Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

livefeedinc, thefeedyard redirecting trojan/virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 lonpangit

lonpangit

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 12 October 2009 - 07:51 PM

so i basically followed those directions from kahdah, who responded to a user who has the same problem as me: i barely can visit any websites without being redirected from the websites mentioned above to another website, which is really annoying. so this is what kahdah told the user

"Welcome to Welcome to BleepingComputer smile.gif
=====================

* Download OTL to your desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Under the Standard Registry box change it to All.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download This file. Note its name and save it to your root folder, such as C:\.

* Disconnect from the Internet and close all running programs.
* Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
* Click on this link to see a list of programs that should be disabled.
* Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
* Allow the driver to load if asked.
* You may be prompted to scan immediately if it detects rootkit activity.
* If you are prompted to scan your system click "Yes" to begin the scan.
* If not prompted, click the "Rootkit/Malware" tab.
* On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
* Select all drives that are connected to your system to be scanned.
* Click the Scan button to begin. (Please be patient as it can take some time to complete)
* When the scan is finished, click Save to save the scan results to your Desktop.
* Save the file as Results.log and copy/paste the contents in your next reply.
* Exit the program and re-enable all active protection when done."




OTL RESULTS

extras.txt

OTL Extras logfile created on: 10/12/2009 1:40:42 AM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Lawrence\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 97.25 Mb Available Physical Memory | 25.43% Memory free
920.35 Mb Paging File | 500.93 Mb Available in Paging File | 54.43% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.97 Gb Total Space | 38.18 Gb Free Space | 57.01% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.94 Gb Free Space | 12.52% Space Free | Partition Type: FAT32
Drive E: | 94.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC315417827683
Current User Name: Lawrence
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 B3
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{798E409B-F5CA-449E-9BE6-E18199E007C6}" = HP User Guides 0024
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.1 beta
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2009 10:41:12 PM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 25 seconds;

Error - 10/4/2009 9:36:55 PM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3720 (0xe88) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.1.100
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Lawrence\Application
Data\Mozilla\Firefox\Profiles\rs1sh7re.default\sessionstore-2.js by C:\Program
Files\Mozilla Firefox\firefox.exe 4(250)(0) 4(141)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/4/2009 9:37:19 PM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 10/7/2009 8:32:34 PM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2260 (0x8d4) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.1.100
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All
Users\Application Data\McAfee\Common Framework\Db\Agent_PC315417827683.xml by C:\Program
Files\McAfee\Common Framework\FrameworkService.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/7/2009 8:32:59 PM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 10/10/2009 4:53:47 AM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4000 (0xfa0) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.1.100
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\System32\xmlprovi.dll

by C:\WINDOWS\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/10/2009 4:53:51 AM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 10/11/2009 3:55:28 PM | Computer Name = PC315417827683 | Source = Application Error | ID = 1000
Description = Faulting application db8d.tmp, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x004110b2.

Error - 10/11/2009 8:30:04 PM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2648 (0xa58) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.1.100
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\SYSTEM32\WIN32K.SYS

by **\FIREFOX.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 10/11/2009 8:30:28 PM | Computer Name = PC315417827683 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

[ System Events ]
Error - 10/11/2009 6:48:34 PM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.

Error - 10/11/2009 7:48:37 PM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.

Error - 10/11/2009 8:31:09 PM | Computer Name = PC315417827683 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/11/2009 8:37:10 PM | Computer Name = PC315417827683 | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 169.234.81.137,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 10/11/2009 8:48:41 PM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.

Error - 10/11/2009 10:24:41 PM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.

Error - 10/11/2009 11:30:31 PM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.

Error - 10/12/2009 12:42:31 AM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.

Error - 10/12/2009 2:06:31 AM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.

Error - 10/12/2009 3:42:27 AM | Computer Name = PC315417827683 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JESSE-370E72CD4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E3D30616-344. The master browser is stopping or an election is being
forced.


< End of report >



OTL.txt

OTL logfile created on: 10/12/2009 1:40:42 AM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Lawrence\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 97.25 Mb Available Physical Memory | 25.43% Memory free
920.35 Mb Paging File | 500.93 Mb Available in Paging File | 54.43% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.97 Gb Total Space | 38.18 Gb Free Space | 57.01% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.94 Gb Free Space | 12.52% Space Free | Partition Type: FAT32
Drive E: | 94.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC315417827683
Current User Name: Lawrence
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lawrence\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ICDSPTSV [On_Demand | Stopped]) -- C:\WINDOWS\System32\IcdSptSv.exe (Sony Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (McAfeeFramework [Auto | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (ICDUSB3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ICDUSB3.sys (Sony Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 03:03:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/28 11:14:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 17:19:49 | 00,000,000 | ---D | M]

[2008/10/05 12:16:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\mozilla\Extensions
[2008/10/05 12:16:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 01:21:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\mozilla\Firefox\Profiles\rs1sh7re.default\extensions
[2009/09/07 23:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\mozilla\Firefox\Profiles\rs1sh7re.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/31 11:22:12 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Lawrence\Application Data\Mozilla\FireFox\Profiles\rs1sh7re.default\searchplugins\ask.xml
[2009/09/23 00:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 17:19:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/11 17:19:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 17:19:23 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/09/11 17:19:30 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/04/08 01:27:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/08 01:27:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/08 01:27:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/08 01:27:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/08 01:27:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/08 01:27:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/08 01:27:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/09/09 00:49:37 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/09 00:49:37 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/09 00:49:37 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/09 00:49:37 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/09 00:49:37 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/09 00:49:37 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/09 00:49:37 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [calc] C:\Documents and Settings\Lawrence\ntuser.dll (Microsoft)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: adobe.com ([get] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.200.1.201 128.200.192.202
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/01/14 18:01:52 | 00,000,035 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/10 21:29:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/22 16:57:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence\Application Data\CiscoCAA
[2009/10/04 13:24:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence\Application Data\InstallShield
[2009/10/10 21:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence\Application Data\Malwarebytes
[4 C:\Documents and Settings\Lawrence\Desktop\*.tmp files]
[2009/09/22 17:10:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009/09/22 18:38:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/09/22 16:56:53 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2009/10/10 21:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/04 13:24:52 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/10/10 21:29:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/10 21:29:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/06 15:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence\Desktop\bio97hourly
[2009/10/04 13:39:40 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2009/10/04 13:29:38 | 00,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/10/04 13:29:38 | 00,122,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/10/04 13:29:38 | 00,120,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/10/04 13:29:38 | 00,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/10/04 13:29:38 | 00,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/10/04 13:29:38 | 00,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/10/04 13:29:38 | 00,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/10/04 13:29:38 | 00,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/10/04 13:29:32 | 00,031,744 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\ICDSX.sys
[2009/10/04 13:29:21 | 01,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2009/10/04 13:29:21 | 00,011,264 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\ICDUSB3.sys
[2009/10/04 13:28:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence\My Documents\Voice Files
[2009/10/04 13:28:47 | 00,039,048 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\IcdUsb2.sys
[2009/10/04 13:28:43 | 00,026,409 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\Icdusb.sys
[2009/10/04 13:26:51 | 01,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2009/10/04 13:26:51 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/10/04 13:26:51 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/10/04 13:26:51 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/10/04 13:26:51 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/10/04 13:26:51 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/10/04 13:26:51 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/10/04 13:26:51 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/10/04 13:26:51 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009/10/04 13:26:51 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2009/10/04 13:26:51 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/10/04 13:26:51 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/10/04 13:26:51 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/10/04 13:26:51 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/10/04 13:26:51 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009/10/04 13:26:51 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2009/10/04 13:26:51 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/10/04 13:26:51 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/10/04 13:26:51 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2009/10/04 13:26:51 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2009/10/04 13:26:51 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2009/10/04 13:26:51 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/10/04 13:26:51 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/10/04 13:26:51 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/10/04 13:26:51 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2009/10/04 13:26:51 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2009/10/04 13:26:51 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2009/10/04 13:26:51 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2009/10/04 13:26:51 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/10/04 13:26:51 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2009/10/04 13:26:51 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/10/04 13:26:51 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/10/04 13:26:51 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/10/04 13:26:47 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dxof.dll
[2009/10/04 13:26:47 | 00,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxapi.sys
[2009/10/04 13:26:46 | 00,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dramp.dll
[2009/10/04 13:26:46 | 00,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim.dll
[2009/10/04 13:26:46 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3drm.dll
[2009/10/04 13:26:46 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dpmesh.dll
[2009/10/04 13:26:45 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2009/10/04 13:26:45 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2009/10/04 13:26:45 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2009/10/04 13:26:45 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2009/10/04 13:26:45 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2009/10/04 13:26:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2009/10/04 13:26:45 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2009/10/04 13:26:45 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2009/10/04 13:26:45 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2009/10/04 13:26:45 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2009/10/04 13:26:44 | 01,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2009/10/04 13:26:44 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2009/10/04 13:26:43 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2009/10/04 13:26:43 | 00,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diactfrm.dll
[2009/10/04 13:26:43 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2009/10/04 13:26:43 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2009/10/04 13:26:43 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2009/10/04 13:26:43 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2009/10/04 13:26:43 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2009/10/04 13:26:43 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2009/10/04 13:26:42 | 01,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2009/10/04 13:26:42 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2009/10/04 13:26:42 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2009/10/04 13:26:42 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimap.dll
[2009/10/04 13:26:42 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2009/10/04 13:26:42 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2009/10/04 13:26:42 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2009/10/04 13:26:42 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2009/10/04 13:26:42 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2009/10/04 13:26:42 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2009/10/04 13:26:41 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2009/10/04 13:26:41 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2009/10/04 13:26:41 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2009/10/04 13:26:41 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2009/10/04 13:26:41 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gcdef.dll
[2009/10/04 13:26:41 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2009/10/04 13:26:41 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2009/10/04 13:26:41 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2009/10/04 13:26:40 | 00,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2009/10/04 13:26:40 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2009/10/04 13:26:40 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2009/10/04 13:26:39 | 00,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2009/10/04 13:26:39 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2009/10/04 13:26:03 | 01,650,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdShlex.dll
[2009/10/04 13:26:03 | 01,340,656 | ---- | C] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControlSony.dll
[2009/10/04 13:26:03 | 01,029,360 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUISony.dll
[2009/10/04 13:26:03 | 00,586,992 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbLinkSony.dll
[2009/10/04 13:26:03 | 00,208,896 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\ICDFConv.dll
[2009/10/04 13:26:03 | 00,126,976 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdYsys.dll
[2009/10/04 13:26:03 | 00,094,208 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdSptSv.exe
[2009/10/04 13:26:03 | 00,061,440 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\DSConv.dll
[2009/10/04 13:26:03 | 00,057,344 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\StrmOut.dll
[2009/10/04 13:26:02 | 00,573,440 | ---- | C] (http://www.id3lib.org/) -- C:\WINDOWS\System32\id3lib.dll
[2009/10/04 13:26:02 | 00,348,160 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\MP3Enc.dll
[2009/10/04 13:26:02 | 00,323,584 | ---- | C] (Sony corporation) -- C:\WINDOWS\System32\LPEC.dll
[2009/10/04 13:26:02 | 00,317,440 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdXa.dll
[2009/10/04 13:26:02 | 00,249,856 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdStor2.dll
[2009/10/04 13:26:02 | 00,233,472 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdComm4.dll
[2009/10/04 13:26:02 | 00,221,184 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdComm3.dll
[2009/10/04 13:26:02 | 00,221,184 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdComm2.dll
[2009/10/04 13:26:02 | 00,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\spiccDve.dll
[2009/10/04 13:26:02 | 00,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\spicc.dll
[2009/10/04 13:26:02 | 00,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdSConv.dll
[2009/10/04 13:26:02 | 00,094,208 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdCddaDve.dll
[2009/10/04 13:26:02 | 00,094,208 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdCdda.dll
[2009/10/04 13:26:02 | 00,086,016 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdMSCom.dll
[2009/10/04 13:26:02 | 00,073,728 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\ICDUSB2.dll
[2009/10/04 13:26:02 | 00,073,728 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\ICDUSB.dll
[2009/10/04 13:26:02 | 00,073,728 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdSpiDve.dll
[2009/10/04 13:26:02 | 00,073,728 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdSpi.dll
[2009/10/04 13:26:02 | 00,065,536 | ---- | C] (Sony corporation) -- C:\WINDOWS\System32\rcnv2.dll
[2009/10/04 13:26:02 | 00,065,536 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\ICDUSB3.dll
[2009/10/04 13:26:02 | 00,057,344 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\icdcomm.dll
[2009/10/04 13:26:02 | 00,028,672 | ---- | C] ( Sony/AC???) -- C:\WINDOWS\System32\spc.dll
[2009/10/04 13:26:02 | 00,016,384 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdShare.dll
[2009/10/04 13:25:44 | 00,110,592 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\trcsp.ax
[2009/10/04 13:25:44 | 00,110,592 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\lpecsp.ax
[2009/10/04 13:25:44 | 00,102,400 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\msvdec.ax
[2009/10/04 13:25:44 | 00,069,632 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\trcde.ax
[2009/10/04 13:25:43 | 00,995,328 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\lcstde.ax
[2009/10/04 13:25:43 | 00,131,072 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdSrc3.ax
[2009/10/04 13:25:43 | 00,110,592 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\lcstsp.ax
[2009/10/04 13:25:43 | 00,102,400 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdPars.ax
[2009/10/04 13:25:43 | 00,077,824 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdSrc2.ax
[2009/10/04 13:25:43 | 00,073,728 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\icdsrc.ax
[2009/10/04 13:25:43 | 00,073,728 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\DPCtrl.ax
[2009/10/04 13:25:43 | 00,069,632 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\lpecde.ax
[2009/10/04 13:25:43 | 00,065,536 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\IcdAfs.ax
[2009/10/04 13:25:42 | 00,053,248 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\AudiDest.ax
[2009/09/22 18:39:15 | 00,072,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/09/22 18:39:15 | 00,064,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2009/09/22 18:39:15 | 00,052,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2009/09/22 18:39:15 | 00,034,152 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/09/22 18:39:14 | 00,168,776 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/09/22 17:10:36 | 01,495,552 | ---- | C] (PGP Corporation) -- C:\WINDOWS\System32\epoPGPsdk.dll
[2009/09/22 16:56:06 | 10,694,418 | ---- | C] (Cisco Systems, Inc.) -- C:\Documents and Settings\Lawrence\Desktop\CCAAgent_Setup.exe

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Lawrence\Desktop\*.tmp files]
[2009/10/11 17:37:10 | 00,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/10/11 17:33:49 | 00,000,297 | ---- | M] () -- C:\hpqp.ini
[2009/10/11 17:33:42 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/10/11 17:33:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/11 17:33:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/11 17:33:06 | 40,113,3568 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/10 21:29:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 11:05:05 | 00,024,475 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\twilight-28-199x300.jpg
[2009/10/08 11:01:58 | 00,000,084 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\httpblog.strobix.de20091005zwielichtige-gestalten#.URL
[2009/10/07 16:06:45 | 00,046,048 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\happyslip.jpg
[2009/10/07 16:06:35 | 00,034,331 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\cathy.jpg
[2009/10/07 03:03:30 | 66,373,632 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\001_A_002_lawrencepangit_091007_001_2009_10_07.mp3
[2009/10/04 22:55:27 | 00,060,131 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\10417_1200701291568_1049610231_30659908_6077021_n.jpg
[2009/10/04 13:57:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\DVEdit.INI
[2009/10/04 13:42:36 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
[2009/10/04 13:42:21 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/10/04 13:25:38 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Digital Voice Editor 3.lnk
[2009/09/30 17:44:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/23 08:09:41 | 00,043,107 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\1-160a538be4db4b0a2127632b608d9fd5.jpg
[2009/09/23 01:51:45 | 00,082,155 | ---- | M] () -- C:\Documents and Settings\Lawrence\Desktop\8826_292381935304_690205304_8809501_6059011_n.jpg
[2009/09/23 00:18:41 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Lawrence\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 16:56:55 | 00,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2009/09/22 16:56:55 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2009/09/22 16:56:15 | 10,694,418 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Lawrence\Desktop\CCAAgent_Setup.exe
[2009/09/20 15:14:48 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files - No Company Name ==========
[2009/10/10 21:29:06 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 14:35:25 | 66,373,632 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\001_A_002_lawrencepangit_091007_001_2009_10_07.mp3
[2009/10/08 11:04:45 | 00,024,475 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\twilight-28-199x300.jpg
[2009/10/08 11:01:58 | 00,000,084 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\httpblog.strobix.de20091005zwielichtige-gestalten#.URL
[2009/10/07 16:06:44 | 00,046,048 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\happyslip.jpg
[2009/10/07 16:06:25 | 00,034,331 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\cathy.jpg
[2009/10/04 22:55:48 | 00,060,131 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\10417_1200701291568_1049610231_30659908_6077021_n.jpg
[2009/10/04 13:57:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2009/10/04 13:42:36 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
[2009/10/04 13:42:21 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/10/04 13:28:45 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2009/10/04 13:26:51 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/04 13:26:51 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2009/10/04 13:26:51 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2009/10/04 13:26:51 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009/10/04 13:26:51 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2009/10/04 13:26:51 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009/10/04 13:26:48 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2009/10/04 13:26:48 | 00,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2009/10/04 13:26:48 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2009/10/04 13:26:47 | 00,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2009/10/04 13:26:47 | 00,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2009/10/04 13:26:47 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2009/10/04 13:26:47 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2009/10/04 13:26:47 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2009/10/04 13:26:47 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2009/10/04 13:26:47 | 00,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2009/10/04 13:26:03 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2009/10/04 13:26:02 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2009/10/04 13:26:02 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2009/10/04 13:25:38 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Digital Voice Editor 3.lnk
[2009/09/23 08:09:41 | 00,043,107 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\1-160a538be4db4b0a2127632b608d9fd5.jpg
[2009/09/23 01:51:38 | 00,082,155 | ---- | C] () -- C:\Documents and Settings\Lawrence\Desktop\8826_292381935304_690205304_8809501_6059011_n.jpg
[2009/09/22 17:10:38 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/09/22 16:56:55 | 00,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2009/09/22 16:56:55 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2009/03/31 14:31:10 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Lawrence\Application Data\winscp.rnd
[2008/10/04 19:38:11 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Lawrence\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/04 18:08:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Lawrence\Application Data\desktop.ini
[2008/10/04 18:08:55 | 04,839,504 | -H-- | C] () -- C:\Documents and Settings\Lawrence\Local Settings\Application Data\IconCache.db
[2008/10/04 18:08:55 | 00,097,968 | ---- | C] () -- C:\Documents and Settings\Lawrence\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/04 18:08:55 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Lawrence\Local Settings\Application Data\fusioncache.dat
[2006/01/18 01:59:22 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/01/18 01:45:30 | 00,004,491 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/01/18 01:37:34 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/18 01:33:52 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/18 01:27:56 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 03:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 06:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:58:22 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 22:47:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/06 22:46:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/01/13 09:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== LOP Check ==========

[2009/10/10 21:29:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/30 02:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 00:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/16 00:37:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/10/04 16:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/10/07 02:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/10/04 16:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/10/04 16:02:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/10/04 16:02:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/22 23:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/10 21:29:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Lawrence\Application Data
[2008/10/16 00:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\acccore
[2009/08/26 01:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\BitTorrent
[2009/09/22 16:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\CiscoCAA
[2009/07/11 23:01:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\dvdcss
[2008/10/04 16:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence\Application Data\Intuit
[2009/09/30 17:44:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 01:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/11 17:33:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


GMER results

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-12 11:06:20
Windows 5.1.2600 Service Pack 3
Running: s1e1xr5f.exe; Driver: C:\DOCUME~1\Lawrence\LOCALS~1\Temp\awtyiaod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEB9652DB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEB9652EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEB96531B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEB9652C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEB965305]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEB965331]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEB965347]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP EB96534B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP EB965335 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D52 7 Bytes JMP EB965309 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A330 5 Bytes JMP EB9652DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C0 7 Bytes JMP EB9652F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A990 7 Bytes JMP EB96531F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B702 5 Bytes JMP EB9652CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[144] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[144] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[144] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[144] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[144] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[160] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 010029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[160] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[160] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[160] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[160] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HP\QuickPlay\QPService.exe[188] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 009C29A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HP\QuickPlay\QPService.exe[188] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 009C1BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HP\QuickPlay\QPService.exe[188] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 009C1B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HP\QuickPlay\QPService.exe[188] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 009C1B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HP\QuickPlay\QPService.exe[188] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 009C1B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[208] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[208] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[208] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[208] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[208] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\iTunes\iTunesHelper.exe[428] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 094F29A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\iTunes\iTunesHelper.exe[428] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 094F1BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\iTunes\iTunesHelper.exe[428] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 094F1B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\iTunes\iTunesHelper.exe[428] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 094F1B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\iTunes\iTunesHelper.exe[428] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 094F1B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[548] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 013129A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[548] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01311BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[548] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01311B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[548] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01311B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[548] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01311B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\ctfmon.exe[948] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\ctfmon.exe[948] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\ctfmon.exe[948] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\ctfmon.exe[948] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\ctfmon.exe[948] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[1296] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[1296] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[1296] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[1296] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[1296] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1380] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1380] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1380] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1380] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1380] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\McTray.exe[1432] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\McTray.exe[1432] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\McTray.exe[1432] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\McTray.exe[1432] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\McAfee\Common Framework\McTray.exe[1432] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1636] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00CF29A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1636] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00CF1BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1636] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00CF1B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1636] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00CF1B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1636] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00CF1B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[1796] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[1796] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[1796] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[1796] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[1796] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 012D29A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 012D1BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 012D1B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 012D1B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 012D1B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 012D1A92; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 012D28FE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 012D2961; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1908] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 012D1A0D; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe[2104] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe[2104] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe[2104] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe[2104] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe[2104] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE[2332] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE[2332] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE[2332] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE[2332] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE[2332] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\s1e1xr5f.exe[3048] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\s1e1xr5f.exe[3048] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\s1e1xr5f.exe[3048] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\s1e1xr5f.exe[3048] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\s1e1xr5f.exe[3048] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[3144] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[3144] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[3144] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[3144] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\notepad.exe[3144] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\OTL.exe[3836] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\OTL.exe[3836] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\OTL.exe[3836] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\OTL.exe[3836] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Lawrence\My Documents\Downloads\OTL.exe[3836] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Lawrence\ntuser.dll 25088 bytes executable
File C:\Documents and Settings\Lawrence\Start Menu\Programs\Startup\scandisk.dll 25088 bytes executable
File C:\Documents and Settings\Lawrence\Start Menu\Programs\Startup\scandisk.lnk 655 bytes
File C:\WINDOWS\system32\calc.dll 25088 bytes executable

---- EOF - GMER 1.0.15 ----


appreciate all the help that i can get!! thank you in advance!

Edited by lonpangit, 12 October 2009 - 07:59 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:48 AM

Posted 27 October 2009 - 12:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:48 AM

Posted 01 November 2009 - 04:17 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users