOWS\System32\ryrevypum.sys
[2009/10/08 07:28:33 | 00,010,314 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\xiba.dll
[2009/10/08 07:28:31 | 00,010,995 | ---- | M] () -- C:\WINDOWS\wylyp.sys
[2009/10/08 07:28:30 | 00,018,762 | ---- | M] () -- C:\Program Files\Common Files\veviguk.scr
[2009/10/08 07:28:30 | 00,017,672 | ---- | M] () -- C:\WINDOWS\molyseqyn.bat
[2009/10/08 07:28:30 | 00,016,906 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\ofucenif._dl
[2009/10/08 07:28:30 | 00,011,702 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\ynurafi.exe
[2009/10/08 07:28:29 | 00,018,465 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gidijuseci.com
[2009/10/08 07:28:29 | 00,014,679 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\vulaku.exe
[2009/10/08 07:28:28 | 00,019,181 | ---- | M] () -- C:\WINDOWS\fywagube.sys
[2009/10/07 20:51:03 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe
[2009/10/07 20:14:37 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/07 19:56:33 | 00,000,000 | -HS- | M] () -- C:\scandisk.lnk
[2009/10/07 19:45:16 | 00,233,584 | ---- | M] (vikbnerobeb) -- C:\Documents and Settings\Bill\Application Data\lizkavd.exe
[2009/10/07 19:40:30 | 00,058,368 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\srcssc.exe
[2009/10/07 17:38:37 | 00,000,647 | -HS- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk
[2009/10/02 12:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 01:00:13 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/09/29 21:58:41 | 56,377,344 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\finalcountdown-breha.wav
[2009/09/27 01:51:31 | 32,000,300 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\01_bmf5964500k.wav
[2009/09/26 17:13:16 | 27,915,500 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\05_boogie.wav
[2009/09/26 17:13:10 | 25,523,432 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\04_someday.wav
[2009/09/26 17:13:06 | 24,474,852 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\03_opry.wav
[2009/09/26 17:13:02 | 87,913,704 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\02_joy 09-26-09.wav
[2009/09/26 17:12:44 | 37,188,844 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\01_belle parker 09-26-09.wav
[2009/09/26 11:24:10 | 00,000,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Session.lnk

========== Files - No Company Name ==========
[2009/10/25 10:13:44 | 00,291,328 | ---- | C] () -- C:\zt486tv5.exe
[2009/10/23 17:26:05 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sar_15_sfx.exe
[2009/10/15 17:24:52 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/15 17:03:16 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 22:11:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\New Shortcut
[2009/10/11 16:01:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat
[2009/10/09 06:25:39 | 04,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-20021102}.BAK
[2009/10/08 15:58:21 | 00,019,794 | ---- | C] () -- C:\WINDOWS\ypynuwim.exe
[2009/10/08 15:58:21 | 00,016,410 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\naxakex.vbs
[2009/10/08 15:58:21 | 00,015,293 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\ynuwew.bin
[2009/10/08 15:58:21 | 00,014,373 | ---- | C] () -- C:\WINDOWS\ejobilumo.dat
[2009/10/08 15:58:21 | 00,013,321 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\eteqolyzih.inf
[2009/10/08 15:58:21 | 00,011,373 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\zijihis._sy
[2009/10/08 15:58:21 | 00,011,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jeva.ban
[2009/10/08 15:58:21 | 00,010,324 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ogasaxa.exe
[2009/10/08 15:58:20 | 00,019,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enyfepu.sys
[2009/10/08 15:58:20 | 00,014,617 | ---- | C] () -- C:\WINDOWS\akijyfocah.bat
[2009/10/08 15:58:20 | 00,014,512 | ---- | C] () -- C:\WINDOWS\vizubozi.ban
[2009/10/08 15:58:20 | 00,014,315 | ---- | C] () -- C:\Program Files\Common Files\ywugih.sys
[2009/10/08 15:58:20 | 00,013,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\venidi.reg
[2009/10/08 15:58:20 | 00,013,213 | ---- | C] () -- C:\Program Files\Common Files\wyhom.bat
[2009/10/08 15:58:20 | 00,013,020 | ---- | C] () -- C:\Program Files\Common Files\uxiw._sy
[2009/10/08 15:58:20 | 00,011,812 | ---- | C] () -- C:\WINDOWS\senepemar.vbs
[2009/10/08 15:58:20 | 00,011,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\azusuqab.vbs
[2009/10/08 15:58:20 | 00,010,737 | ---- | C] () -- C:\WINDOWS\awod.dat
[2009/10/08 15:58:20 | 00,010,173 | ---- | C] () -- C:\WINDOWS\System32\abecur._sy
[2009/10/08 15:58:19 | 00,019,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ejezuhoqet.sys
[2009/10/08 15:58:19 | 00,017,813 | ---- | C] () -- C:\WINDOWS\kinurify.reg
[2009/10/08 15:58:19 | 00,014,879 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\lisut.dl
[2009/10/08 15:58:19 | 00,014,200 | ---- | C] () -- C:\WINDOWS\ozalyxugi._dl
[2009/10/08 15:58:19 | 00,012,880 | ---- | C] () -- C:\Program Files\Common Files\tyjiziburi.bat
[2009/10/08 07:28:34 | 00,014,989 | ---- | C] () -- C:\WINDOWS\imaj._sy
[2009/10/08 07:28:34 | 00,014,091 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\joxeq.db
[2009/10/08 07:28:34 | 00,012,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\osimyvo.exe
[2009/10/08 07:28:34 | 00,010,209 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\eweleneh.pif
[2009/10/08 07:28:33 | 00,019,554 | ---- | C] () -- C:\WINDOWS\System32\yqakalu.reg
[2009/10/08 07:28:33 | 00,017,641 | ---- | C] () -- C:\Program Files\Common Files\exuma.sys
[2009/10/08 07:28:33 | 00,013,091 | ---- | C] () -- C:\WINDOWS\System32\ryrevypum.sys
[2009/10/08 07:28:33 | 00,010,314 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\xiba.dll
[2009/10/08 07:28:32 | 00,013,478 | ---- | C] () -- C:\WINDOWS\System32\owinaniqac.lib
[2009/10/08 07:28:31 | 00,010,995 | ---- | C] () -- C:\WINDOWS\wylyp.sys
[2009/10/08 07:28:30 | 00,018,762 | ---- | C] () -- C:\Program Files\Common Files\veviguk.scr
[2009/10/08 07:28:30 | 00,017,672 | ---- | C] () -- C:\WINDOWS\molyseqyn.bat
[2009/10/08 07:28:30 | 00,016,906 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\ofucenif._dl
[2009/10/08 07:28:30 | 00,011,702 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\ynurafi.exe
[2009/10/08 07:28:29 | 00,018,465 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gidijuseci.com
[2009/10/08 07:28:29 | 00,014,679 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\vulaku.exe
[2009/10/08 07:28:28 | 00,019,181 | ---- | C] () -- C:\WINDOWS\fywagube.sys
[2009/10/07 20:14:47 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/07 20:14:37 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/07 19:56:33 | 00,000,000 | -HS- | C] () -- C:\scandisk.lnk
[2009/10/07 19:40:50 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\iniasd.txt
[2009/10/07 19:38:57 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\wiaserva.log
[2009/10/07 17:38:28 | 00,000,647 | -HS- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk
[2009/10/02 22:16:17 | 00,006,656 | -HS- | C] () -- C:\Documents and Settings\Bill\Application Data\Thumbs.db
[2009/09/29 21:58:21 | 56,377,344 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\finalcountdown-breha.wav
[2009/09/27 01:51:06 | 32,000,300 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\01_bmf5964500k.wav
[2009/09/26 17:13:10 | 27,915,500 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\05_boogie.wav
[2009/09/26 17:13:06 | 25,523,432 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\04_someday.wav
[2009/09/26 17:13:02 | 24,474,852 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\03_opry.wav
[2009/09/26 17:12:44 | 87,913,704 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\02_joy 09-26-09.wav
[2009/09/26 17:12:30 | 37,188,844 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\01_belle parker 09-26-09.wav
[2009/09/26 11:24:10 | 00,000,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Session.lnk
[2009/02/03 22:59:30 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/01 01:40:49 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\tt.gif
[2009/02/01 01:40:49 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\nn.gif
[2009/02/01 01:40:49 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\yy.gif
[2008/12/22 08:57:02 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/05 11:43:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/12/05 11:42:57 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2008/12/05 11:38:57 | 00,007,006 | ---- | C] () -- C:\WINDOWS\hpclj2550.ini
[2008/11/29 14:36:42 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/04/12 07:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 00,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:55:14 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 11:33:50 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/03/05 11:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/02 08:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/04/13 08:01:56 | 00,045,584 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/04/13 08:01:56 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\fusioncache.dat
[2006/04/12 20:41:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/12 20:33:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bill\Application Data\desktop.ini
[2006/04/12 18:45:56 | 05,882,690 | -H-- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db
[2006/04/12 18:45:11 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/04/12 18:44:31 | 00,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/04/12 18:44:22 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2006/04/12 18:42:40 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/04/12 18:38:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2006/04/12 18:37:50 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/04/12 18:36:21 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/04/12 18:36:20 | 00,001,566 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/04/12 18:36:18 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/04/12 16:22:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/06/16 09:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/08/04 06:00:00 | 00,000,491 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/30 21:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 10/25/2009 10:15:07 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.70% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 0.70 Gb Free Space | 0.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.75 Gb Total Space | 11.39 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEFUNKBOX
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:sfx
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe" = C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe:*:Enabled:The Secret of Monkey Island: Special Edition -- ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track USB
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series" = Canon MP480 series MP Drivers
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{27F891A3-53CC-43BF-B9FD-0EF504E829A8}" = Micro
"{2A947CBB-4F5E-38D8-F49E-6C2C0D9D848E}" = Catalyst Control Center Graphics Previews Common
"{2BC1BB08-0253-4273-A9CB-61DAD039723D}" = KORG R3 Sound Editor
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard
"{30DE45EC-48B3-7617-193A-7B4CDCE18D22}" = Skins
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B5B8C28-EFC6-444C-B984-DE5561A9926F}" = M-Audio Producer USB
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5C08205C-C9E0-A607-9EB1-EB0D7C5659B3}" = Catalyst Control Center Core Implementation
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{6165536A-3F9D-46FF-8E4F-993DDB4C7DCD}" = CyberPower PowerPanel Personal Edition
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A2EB5A-8446-1554-235A-D174E39AF4E5}" = Catalyst Control Center Graphics Full Existing
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{918B89F5-3089-4631-BD8A-77990EA7E4FD}" = Session 1.6.3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B48442EE-FF84-3A89-CA50-EA2D1C64733E}" = ccc-utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC1086AD-1635-01EF-3137-04AB16B46F9F}" = ccc-core-preinstall
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE8BBC5D-2E98-451A-8CA8-8D77AFC63F9C}" = KORG USB-MIDI Driver Tools for Windows XP
"{D01B4212-C867-9074-217D-B40BB5A578FE}" = Catalyst Control Center Graphics Full New
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DCFF3DB2-0E96-6DF5-DF22-AB1C18CF5E86}" = Catalyst Control Center Graphics Light
"{DE9D0AF5-08ED-70A5-66FA-4C3B3E2A85E8}" = Catalyst Control Center HydraVision Full
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F104E135-A5EF-9551-4924-2A7B94DDDADF}" = ccc-core-static
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FBB6D1D6-BD35-50E0-37B7-375BAB8E199B}" = CCC Help English
"{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ASUS Probe V2.24.03" = ASUS Probe V2.24.03
"ATI Display Driver" = ATI Display Driver
"Autobahn" = MLB.TV NexDef Plug-in
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"Canon MP480 series User Registration" = Canon MP480 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DreamStation DXi2" = DreamStation DXi2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eMusic Download Manager" = eMusic Download Manager 4.1.1
"EsetOnlineScanner" = ESET Online Scanner
"FileZilla Client" = FileZilla Client 3.2.7.1
"FLAC" = FLAC 1.2.1b (remove only)
"Guitar Tracks Pro 3" = Guitar Tracks Pro 3
"HijackThis" = HijackThis 2.0.2
"Homestead SiteBuilder" = Homestead SiteBuilder
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = Spyware Doctor 6.1
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2009 1:20:56 AM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3836 (0xefc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/22/2009 12:53:17 AM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4408 (0x1138) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/22/2009 4:18:57 AM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 6084 (0x17c4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/23/2009 1:39:49 AM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2716 (0xa9c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/23/2009 7:05:29 PM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2332 (0x91c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/23/2009 7:21:45 PM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2516 (0x9d4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/23/2009 8:01:53 PM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1428 (0x594) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/23/2009 9:02:43 PM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1820 (0x71c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_lionheart.exe

by C:\Documents and Settings\Bill\Local Settings\Temp\krbfdz.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/25/2009 2:56:48 AM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2504 (0x9c8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/25/2009 3:26:03 AM | Computer Name = THEFUNKBOX | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2344 (0x928) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Bill\Desktop\Software\setup_fallout_tactics.exe

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 10/25/2009 12:07:03 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/25/2009 12:07:06 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/25/2009 12:07:10 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/25/2009 12:08:41 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/25/2009 12:08:51 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/25/2009 12:08:51 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/25/2009 12:08:55 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/25/2009 12:09:01 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 10/25/2009 12:09:45 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).

Error - 10/25/2009 12:09:53 PM | Computer Name = THEFUNKBOX | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 3 time(s).

< End of report >

#5 kahdah

Security Colleague
11,138 posts
OFFLINE

Gender:Male
Location:Florida
Local time:05:23 AM

Posted 26 October 2009 - 06:13 AM

The check boxes are on the bottom right hand corner.

Please also do the following:

Please download and run MBR.exe by GMER:

http://www2.gmer.net/mbr/mbr.exe

It will produce a brief log, mbr.txt in the same directory as the program. Please copy/paste that log here.
============

#6 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 26 October 2009 - 06:06 PM

Ok, ran MBR. Log is below. Do you still want me to do the step after the OTL instructions above? I'm having issues re-downloading OTL. Says it can't connect to the site.

Thanks!

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x88778e40
NDIS: NETGEAR 108 Mbps Wireless PCI Adapter WG311T -> SendCompleteHandler -> 0x887b5800
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

#7 kahdah

Security Colleague
11,138 posts
OFFLINE

Gender:Male
Location:Florida
Local time:05:23 AM

Posted 27 October 2009 - 06:57 AM

Don't worry about OTL for now.
Please do the following:

First delete the mbr.log from off of your desktop.

Then do the following:
Please ensure that file is still on your desktop before doing this:
Go to Start -> Run and type in (including quotes)

"%userprofile%\Desktop\MBR.EXE" -f

then press Enter.
Copy and paste the mbr.txt log here again

#8 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 27 October 2009 - 05:07 PM

Ok, followed the steps for MBR. Here's the most recent log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x88754e40
NDIS: NETGEAR 108 Mbps Wireless PCI Adapter WG311T -> SendCompleteHandler -> 0x88791800
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

#9 kahdah

Security Colleague
11,138 posts
OFFLINE

Gender:Male
Location:Florida
Local time:05:23 AM

Posted 28 October 2009 - 07:32 AM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - C:\WINDOWS\srcssc.exe (?????????? ??????????)
O4 - HKCU..\Run: [calc] C:\DOCUME~1\Bill\ntuser.DLL File not found
O4 - HKCU..\Run: [mserv] C:\Documents and Settings\Bill\Application Data\svcst.exe File not found
O4 - HKCU..\Run: [ttool] C:\WINDOWS\srcssc.exe (?????????? ??????????)
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2009/10/07 19:45:19 | 00,000,000 | ---D | C] -- C:\Program Files\AntivirusPro_2010
[2009/10/14 17:07:55 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/10/07 19:45:16 | 00,233,584 | ---- | C] (vikbnerobeb) -- C:\Documents and Settings\Bill\Application Data\lizkavd.exe
[2009/10/07 19:40:50 | 00,058,368 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\srcssc.exe
[2009/10/08 15:58:21 | 00,019,794 | ---- | M] () -- C:\WINDOWS\ypynuwim.exe
[2009/10/08 15:58:21 | 00,016,410 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\naxakex.vbs
[2009/10/08 15:58:21 | 00,015,293 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\ynuwew.bin
[2009/10/08 15:58:21 | 00,014,373 | ---- | M] () -- C:\WINDOWS\ejobilumo.dat
[2009/10/08 15:58:21 | 00,013,321 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\eteqolyzih.inf
[2009/10/08 15:58:21 | 00,011,373 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\zijihis._sy
[2009/10/08 15:58:21 | 00,011,083 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jeva.ban
[2009/10/08 15:58:21 | 00,010,324 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ogasaxa.exe
[2009/10/08 15:58:20 | 00,019,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\enyfepu.sys
[2009/10/08 15:58:20 | 00,014,617 | ---- | M] () -- C:\WINDOWS\akijyfocah.bat
[2009/10/08 15:58:20 | 00,014,512 | ---- | M] () -- C:\WINDOWS\vizubozi.ban
[2009/10/08 15:58:20 | 00,014,315 | ---- | M] () -- C:\Program Files\Common Files\ywugih.sys
[2009/10/08 15:58:20 | 00,013,301 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\venidi.reg
[2009/10/08 15:58:20 | 00,013,213 | ---- | M] () -- C:\Program Files\Common Files\wyhom.bat
[2009/10/08 15:58:20 | 00,013,020 | ---- | M] () -- C:\Program Files\Common Files\uxiw._sy
[2009/10/08 15:58:20 | 00,012,880 | ---- | M] () -- C:\Program Files\Common Files\tyjiziburi.bat
[2009/10/08 15:58:20 | 00,011,812 | ---- | M] () -- C:\WINDOWS\senepemar.vbs
[2009/10/08 15:58:20 | 00,011,080 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\azusuqab.vbs
[2009/10/08 15:58:20 | 00,010,737 | ---- | M] () -- C:\WINDOWS\awod.dat
[2009/10/08 15:58:20 | 00,010,173 | ---- | M] () -- C:\WINDOWS\System32\abecur._sy
[2009/10/08 15:58:19 | 00,019,058 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ejezuhoqet.sys
[2009/10/08 15:58:19 | 00,017,813 | ---- | M] () -- C:\WINDOWS\kinurify.reg
[2009/10/08 15:58:19 | 00,014,879 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\lisut.dl
[2009/10/08 15:58:19 | 00,014,200 | ---- | M] () -- C:\WINDOWS\ozalyxugi._dl
[2009/10/08 07:28:35 | 00,012,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\osimyvo.exe
[2009/10/08 07:28:34 | 00,014,989 | ---- | M] () -- C:\WINDOWS\imaj._sy
[2009/10/08 07:28:34 | 00,014,091 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\joxeq.db
[2009/10/08 07:28:34 | 00,010,209 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\eweleneh.pif
[2009/10/08 07:28:33 | 00,019,554 | ---- | M] () -- C:\WINDOWS\System32\yqakalu.reg
[2009/10/08 07:28:33 | 00,017,641 | ---- | M] () -- C:\Program Files\Common Files\exuma.sys
[2009/10/08 07:28:33 | 00,013,478 | ---- | M] () -- C:\WINDOWS\System32\owinaniqac.lib
[2009/10/08 07:28:33 | 00,013,091 | ---- | M] () -- C:\WINDOWS\System32\ryrevypum.sys
[2009/10/08 07:28:33 | 00,010,314 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\xiba.dll
[2009/10/08 07:28:31 | 00,010,995 | ---- | M] () -- C:\WINDOWS\wylyp.sys
[2009/10/08 07:28:30 | 00,018,762 | ---- | M] () -- C:\Program Files\Common Files\veviguk.scr
[2009/10/08 07:28:30 | 00,017,672 | ---- | M] () -- C:\WINDOWS\molyseqyn.bat
[2009/10/08 07:28:30 | 00,016,906 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\ofucenif._dl
[2009/10/08 07:28:30 | 00,011,702 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\ynurafi.exe
[2009/10/08 07:28:29 | 00,018,465 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gidijuseci.com
[2009/10/08 07:28:29 | 00,014,679 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\vulaku.exe
[2009/10/08 07:28:28 | 00,019,181 | ---- | M] () -- C:\WINDOWS\fywagube.sys
[2009/10/07 19:56:33 | 00,000,000 | -HS- | M] () -- C:\scandisk.lnk
[2009/10/07 19:40:30 | 00,058,368 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\srcssc.exe
[2009/10/07 17:38:37 | 00,000,647 | -HS- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

===============================
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#10 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 28 October 2009 - 08:20 AM

Okay, done and done. OTL and ComboFix logs are below.

All processes killed
========== OTL ==========
Process srcssc.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mserv deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ttool deleted successfully.
C:\WINDOWS\srcssc.exe moved successfully.
C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Program Files\AntivirusPro_2010 moved successfully.
C:\WINDOWS\System32\lowsec moved successfully.
C:\Documents and Settings\Bill\Application Data\lizkavd.exe moved successfully.
File C:\WINDOWS\srcssc.exe not found.
C:\WINDOWS\ypynuwim.exe moved successfully.
C:\Documents and Settings\All Users\Documents\naxakex.vbs moved successfully.
C:\Documents and Settings\Bill\Application Data\ynuwew.bin moved successfully.
C:\WINDOWS\ejobilumo.dat moved successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\eteqolyzih.inf moved successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\zijihis._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\jeva.ban moved successfully.
C:\Documents and Settings\All Users\Documents\ogasaxa.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\enyfepu.sys moved successfully.
C:\WINDOWS\akijyfocah.bat moved successfully.
C:\WINDOWS\vizubozi.ban moved successfully.
C:\Program Files\Common Files\ywugih.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\venidi.reg moved successfully.
C:\Program Files\Common Files\wyhom.bat moved successfully.
C:\Program Files\Common Files\uxiw._sy moved successfully.
C:\Program Files\Common Files\tyjiziburi.bat moved successfully.
C:\WINDOWS\senepemar.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\azusuqab.vbs moved successfully.
C:\WINDOWS\awod.dat moved successfully.
C:\WINDOWS\System32\abecur._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\ejezuhoqet.sys moved successfully.
C:\WINDOWS\kinurify.reg moved successfully.
C:\Documents and Settings\All Users\Documents\lisut.dl moved successfully.
C:\WINDOWS\ozalyxugi._dl moved successfully.
C:\Documents and Settings\All Users\Application Data\osimyvo.exe moved successfully.
C:\WINDOWS\imaj._sy moved successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\joxeq.db moved successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\eweleneh.pif moved successfully.
C:\WINDOWS\System32\yqakalu.reg moved successfully.
C:\Program Files\Common Files\exuma.sys moved successfully.
C:\WINDOWS\System32\owinaniqac.lib moved successfully.
C:\WINDOWS\System32\ryrevypum.sys moved successfully.
LoadLibrary failed for C:\Documents and Settings\Bill\Local Settings\Application Data\xiba.dll
C:\Documents and Settings\Bill\Local Settings\Application Data\xiba.dll NOT unregistered.
C:\Documents and Settings\Bill\Local Settings\Application Data\xiba.dll moved successfully.
C:\WINDOWS\wylyp.sys moved successfully.
C:\Program Files\Common Files\veviguk.scr moved successfully.
C:\WINDOWS\molyseqyn.bat moved successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\ofucenif._dl moved successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\ynurafi.exe moved successfully.
C:\Documents and Settings\All Users\Documents\gidijuseci.com moved successfully.
C:\Documents and Settings\Bill\Application Data\vulaku.exe moved successfully.
C:\WINDOWS\fywagube.sys moved successfully.
C:\scandisk.lnk moved successfully.
File C:\WINDOWS\srcssc.exe not found.
File C:\Documents and Settings\Bill\Start Menu\Programs\Startup\scandisk.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bill
->Temp folder emptied: 277087801 bytes
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 335097 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44043157 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: HelpAssistant
->Temp folder emptied: 39465236 bytes
->Temporary Internet Files folder emptied: 1365093 bytes
->Java cache emptied: 4886 bytes
->FireFox cache emptied: 20438888 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 194509714 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B8.TMP folder deleted successfully.
C:\WINDOWS\F20A984B9B304A9EA3AC918AF0D85A48.TMP folder deleted successfully.
%systemroot% .tmp files removed: 4883225 bytes
%systemroot%\System32 .tmp files removed: 54364 bytes
File delete failed. C:\WINDOWS\temp\mcmsc_BWecEWB9x04nMXX scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_wy3X605DD6cyoAw scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Z6Gwcj2arMh4888 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_2wb7seUnuCur7QQ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_3XcbXXOAFrweSTW scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_cozX5cGJm8E2uN9 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_GN4qVLwR5Y7wRMv scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_OmadLriJ1IeRigA scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_THAJv92HxAgbfSm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Yy73WUCEFdsI5HC scheduled to be deleted on reboot.
Windows Temp folder emptied: 200208224 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 746.28 mb

OTL by OldTimer - Version 3.0.22.1 log created on 10282009_064739

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcmsc_BWecEWB9x04nMXX not found!
File\Folder C:\WINDOWS\temp\mcmsc_wy3X605DD6cyoAw not found!
File\Folder C:\WINDOWS\temp\mcmsc_Z6Gwcj2arMh4888 not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_ec.dat not found!
File\Folder C:\WINDOWS\temp\sqlite_2wb7seUnuCur7QQ not found!
C:\WINDOWS\temp\sqlite_3XcbXXOAFrweSTW moved successfully.
File\Folder C:\WINDOWS\temp\sqlite_cozX5cGJm8E2uN9 not found!
C:\WINDOWS\temp\sqlite_GN4qVLwR5Y7wRMv moved successfully.
File\Folder C:\WINDOWS\temp\sqlite_OmadLriJ1IeRigA not found!
C:\WINDOWS\temp\sqlite_THAJv92HxAgbfSm moved successfully.
File\Folder C:\WINDOWS\temp\sqlite_Yy73WUCEFdsI5HC not found!

Registry entries deleted on Reboot...

----------

ComboFix 09-10-27.07 - David 10/28/2009 6:58.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1547 [GMT -6:00]
Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bill\Application Data\iniasd.txt
c:\documents and settings\Bill\Application Data\wiaserva.log
c:\documents and settings\Bill\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Bill\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Bill\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\sFX
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\0101120101465752.dat
c:\windows\system32\sdra64.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFX
-------\Legacy_SFXDRV
-------\Service_sfx

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 13:04 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-28 13:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-28 12:47 . 2009-10-28 12:47 -------- d-----w- C:\_OTL
2009-10-25 16:13 . 2009-10-25 16:13 291328 ----a-w- C:\zt486tv5.exe
2009-10-23 23:26 . 2009-10-23 23:26 -------- d-----w- c:\program files\Sophos
2009-10-23 23:20 . 2009-10-23 23:20 -------- d-----w- c:\documents and settings\Bill\Application Data\AVG8
2009-10-15 23:11 . 2009-10-15 23:11 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-10-08 03:08 . 2009-10-08 14:03 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-10-08 03:08 . 2009-10-08 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-10-08 03:08 . 2009-10-08 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\Swarmcast
2009-10-08 02:15 . 2008-12-11 14:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-08 02:14 . 2009-08-24 20:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-08 02:14 . 2009-08-19 17:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-08 02:14 . 2009-10-08 02:15 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-08 02:14 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-08 02:13 . 2009-10-08 02:15 -------- d-----w- c:\program files\Spyware Doctor
2009-10-08 02:13 . 2009-10-08 02:13 -------- d-----w- c:\documents and settings\Bill\Application Data\PC Tools
2009-10-08 02:13 . 2009-10-08 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-08 02:12 . 2009-10-11 23:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-08 01:52 . 2009-10-08 01:52 -------- d-----w- c:\documents and settings\HelpAssistant\.autobahn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 13:08 . 2009-08-16 19:22 -------- d-----w- c:\program files\Steam
2009-10-27 23:03 . 2008-12-22 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 22:09 . 2009-02-25 06:40 -------- d-----w- c:\program files\McAfee
2009-10-27 22:05 . 2009-02-02 02:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-14 02:21 . 2008-12-18 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-11 18:02 . 2009-05-02 02:34 -------- d-----w- c:\documents and settings\Bill\Application Data\BitTorrent
2009-10-08 02:04 . 2009-04-29 04:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 01:41 . 2009-10-08 03:08 0 ----a-w- c:\documents and settings\HelpAssistant\ntuser.tmp
2009-10-03 04:16 . 2009-05-04 05:10 -------- d-----w- c:\documents and settings\Bill\Application Data\ColorCop
2009-09-26 17:26 . 2009-09-26 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\M-Audio
2009-09-26 17:25 . 2009-09-26 17:23 -------- d-----w- c:\program files\M-Audio
2009-09-26 17:25 . 2006-04-13 00:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-26 17:23 . 2009-09-26 17:23 -------- d-----w- c:\documents and settings\Bill\Application Data\InstallShield
2009-09-25 05:37 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 23:43 . 2009-09-24 23:42 -------- d-----w- c:\program files\iTunes
2009-09-24 23:42 . 2009-09-24 23:42 -------- d-----w- c:\program files\iPod
2009-09-24 23:42 . 2008-11-30 17:36 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 05:26 . 2009-09-19 23:37 -------- d-----w- c:\documents and settings\Bill\Application Data\FileZilla
2009-09-18 03:44 . 2009-09-18 03:44 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-16 16:22 . 2009-02-01 17:43 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 16:22 . 2009-02-01 17:43 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 16:22 . 2009-02-01 17:43 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 16:22 . 2009-01-09 19:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 16:22 . 2009-02-01 17:39 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:44 . 2009-09-11 03:44 45056 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 03:31 . 2008-11-30 17:38 -------- d-----w- c:\documents and settings\Bill\Application Data\Apple Computer
2009-09-11 00:15 . 2009-09-11 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 00:13 . 2009-09-11 00:13 -------- d-----w- c:\program files\Bonjour
2009-09-11 00:13 . 2009-09-11 00:12 -------- d-----w- c:\program files\QuickTime
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 01:42 . 2009-03-12 03:24 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 01:42 . 2008-11-30 17:36 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 05:33 . 2009-08-18 05:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 01:24 . 2006-04-13 02:28 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 01:24 . 2006-04-13 02:28 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 01:24 . 2006-04-13 02:28 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 01:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 01:24 . 2006-04-13 02:28 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 01:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 01:23 . 2006-04-13 02:28 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 01:23 . 2009-01-23 04:58 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 01:23 . 2009-01-23 04:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 01:23 . 2006-04-13 02:28 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2006-02-28 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-25 1217808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-2-22 1486848]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=KORGUMDD.DRV

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Bill\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"ppped"=2 (0x2)
"Norton Ghost"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [7/19/2004 9:47 AM 26112]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/12/2009 11:13 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/7/2009 8:14 PM 206256]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 1:33 AM 138780]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 2:13 AM 46779]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/25/2009 12:44 AM 210216]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [4/10/2007 3:32 AM 16168]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [8/25/2006 2:09 AM 14976]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [9/26/2009 11:25 AM 132096]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/28/2009 3:36 AM 38496]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\17.tmp --> c:\windows\system32\17.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/7/2009 8:13 PM 348752]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 1:06 PM 1028432]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 05:13]

2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-25 18:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-25 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sirius.com/siriusinternetradio
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\xidydojn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\xidydojn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Bill\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 07:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\17.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.24.03]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2476)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\combofix\CF7720.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\GEARSec.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 7:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 13:16

Pre-Run: 1,237,155,840 bytes free
Post-Run: 1,044,201,472 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 37E559B8F014C032B49169697C27980F

#11 kahdah

Security Colleague
11,138 posts
OFFLINE

Gender:Male
Location:Florida
Local time:05:23 AM

Posted 28 October 2009 - 12:37 PM

Install/Run Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#12 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 28 October 2009 - 02:45 PM

Ok,done and done. MBAM and ESET logs below.

Malwarebytes' Anti-Malware 1.41
Database version: 3047
Windows 5.1.2600 Service Pack 3

10/28/2009 12:12:28 PM
mbam-log-2009-10-28 (12-12-28).txt

Scan type: Quick Scan
Objects scanned: 106883
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HelpAssistant\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HelpAssistant\Application Data\lizkavd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

----------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=823785541761744e8cf4ab58bbb09244
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-10-28 07:27:27
# local_time=2009-10-28 01:27:27 (-0700, Mountain Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 14921219 14921219 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776869 100 96 71313 9591181 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=105200
# found=3
# cleaned=3
# scan_time=3590
C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir Win32/Spy.Zbot.UN trojan (cleaned by deleting - quarantined) 8F324363D0F7F1645B9ABA0D1E5C63B0 C
C:\_OTL\MovedFiles\10282009_064739\Documents and Settings\Bill\Application Data\lizkavd.exe a variant of Win32/Kryptik.ATV trojan (cleaned by deleting - quarantined) 6C54CAB14C30CC6DF73F77E01FA0B895 C
C:\_OTL\MovedFiles\10282009_064739\WINDOWS\srcssc.exe a variant of Win32/Kryptik.AEX trojan (cleaned by deleting - quarantined) B9A53D0F18A1A25A893F3015ABCCA06F C

#13 kahdah

Security Colleague
11,138 posts
OFFLINE

Gender:Male
Location:Florida
Local time:05:23 AM

Posted 28 October 2009 - 05:29 PM

Great let me know how things are running?

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

#14 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 28 October 2009 - 05:39 PM

Seems like things are definitely running better.

Here's the OTL log. Anything else I should do?

OTL logfile created on: 10/28/2009 4:36:30 PM - Run 5
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.03% Memory free
3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 8.76 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.75 Gb Total Space | 3.03 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEFUNKBOX
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\acs.exe ()
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACS [Auto | Running]) -- C:\WINDOWS\System32\acs.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Auto | Running]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Disabled | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Norton Ghost [Disabled | Stopped]) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ppped [Disabled | Stopped]) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (TermService [Auto | Running]) -- C:\WINDOWS\System32\termsrv32.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AR5211 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\WG311T13.sys (Atheros Communications, Inc.)
DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (aslm75 [System | Running]) -- C:\WINDOWS\System32\drivers\aslm75.sys ()
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (COMMONFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (dot4ufd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hppaufd0.sys (HP)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GearAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hap17v2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (iteraid [Boot | Running]) -- C:\WINDOWS\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KORGUMDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\KORGUMDS.SYS (KORG Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MAUSBFT [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mausbft.sys (Avid Technology, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PfDetNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (PQIMount [System | Running]) -- C:\WINDOWS\System32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQV2i [Boot | Running]) -- C:\WINDOWS\System32\drivers\PQV2i.sys (StorageCraft)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\saHook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/siriusinternetradio
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?rls=ig&hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/09/10 18:13:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/09/10 18:13:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2009/01/19 19:45:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 16:10:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 17:00:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/20 13:26:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 09:53:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 15:07:35 | 00,000,000 | ---D | M]

[2008/11/30 11:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions
[2008/11/30 11:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/28 07:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions
[2009/09/04 21:51:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/05 15:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/20 21:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\moveplayer@movenetworks.com
[2009/04/17 16:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\xidydojn.default\extensions\support@ancestry.com
[2009/10/28 07:28:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/28 09:53:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/20 13:26:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/29 06:29:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/28 09:53:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/28 09:53:19 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 15:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/03/02 07:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2008/09/03 18:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 12:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 16:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/01/17 05:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2009/01/14 10:05:06 | 00,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2007/07/02 09:42:20 | 00,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2009/10/28 09:53:21 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/10 18:13:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/09/03 18:58:32 | 08,443,120 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2009/04/07 20:27:25 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/09/03 18:37:30 | 10,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2009/09/03 18:58:36 | 00,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2009/05/01 15:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/14 06:06:26 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/14 06:06:27 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/14 06:06:27 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/14 06:06:27 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/14 06:06:27 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/14 06:06:27 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/14 06:06:27 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/12 20:29:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/07 20:13:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/07 20:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/23 17:20:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\AVG8
[2009/10/07 20:13:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\PC Tools
[2009/10/07 20:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/28 12:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/28 15:07:32 | 00,000,000 | ---D | C] -- C:\Program Files\Sibelius Software
[2009/10/23 17:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/10/07 20:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/28 16:35:47 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2009/10/28 12:22:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/28 11:57:48 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bill\Desktop\mbam-setup.exe
[2009/10/28 07:04:38 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/28 07:04:38 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/10/28 06:56:56 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/28 06:56:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/28 06:56:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/28 06:56:56 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/28 06:56:30 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/28 06:47:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/23 17:20:34 | 00,889,840 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Bill\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/07 20:51:01 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe
[2009/10/07 20:15:25 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/07 20:14:46 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/07 20:14:46 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/07 20:14:23 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2007/04/09 11:32:58 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2009/10/28 16:35:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2009/10/28 16:35:38 | 00,015,491 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/28 15:09:04 | 00,059,304 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/28 15:04:39 | 10,609,664 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Scorch610NSPluginInstaller.msi
[2009/10/28 12:16:33 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/28 12:15:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/28 12:15:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/28 12:15:47 | 00,079,008 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/10/28 12:15:44 | 21,467,50464 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 12:13:20 | 00,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/28 12:13:20 | 00,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/28 12:13:20 | 00,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/28 12:13:20 | 00,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/28 12:13:20 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/10/28 11:58:14 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 11:57:49 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bill\Desktop\mbam-setup.exe
[2009/10/28 10:43:07 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BitTorrent.lnk
[2009/10/28 07:08:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/28 07:08:20 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/28 06:55:31 | 03,440,512 | R--- | M] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe
[2009/10/26 23:13:17 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/26 20:34:01 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/26 16:43:45 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\mbr.exe
[2009/10/25 10:13:49 | 00,291,328 | ---- | M] () -- C:\zt486tv5.exe
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 17:26:11 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sar_15_sfx.exe
[2009/10/23 17:20:38 | 00,889,840 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Bill\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/22 09:51:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/18 22:16:23 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/16 17:02:10 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 17:34:05 | 00,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 17:34:05 | 00,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 17:34:04 | 00,531,002 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 17:24:52 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/13 22:11:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\New Shortcut
[2009/10/11 16:01:51 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat
[2009/10/11 11:29:45 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-20021102}.CDF
[2009/10/11 11:29:45 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-20021102}.BAK
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 03:04:07 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 20:51:03 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe
[2009/10/07 20:14:37 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/02 12:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 01:00:13 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/09/29 21:58:41 | 56,377,344 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\finalcountdown-breha.wav

========== Files - No Company Name ==========
[2009/10/28 15:03:43 | 10,609,664 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Scorch610NSPluginInstaller.msi
[2009/10/28 10:43:07 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\BitTorrent.lnk
[2009/10/28 06:56:56 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/28 06:56:56 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/28 06:56:56 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/28 06:56:56 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/28 06:56:56 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/28 06:55:21 | 03,440,512 | R--- | C] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe
[2009/10/26 16:43:42 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\mbr.exe
[2009/10/25 10:13:44 | 00,291,328 | ---- | C] () -- C:\zt486tv5.exe
[2009/10/23 17:26:05 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sar_15_sfx.exe
[2009/10/15 17:24:52 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/15 17:03:16 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 22:11:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\New Shortcut
[2009/10/11 16:01:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat
[2009/10/09 06:25:39 | 04,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-20021102}.BAK
[2009/10/07 20:14:47 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/07 20:14:37 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/02 22:16:17 | 00,006,656 | -HS- | C] () -- C:\Documents and Settings\Bill\Application Data\Thumbs.db
[2009/09/29 21:58:21 | 56,377,344 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\finalcountdown-breha.wav
[2009/02/03 22:59:30 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/01 01:40:49 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\tt.gif
[2009/02/01 01:40:49 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\nn.gif
[2009/02/01 01:40:49 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\yy.gif
[2008/12/22 08:57:02 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/05 11:43:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/12/05 11:42:57 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2008/12/05 11:38:57 | 00,007,006 | ---- | C] () -- C:\WINDOWS\hpclj2550.ini
[2008/11/29 14:36:42 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/04/12 07:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 00,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:55:14 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 11:33:50 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/03/05 11:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/02 08:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/04/13 08:01:56 | 00,059,304 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/04/13 08:01:56 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\fusioncache.dat
[2006/04/12 20:41:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/12 20:33:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bill\Application Data\desktop.ini
[2006/04/12 18:45:56 | 05,882,690 | -H-- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db
[2006/04/12 18:45:11 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/04/12 18:44:31 | 00,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/04/12 18:44:22 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2006/04/12 18:42:40 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/04/12 18:38:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2006/04/12 18:37:50 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/04/12 18:36:21 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/04/12 18:36:20 | 00,001,566 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/04/12 18:36:18 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/04/12 16:22:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/06/16 09:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/08/04 06:00:00 | 00,000,491 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/30 21:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#15 yonderwanderer

Topic Starter

Members
16 posts
OFFLINE

Local time:05:23 AM

Posted 28 October 2009 - 05:43 PM

And a quick follow-up... if I had an external HD hooked up at the time this occurred (which I don't fully know if I did), what's the likelihood I'll have to deal with the infection there as well?