Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware and Mutiple Stealth Objects


  • This topic is locked This topic is locked
9 replies to this topic

#1 tdm9183

tdm9183

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 14 October 2009 - 08:06 PM

I have Registry Hives that will not unload through Spy Bot SD(search & destroy). They re-appear when you restart the program. Its possible that this was a result of downloading software from the internet. I have my registry log from SpyBot SD where I noticed Startup Entries had been changed pointing to a file in my Docs. & Settings folder. I can only have CPU functionality booting in safe mode or SM with networking, still with many pop-ups. In normal boot mode you have to start explorer.exe through Task Manager, and the CPU is maxed out at 100% with explorer.exe using almost all resources. Nothing will open and there are many system errors. The only System Restore point is today's Date, and It has shanged the System Time & Date.

Below, I have included my Registry Entries, DDS.txt, and Attach.txt.


!!!!!!!!!!!!!!FROM SPYBOT SD REGISTRY LOG!!!!!!!

Located: HK_CU:Run, A00F2AAEC.exe
where: S-1-5-21-1659004503-963894560-1801674531-1007...
command: C:\DOCUME~1\TROYDM~1\LOCALS~1\Temp\_A00F2AAEC.exe
file: C:\DOCUME~1\TROYDM~1\LOCALS~1\Temp\_A00F2AAEC.exe
size: 40448
MD5: 765CCDA3CC060C642FACAF7552CE68ED

Located: WinLogon, __c007F03A
command: C:\WINDOWS\system32\__c007F03A.dat
file: C:\WINDOWS\system32\__c007F03A.dat
size: 28160
MD5: 4B48D9496D35875B482C2A341EF6E2BD

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



!!!!!!!!!!!!!!!!!!!!!!!!!!DDS!!!!!!!!!!!!!!!!!!!!!!!!!!!


DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Troy D Mobley at 19:07:21.25 on Wed 10/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.584 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Troy D Mobley\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [A00F2AAEC.exe] c:\docume~1\troydm~1\locals~1\temp\_A00F2AAEC.exe
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207014635794
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: ace4902b684 - c:\windows\system32\cryptnet32.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: __c007F03A - c:\windows\system32\__c007F03A.dat
AppInit_DLLs: c:\windows\system32\cryptnet32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\troydm~1\applic~1\mozilla\firefox\profiles\erz876c0.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-9 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-9 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-9 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-16 329080]
S2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [2005-12-3 61440]
S2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "coldfusion mx 7 odbc agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
S2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "coldfusion mx 7 odbc server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe [2005-12-3 2732608]
S2 gupdate1c9741bb9a14424;Google Update Service (gupdate1c9741bb9a14424);c:\program files\google\update\GoogleUpdate.exe [2009-1-11 133104]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-9 117640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-19 24652]
S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\r75495\atixpgaa.sys [2009-1-28 11648]
S3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2007-9-7 513152]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\common files\intuit\fuse\service\Intuit Fuse Service.exe [2005-12-5 72704]
S3 Ldafpero;Ldafpero; [x]
S3 SNDP202;Dual Mode Camera 8008 VGA+;c:\windows\system32\drivers\sndp202.sys [2006-4-9 227072]
S4 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]

=============== Created Last 30 ================

2009-10-14 18:32 <DIR> --d----- C:\HJT
2009-10-14 18:22 25,600 a------- c:\windows\system32\__c002BD56.dat
2009-10-14 17:36 <DIR> --d----- c:\program files\Trend Micro
2009-10-14 17:24 25,600 a------- c:\windows\system32\__c007ABED.dat
2009-10-14 17:24 615 a------- c:\windows\system32\Axgpf.vbs
2009-10-01 23:21 28,160 -------- c:\windows\system32\apdhrjyj.kak
2009-09-30 13:22 0 a------- c:\windows\system32\2B.tmp
2009-09-30 13:22 0 a------- c:\windows\system32\2A.tmp
2009-09-30 12:25 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-29 22:48 28,160 -------- c:\windows\system32\__c007F03A.dat
2009-09-28 06:33 0 a------- c:\windows\system32\1752.tmp
2009-09-28 06:33 0 a------- c:\windows\system32\1751.tmp
2009-09-27 16:14 <DIR> --d----- c:\docume~1\troydm~1\applic~1\RGSystemFonts
2009-09-27 16:14 <DIR> --d----- c:\docume~1\troydm~1\applic~1\TagControl
2009-09-27 16:14 <DIR> --d----- c:\program files\Abander TagControl
2009-09-27 10:41 18,692 a------- c:\windows\GnuHashes.ini
2009-09-27 10:33 <DIR> --dsh--- c:\windows\system32\LocalService
2009-09-27 10:33 119,296 a------- c:\windows\system32\cryptnet32.dll

==================== Find3M ====================

2009-10-14 17:23 1,651 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-09-09 18:26 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-09 18:26 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-09-09 18:26 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-09 18:26 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-22 03:21 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2005-11-29 18:15 31,358,784 a------- c:\program files\NAV061200_2YR.exe
2008-12-09 07:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120920081210\index.dat

============= FINISH: 19:11:22.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:15 AM

Posted 15 October 2009 - 10:15 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll

  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tdm9183

tdm9183
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 15 October 2009 - 05:56 PM

AMalwarebytes' Anti-Malware 1.41
Database version: 2968
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/15/2009 6:17:55 PM
mbam-log-2009-10-15 (18-17-55).txt

Scan type: Quick Scan
Objects scanned: 144863
Time elapsed: 14 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c00A3409.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\7.tmp (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05c30402-666d-497d-890f-6717607004e7} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{05c30402-666d-497d-890f-6717607004e7} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00a3409 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ace4902b684 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f4b226.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\cryptnet32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\cryptnet32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fontsub32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A3409.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\7.tmp (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\_A00F4B226.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apdhrjyj.kak (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbedwpaa.mgo (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qiiwbadq.mox (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qthcdbll.gxs (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\1.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\4.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\afqlwcvs.oqy (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\_A00F2AAEC.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Temp\_A00F32934.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\306.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


OTL logfile created on: 10/15/2009 6:43:32 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Troy D Mobley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.21 Mb Total Physical Memory | 710.94 Mb Available Physical Memory | 69.48% Memory free
2.86 Gb Paging File | 2.71 Gb Available in Paging File | 94.91% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 41.68 Gb Free Space | 55.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSLAPTOP
Current User Name: Troy D Mobley
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/15 18:40:34 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy D Mobley\Desktop\OTL.exe
PRC - [2009/08/24 16:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Ldafpero [On_Demand | Stopped])
SRV - [2009/09/23 16:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2009/08/22 03:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/02/12 22:32:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9741bb9a14424 [Auto | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Auto | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/07/13 17:51:25 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV - [2006/06/29 13:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Stopped])
SRV - [2005/12/19 10:08:30 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (WLTRYSVC [Disabled | Stopped])
SRV - [2005/12/07 14:07:38 | 00,072,704 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe -- (Intuit Fuse Service [On_Demand | Stopped])
SRV - [2005/12/05 19:18:25 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/12/02 16:51:14 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2005/10/28 08:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device [Disabled | Stopped])
SRV - [2005/09/09 18:06:43 | 00,061,440 | ---- | M] (Macromedia Inc.) -- C:\CFusionMX7\runtime\bin\jrunsvc.exe -- (ColdFusion MX 7 Application Server [Auto | Stopped])
SRV - [2005/06/29 11:16:36 | 02,732,608 | ---- | M] (Verity, Inc.) -- C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe -- (ColdFusion MX 7 Search Server [Auto | Stopped])
SRV - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [On_Demand | Stopped])
SRV - [2003/12/22 17:42:06 | 00,393,216 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
SRV - [2003/10/02 16:37:26 | 00,118,853 | ---- | M] () -- C:\CFusionMX7\db\slserver54\bin\swstrtr.exe -- (ColdFusion MX 7 ODBC Server [Auto | Stopped])
SRV - [2003/10/02 16:37:24 | 00,733,253 | ---- | M] () -- C:\CFusionMX7\db\slserver54\bin\swagent.exe -- (ColdFusion MX 7 ODBC Agent [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [1999/12/12 13:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\S-1-5-21-1659004503-963894560-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.11
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7
FF - prefs.js..extensions.enabledItems: {e0fb9f6f-a5db-4809-8287-0c18860a8f7f}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/05 22:41:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 21:02:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/30 21:18:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/15 16:55:25 | 00,000,000 | ---D | M]

[2009/09/30 21:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Extensions
[2009/09/30 21:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/05 22:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/15 16:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions
[2009/10/01 16:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/14 18:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/15 16:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions\{e0fb9f6f-a5db-4809-8287-0c18860a8f7f}
[2009/10/15 16:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/15 16:55:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/30 20:37:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/30 20:39:25 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (344967 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11826 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingA3596] C:\WINDOWS\System32\command.com ()
O4 - HKLM..\RunOnce: [SpybotDeletingC2584] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007..\RunOnce: [SpybotDeletingB3392] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007..\RunOnce: [SpybotDeletingD271] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} Reg Error: Value error. (Scanner.SysScanner)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} Reg Error: Value error. (MySpace Uploader Control)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} Reg Error: Value error. (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1207014635794 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} Reg Error: Value error. (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Reg Error: Value error. (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\cryptnet32.dll) - C:\WINDOWS\System32\cryptnet32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ace4902b684: DllName - C:\WINDOWS\System32\cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/29 17:28:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cba0afd-51f2-11dd-a458-000f1f0c02e6}\Shell - "" = AutoRun
O33 - MountPoints2\{0cba0afd-51f2-11dd-a458-000f1f0c02e6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0cba0afd-51f2-11dd-a458-000f1f0c02e6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{11c3710f-9da8-11de-a511-00904b760f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{11c3710f-9da8-11de-a511-00904b760f6a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11c3710f-9da8-11de-a511-00904b760f6a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{61eb4a30-9151-11db-a283-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{61eb4a30-9151-11db-a283-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61eb4a30-9151-11db-a283-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{61eb4a31-9151-11db-a283-00038a000015}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\{75efeb14-76dc-11dc-a397-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{75efeb14-76dc-11dc-a397-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75efeb14-76dc-11dc-a397-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dee48666-3dfc-11dc-a351-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprecovr) - File not found
O34 - HKLM BootExecute: (\SystemRoot\sprecovr.txt) - C:\WINDOWS\sprecovr.txt File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[2009/10/15 17:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/15 16:55:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/15 17:12:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy D Mobley\Application Data\Malwarebytes
[2009/10/15 00:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/15 17:11:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/15 16:55:22 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/10/14 17:36:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/15 18:40:33 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Troy D Mobley\Desktop\OTL.exe
[2009/10/15 17:11:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/15 17:11:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/15 17:10:16 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Troy D Mobley\Desktop\mbam-setup.exe
[2009/10/14 23:19:24 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/14 19:38:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/14 18:32:42 | 00,000,000 | ---D | C] -- C:\HJT
[2009/09/09 18:26:35 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symtdi.sys
[2009/09/09 18:26:35 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndisv.sys
[2009/09/09 18:26:34 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symfw.sys
[2009/09/09 18:26:34 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndis.sys
[2009/09/09 18:26:34 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symids.sys
[2009/09/09 18:26:33 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.sys
[2009/09/09 18:26:31 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.sys
[2009/09/09 18:26:29 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.sys
[2009/09/09 18:26:28 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
[2009/09/09 18:22:57 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/09/09 18:22:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009/06/09 22:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2006/05/16 21:23:43 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/05/16 21:23:41 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[2006/05/16 21:23:41 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/05/16 21:23:40 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/05/16 21:23:40 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/05/16 21:23:39 | 00,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/05/16 21:23:39 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/05/16 21:23:38 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/05/16 21:23:38 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/04/29 06:07:48 | 00,290,816 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.WMPLib.dll
[2005/11/29 12:06:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2005/11/29 12:06:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn

========== Files - Modified Within 14 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/15 18:40:34 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy D Mobley\Desktop\OTL.exe
[2009/10/15 18:38:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/15 18:20:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 17:12:02 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 17:10:26 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Troy D Mobley\Desktop\mbam-setup.exe
[2009/10/15 17:08:56 | 00,003,009 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684P.manifest
[2009/10/15 16:53:03 | 00,000,722 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684O.manifest
[2009/10/15 16:52:54 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\FYiuX.vbs
[2009/10/15 16:49:24 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684C.manifest
[2009/10/15 16:48:55 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684S.manifest
[2009/10/15 00:53:05 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/10/15 00:52:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/15 00:52:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 00:42:32 | 00,001,355 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/14 21:33:28 | 00,344,967 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/14 17:36:02 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\Troy D Mobley\Desktop\HijackThis.lnk
[2009/10/01 23:37:29 | 00,336,129 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091014-213328.backup
[2009/10/01 23:35:27 | 00,001,879 | ---- | M] () -- C:\Documents and Settings\Troy D Mobley\Desktop\Spybot - Search & Destroy.lnk

========== Files - No Company Name ==========
[2009/10/15 17:12:02 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 16:52:54 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\FYiuX.vbs
[2009/10/14 21:33:28 | 00,336,129 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091014-213328.backup
[2009/10/14 17:36:02 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Desktop\HijackThis.lnk
[2009/10/01 23:37:29 | 00,336,129 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091001-233728.backup
[2009/09/30 12:25:58 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/28 18:05:41 | 00,332,069 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090928-180541.backup
[2009/09/27 10:33:24 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684C.manifest
[2009/09/27 10:33:24 | 00,000,722 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684O.manifest
[2009/09/27 10:33:24 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684S.manifest
[2009/09/27 10:33:23 | 00,003,009 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684P.manifest
[2009/09/21 22:23:18 | 00,330,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090921-222318.backup
[2009/09/09 21:23:35 | 00,687,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/09/09 20:24:37 | 00,298,088 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090909-202437.backup
[2009/09/09 18:26:35 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.cat
[2009/09/09 18:26:35 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.inf
[2009/09/09 18:26:33 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.inf
[2009/09/09 18:26:32 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.cat
[2009/09/09 18:26:30 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.cat
[2009/09/09 18:26:30 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.inf
[2009/09/09 18:26:29 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.cat
[2009/09/09 18:26:29 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.inf
[2009/09/09 18:26:28 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\bhdrvx86.cat
[2009/09/09 18:26:28 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.cat
[2009/09/09 18:26:28 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.inf
[2009/09/09 18:26:28 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.inf
[2009/09/09 18:22:33 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/09/09 18:22:33 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/09/09 18:22:32 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 17:22:39 | 00,003,012 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\ace4902b684P.manifest
[2009/06/01 17:22:39 | 00,001,858 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\ace4902b684C.manifest
[2009/03/02 21:01:23 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/03/02 21:01:10 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2009/02/22 19:04:34 | 00,291,610 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090222-180434.backup
[2009/02/10 23:49:38 | 00,291,610 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090210-224938.backup
[2009/02/07 22:09:33 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
[2009/02/07 22:09:33 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2009/02/07 22:00:44 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2009/02/07 21:40:31 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01007.Wdf
[2009/02/07 21:40:27 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/01/28 22:32:06 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/01/28 22:27:55 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/28 22:27:54 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/09 20:49:20 | 00,266,714 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090109-194920.backup
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/02 23:07:53 | 00,228,449 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081002-230753.backup
[2008/07/29 21:52:36 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/07/29 21:51:01 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/07/22 22:13:06 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\$_hpcst$.hpc
[2008/03/17 18:25:24 | 00,227,676 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080317-182524.backup
[2008/03/03 23:09:06 | 00,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080303-220906.backup
[2008/02/07 00:17:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/17 00:32:38 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01005.Wdf
[2008/01/17 00:32:32 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2007/12/27 22:31:22 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\fusioncache.dat
[2007/12/17 00:23:24 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\WavCodec.wff
[2007/07/05 18:40:19 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/06/04 23:09:30 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/04 00:18:50 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_INS_XPS.MRK
[2007/01/11 21:48:29 | 00,169,984 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2007/01/11 21:48:29 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2006/05/16 21:24:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/05/16 21:23:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/05/16 21:23:42 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/05/16 21:23:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/05/16 21:23:36 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/05/16 21:23:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/05/16 21:23:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/05/16 21:23:33 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/05/16 21:23:33 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/05/16 21:23:31 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/05/11 22:58:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/18 19:22:33 | 00,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2006/04/16 16:21:26 | 00,536,576 | R--- | C] () -- C:\WINDOWS\mcs_core.dll
[2006/04/16 16:21:26 | 00,147,456 | R--- | C] () -- C:\WINDOWS\mcs_vfw.dll
[2006/04/16 16:21:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\HAJEInstall.dll
[2006/04/09 03:14:17 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2006/04/09 03:01:09 | 00,000,458 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/04/09 02:49:57 | 00,339,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\gt892xv.sys
[2006/04/09 02:49:57 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\gjpg.dll
[2006/04/09 02:48:20 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\sndp2022.dll
[2006/04/09 02:48:20 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\sndp2023.dll
[2006/04/09 02:48:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\dsndp202.dll
[2006/04/09 02:48:20 | 00,015,598 | ---- | C] () -- C:\WINDOWS\sndp202.ini
[2006/04/09 02:48:19 | 00,227,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndp202.sys
[2006/04/09 02:48:19 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsndp202.dll
[2006/03/24 01:39:00 | 00,000,051 | ---- | C] () -- C:\WINDOWS\mix-fx.ini
[2006/03/05 23:53:20 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/03/04 02:09:51 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006/03/03 22:38:42 | 00,000,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2006/02/28 21:06:52 | 03,667,476 | -H-- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\IconCache.db
[2006/02/28 00:21:32 | 00,188,416 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/27 22:36:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\desktop.ini
[2006/02/27 12:08:54 | 00,002,427 | ---- | C] () -- C:\WINDOWS\Baswty05.ini
[2006/02/27 12:08:22 | 00,002,498 | ---- | C] () -- C:\WINDOWS\Baswty04.ini
[2006/02/27 12:07:54 | 00,003,489 | ---- | C] () -- C:\WINDOWS\Prowty05.ini
[2005/12/19 19:22:58 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/12/08 20:12:35 | 00,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/12/08 20:12:35 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/12/08 20:12:35 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2005/12/08 20:12:35 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/12/08 20:12:33 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/12/08 20:12:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2005/12/07 14:40:01 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2005/12/07 14:40:00 | 00,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2005/12/07 14:33:48 | 00,000,103 | ---- | C] () -- C:\WINDOWS\ProTSKSCH05.INI
[2005/12/07 14:17:03 | 00,000,038 | ---- | C] () -- C:\WINDOWS\SelecPrd.INI
[2005/12/01 14:38:40 | 00,140,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/11/30 10:30:08 | 00,000,672 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 10:09:12 | 00,001,355 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/29 18:15:37 | 31,358,784 | ---- | C] () -- C:\Program Files\NAV061200_2YR.exe
[2005/11/29 17:52:49 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2005/11/29 12:14:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/06/11 12:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/02/03 21:59:44 | 02,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll
[2004/08/12 09:33:16 | 00,001,020 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/12 09:30:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/12 09:28:10 | 00,007,116 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\services
[2004/08/12 09:26:34 | 00,000,799 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2004/08/12 09:24:45 | 00,000,407 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\networks
[2004/08/12 09:21:11 | 00,003,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam
[2004/08/12 09:19:39 | 00,344,967 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2004/08/12 09:19:24 | 03,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2003/12/22 15:40:06 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/11/20 17:39:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/01 19:45:50 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL

========== LOP Check ==========

[2009/10/15 17:11:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/23 11:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/19 21:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/02/06 23:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/06/09 22:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/03/04 20:56:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/01/28 22:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/06/09 22:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/07/05 18:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/03/02 21:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2005/12/02 16:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2007/12/17 00:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/09 22:26:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/06/09 22:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2006/02/27 23:33:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/02/27 22:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/04/18 22:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/04/18 22:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/03/19 21:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/12 22:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2005/11/29 12:14:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/02/06 23:07:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dick Lavoie\Application Data
[2006/01/16 11:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dick Lavoie\Application Data\TextPad
[2006/02/27 22:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dick Lavoie\Application Data\You've Got Pictures Screensaver
[2009/06/09 22:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/02/22 19:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/02/06 23:07:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rhonda Mobley\Application Data
[2006/03/08 21:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Mobley\Application Data\Intuit
[2009/06/09 22:16:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\T- Mob\Application Data
[2008/01/22 13:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\.clamwin
[2008/01/22 14:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\BearShare
[2008/01/22 16:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\CyberLink
[2007/09/17 21:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\Intuit
[2009/10/15 17:12:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data
[2009/06/01 22:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\.clamwin
[2009/03/19 21:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\acccore
[2008/01/13 19:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Aquatica Azure
[2007/02/10 19:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Autodesk
[2008/10/01 18:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\BitZipper
[2006/03/10 20:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\CyberLink
[2009/02/10 23:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\DNA
[2009/05/22 17:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\GARMIN
[2007/07/05 18:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Intuit
[2006/03/14 18:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Leadertech
[2009/06/01 22:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\LimeWire
[2006/03/14 18:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\NCH Swift Sound
[2006/02/27 23:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\NetMedia Providers
[2006/03/16 20:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Opera
[2006/02/27 23:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Publish Providers
[2006/03/14 18:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\RecordPad
[2009/09/27 16:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\RGSystemFonts
[2007/12/16 23:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Ringtone
[2006/04/24 21:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\SmartDraw
[2009/03/02 23:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Smith Micro
[2009/09/27 19:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\TagControl
[2006/04/23 19:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\TextPad
[2006/04/09 03:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Thalia
[2009/09/19 19:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\U3
[2006/04/16 16:27:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Ulead Systems
[2009/01/08 18:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Viewpoint
[2006/03/03 14:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\You've Got Pictures Screensaver
[2009/10/01 08:57:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/12 09:23:47 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/15 00:52:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/01 16:20:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/15 00:53:05 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/10/15 00:52:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >
[2006/02/27 22:10:23 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[11 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[11 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


OTL Extras logfile created on: 10/15/2009 6:43:32 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Troy D Mobley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.21 Mb Total Physical Memory | 710.94 Mb Available Physical Memory | 69.48% Memory free
2.86 Gb Paging File | 2.71 Gb Available in Paging File | 94.91% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 41.68 Gb Free Space | 55.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSLAPTOP
Current User Name: Troy D Mobley
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Disabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Disabled:TCP Port 5020
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Disabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Disabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Disabled:@xpsp2res.dll,-22017
"10244:TCP" = 10244:TCP:LocalSubNet:Disabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Disabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Disabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Disabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Disabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Disabled:Zune Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\BearFlix\bearflix.exe" = C:\Program Files\BearFlix\bearflix.exe:*:Disabled:BearFlix -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdPSWX.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdPSWX.EXE:*:Disabled:Dell 944 Printer Status -- ()
"C:\WINDOWS\system32\dlcdcoms.exe" = C:\WINDOWS\system32\dlcdcoms.exe:*:Disabled:Dell 944 Server -- ( )
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Disabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Disabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Disabled:MySpaceIM -- ()
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178B87CB-78D5-4FC6-8866-591808F19849}" = Microsoft Office Specialist Study Guide--Office 2003 Edition
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MyODBC
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{47813E93-F2A0-484A-838E-47EC1B28D190}" = Adobe Stock Photos 1.0
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{913A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Standard 2002
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A42B2F5C-B523-4358-93A9-55F1620C2652}" = SC130
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BC467935-A9A5-4D0F-BD89-94F36CDF0524}" = Adobe Stock Photos 1.0
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E85397AD-D60E-4141-82E6-FAA312A09271}" = Dual Mode Camera 8008 VGA+
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.57
"Abander TagControl" = Abander TagControl
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AviSynth" = AviSynth 2.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.2
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ExpressBurn" = Express Burn
"FixTunes" = FixTunes (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"LimeWire" = LimeWire PRO 5.1.2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"RealPlayer 6.0" = RealPlayer Basic
"Registry Mechanic_is1" = Registry Mechanic 5.0
"Sliding Spectrogram_is1" = Sliding Spectrogram v0.1b
"StationRipper" = StationRipper 2.91D
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"Uninstall Macromedia ColdFusion MX 7" = Macromedia ColdFusion MX 7
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod Converter" = Videora iPod Converter 3.07
"ViewpointMediaPlayer" = Viewpoint Media Player
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIDI Recognition System Pro 3.0" = WIDI Recognition System Pro 3.0 (remove only)
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"ZENcast Organizer" = ZENcast Organizer
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2009 5:45:34 PM | Computer Name = XPSLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_29_0_1004.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2009 5:45:45 PM | Computer Name = XPSLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_29_0_1004.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2009 6:14:52 PM | Computer Name = XPSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x77124ba2.

Error - 10/14/2009 6:14:55 PM | Computer Name = XPSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x01ab135a.

Error - 10/14/2009 6:15:44 PM | Computer Name = XPSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 2.0.0.2, faulting module
unknown, version 0.0.0.0, fault address 0x78131ae4.

Error - 10/14/2009 7:10:07 PM | Computer Name = XPSLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_29_0_1004.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2009 7:40:24 PM | Computer Name = XPSLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_29_0_1004.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2009 10:32:24 PM | Computer Name = XPSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x77124ba2.

Error - 10/15/2009 12:27:50 AM | Computer Name = XPSLAPTOP | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007043c: InitEventCollector fail

Error - 10/15/2009 5:01:54 PM | Computer Name = XPSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x77124ba2.

[ System Events ]
Error - 10/15/2009 4:55:27 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service getPlusHelper
with arguments "" in order to run the server: {E48FEF78-2125-4D1D-B8D8-C30D2286E1D1}

Error - 10/15/2009 4:55:27 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service getPlusHelper
with arguments "" in order to run the server: {E48FEF78-2125-4D1D-B8D8-C30D2286E1D1}

Error - 10/15/2009 4:55:36 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/15/2009 4:55:56 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/15/2009 4:55:57 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/15/2009 5:10:30 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2009 6:18:11 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2009 6:18:59 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/15/2009 6:22:00 PM | Computer Name = XPSLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm SRTSPX SYMTDI

Error - 10/15/2009 6:38:45 PM | Computer Name = XPSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:15 AM

Posted 16 October 2009 - 09:18 AM

Please uninstall these programs:

Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 6



================



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\ace4902b684: DllName - C:\WINDOWS\System32\cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\cryptnet32.dll) - C:\WINDOWS\System32\cryptnet32.dll File not found
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - No CLSID value found.
    
    :Files
    C:\WINDOWS\System32\FYiuX.vbs
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp 
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


=====================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 tdm9183

tdm9183
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 16 October 2009 - 11:33 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ace4902b684\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\cryptnet32.dll scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}\ not found.
========== FILES ==========
C:\WINDOWS\System32\FYiuX.vbs moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET158.tmp moved successfully.
C:\WINDOWS\System32\SET3B.tmp moved successfully.
C:\WINDOWS\System32\SET54.tmp moved successfully.
C:\WINDOWS\System32\SET60.tmp moved successfully.
C:\WINDOWS\System32\SET69.tmp moved successfully.
C:\WINDOWS\System32\SET6A.tmp moved successfully.
C:\WINDOWS\System32\SET6B.tmp moved successfully.
C:\WINDOWS\System32\SET6E.tmp moved successfully.
C:\WINDOWS\System32\setb0.tmp moved successfully.
C:\WINDOWS\System32\SETD.tmp moved successfully.
C:\WINDOWS\003171_.tmp moved successfully.
C:\WINDOWS\DUMP4371.tmp moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Dick Lavoie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 90470140 bytes
->Java cache emptied: 1537200 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2969005 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 864898 bytes

User: Rhonda Mobley
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 46450437 bytes

User: T- Mob
->Temp folder emptied: 7976 bytes
->Temporary Internet Files folder emptied: 6779553 bytes

User: Troy D Mobley
->Temp folder emptied: 15582429 bytes
File delete failed. C:\Documents and Settings\Troy D Mobley\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 76450984 bytes
->Java cache emptied: 24030554 bytes
File delete failed. C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 48325990 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\1968 scheduled to be deleted on reboot.
Windows Temp folder emptied: 98787 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 299.07 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10162009_223729

Files\Folders moved on Reboot...
C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\Mozilla\Firefox\Profiles\erz876c0.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\hsperfdata_SYSTEM\1968 not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\cryptnet32.dll scheduled to be deleted on reboot.






OTL logfile created on: 10/16/2009 10:49:22 PM - Run 3
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Troy D Mobley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.21 Mb Total Physical Memory | 699.68 Mb Available Physical Memory | 68.38% Memory free
2.86 Gb Paging File | 2.71 Gb Available in Paging File | 94.77% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 42.07 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSLAPTOP
Current User Name: Troy D Mobley
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/15 18:40:34 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy D Mobley\Desktop\OTL.exe
PRC - [2009/08/24 16:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Ldafpero [On_Demand | Stopped])
SRV - [2009/08/22 03:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/02/12 22:32:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9741bb9a14424 [Auto | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Auto | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/07/13 17:51:25 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV - [2006/06/29 13:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Stopped])
SRV - [2005/12/19 10:08:30 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (WLTRYSVC [Disabled | Stopped])
SRV - [2005/12/07 14:07:38 | 00,072,704 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe -- (Intuit Fuse Service [On_Demand | Stopped])
SRV - [2005/12/05 19:18:25 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/12/02 16:51:14 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2005/10/28 08:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device [Disabled | Stopped])
SRV - [2005/09/09 18:06:43 | 00,061,440 | ---- | M] (Macromedia Inc.) -- C:\CFusionMX7\runtime\bin\jrunsvc.exe -- (ColdFusion MX 7 Application Server [Auto | Stopped])
SRV - [2005/06/29 11:16:36 | 02,732,608 | ---- | M] (Verity, Inc.) -- C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe -- (ColdFusion MX 7 Search Server [Auto | Stopped])
SRV - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [On_Demand | Stopped])
SRV - [2003/12/22 17:42:06 | 00,393,216 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
SRV - [2003/10/02 16:37:26 | 00,118,853 | ---- | M] () -- C:\CFusionMX7\db\slserver54\bin\swstrtr.exe -- (ColdFusion MX 7 ODBC Server [Auto | Stopped])
SRV - [2003/10/02 16:37:24 | 00,733,253 | ---- | M] () -- C:\CFusionMX7\db\slserver54\bin\swagent.exe -- (ColdFusion MX 7 ODBC Agent [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [1999/12/12 13:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 04 C3 05 6D 66 7D 49 89 0F 67 17 60 70 04 E7 [binary data]
IE - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\S-1-5-21-1659004503-963894560-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.11
FF - prefs.js..extensions.enabledItems: {e0fb9f6f-a5db-4809-8287-0c18860a8f7f}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/05 22:41:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 21:02:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/30 21:18:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/16 22:02:48 | 00,000,000 | ---D | M]

[2009/09/30 21:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Extensions
[2009/09/30 21:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/05 22:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/16 22:35:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions
[2009/10/01 16:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/14 18:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/15 16:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\mozilla\Firefox\Profiles\erz876c0.default\extensions\{e0fb9f6f-a5db-4809-8287-0c18860a8f7f}
[2009/10/15 16:55:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/30 20:37:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/30 20:39:25 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (344967 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11826 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Troy D Mobley\Desktop\OTL.exe (OldTimer Tools)
O4 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007..\RunOnce: [SpybotDeletingB3392] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007..\RunOnce: [SpybotDeletingD271] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} Reg Error: Value error. (Scanner.SysScanner)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} Reg Error: Value error. (MySpace Uploader Control)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} Reg Error: Value error. (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1207014635794 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} Reg Error: Value error. (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Reg Error: Value error. (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1659004503-963894560-1801674531-1007 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/29 17:28:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cba0afd-51f2-11dd-a458-000f1f0c02e6}\Shell - "" = AutoRun
O33 - MountPoints2\{0cba0afd-51f2-11dd-a458-000f1f0c02e6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0cba0afd-51f2-11dd-a458-000f1f0c02e6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{11c3710f-9da8-11de-a511-00904b760f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{11c3710f-9da8-11de-a511-00904b760f6a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11c3710f-9da8-11de-a511-00904b760f6a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{61eb4a30-9151-11db-a283-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{61eb4a30-9151-11db-a283-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61eb4a30-9151-11db-a283-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{61eb4a31-9151-11db-a283-00038a000015}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\{75efeb14-76dc-11dc-a397-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{75efeb14-76dc-11dc-a397-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75efeb14-76dc-11dc-a397-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dee48666-3dfc-11dc-a351-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprecovr) - File not found
O34 - HKLM BootExecute: (\SystemRoot\sprecovr.txt) - C:\WINDOWS\sprecovr.txt File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/15 17:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 22:11:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/15 17:12:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy D Mobley\Application Data\Malwarebytes
[2009/10/16 22:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy D Mobley\Application Data\SUPERAntiSpyware.com
[2009/10/15 00:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/15 17:11:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 22:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/14 17:36:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/16 22:37:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/16 22:11:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/15 18:40:33 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Troy D Mobley\Desktop\OTL.exe
[2009/10/15 17:11:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/15 17:11:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/15 17:10:16 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Troy D Mobley\Desktop\mbam-setup.exe
[2009/10/14 23:19:24 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/14 19:38:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/14 18:32:42 | 00,000,000 | ---D | C] -- C:\HJT
[2006/05/16 21:23:43 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/05/16 21:23:41 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[2006/05/16 21:23:41 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/05/16 21:23:40 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/05/16 21:23:40 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/05/16 21:23:39 | 00,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/05/16 21:23:39 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/05/16 21:23:38 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/05/16 21:23:38 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/04/29 06:07:48 | 00,290,816 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.WMPLib.dll

========== Files - Modified Within 14 Days ==========

[2009/10/16 22:46:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/16 22:45:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/16 22:20:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/16 22:16:32 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/10/16 22:16:31 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/16 22:16:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/16 22:10:47 | 00,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/16 21:56:03 | 00,528,758 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 21:56:03 | 00,446,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 21:56:03 | 00,072,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/16 21:47:57 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 18:40:34 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy D Mobley\Desktop\OTL.exe
[2009/10/15 17:12:02 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 17:10:26 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Troy D Mobley\Desktop\mbam-setup.exe
[2009/10/15 17:08:56 | 00,003,009 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684P.manifest
[2009/10/15 16:53:03 | 00,000,722 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684O.manifest
[2009/10/15 16:49:24 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684C.manifest
[2009/10/15 16:48:55 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684S.manifest
[2009/10/15 00:42:32 | 00,001,355 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/14 21:33:28 | 00,344,967 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/14 17:36:02 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\Troy D Mobley\Desktop\HijackThis.lnk

========== Files - No Company Name ==========
[2009/10/16 22:10:47 | 00,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/15 17:12:02 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 17:36:02 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Desktop\HijackThis.lnk
[2009/09/27 10:33:24 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684C.manifest
[2009/09/27 10:33:24 | 00,000,722 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684O.manifest
[2009/09/27 10:33:24 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684S.manifest
[2009/09/27 10:33:23 | 00,003,009 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\02000000f4868d12684P.manifest
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 17:22:39 | 00,003,012 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\ace4902b684P.manifest
[2009/06/01 17:22:39 | 00,001,858 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\ace4902b684C.manifest
[2009/01/28 22:32:06 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/01/28 22:27:55 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/28 22:27:54 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/22 22:13:06 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\$_hpcst$.hpc
[2008/02/07 00:17:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/27 22:31:22 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\fusioncache.dat
[2007/12/17 00:23:24 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\WavCodec.wff
[2007/07/05 18:40:19 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/06/04 23:09:30 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/11 21:48:29 | 00,169,984 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2007/01/11 21:48:29 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2006/05/16 21:24:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/05/16 21:23:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/05/16 21:23:42 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/05/16 21:23:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/05/16 21:23:36 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/05/16 21:23:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/05/16 21:23:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/05/16 21:23:33 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/05/16 21:23:33 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/05/16 21:23:31 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/05/11 22:58:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/18 19:22:33 | 00,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2006/04/16 16:21:26 | 00,536,576 | R--- | C] () -- C:\WINDOWS\mcs_core.dll
[2006/04/16 16:21:26 | 00,147,456 | R--- | C] () -- C:\WINDOWS\mcs_vfw.dll
[2006/04/16 16:21:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\HAJEInstall.dll
[2006/04/09 03:14:17 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2006/04/09 03:01:09 | 00,000,458 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/04/09 02:49:57 | 00,339,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\gt892xv.sys
[2006/04/09 02:49:57 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\gjpg.dll
[2006/04/09 02:48:20 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\sndp2022.dll
[2006/04/09 02:48:20 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\sndp2023.dll
[2006/04/09 02:48:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\dsndp202.dll
[2006/04/09 02:48:20 | 00,015,598 | ---- | C] () -- C:\WINDOWS\sndp202.ini
[2006/04/09 02:48:19 | 00,227,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndp202.sys
[2006/04/09 02:48:19 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsndp202.dll
[2006/03/24 01:39:00 | 00,000,051 | ---- | C] () -- C:\WINDOWS\mix-fx.ini
[2006/03/05 23:53:20 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/03/04 02:09:51 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006/02/28 21:06:52 | 03,667,476 | -H-- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\IconCache.db
[2006/02/28 00:21:32 | 00,188,416 | ---- | C] () -- C:\Documents and Settings\Troy D Mobley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/27 22:36:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Troy D Mobley\Application Data\desktop.ini
[2006/02/27 12:08:54 | 00,002,427 | ---- | C] () -- C:\WINDOWS\Baswty05.ini
[2006/02/27 12:08:22 | 00,002,498 | ---- | C] () -- C:\WINDOWS\Baswty04.ini
[2006/02/27 12:07:54 | 00,003,489 | ---- | C] () -- C:\WINDOWS\Prowty05.ini
[2005/12/19 19:22:58 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/12/08 20:12:35 | 00,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/12/08 20:12:35 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/12/08 20:12:35 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2005/12/08 20:12:35 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/12/08 20:12:33 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/12/08 20:12:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2005/12/07 14:40:01 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2005/12/07 14:40:00 | 00,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2005/12/07 14:33:48 | 00,000,103 | ---- | C] () -- C:\WINDOWS\ProTSKSCH05.INI
[2005/12/07 14:17:03 | 00,000,038 | ---- | C] () -- C:\WINDOWS\SelecPrd.INI
[2005/12/01 14:38:40 | 00,140,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/11/30 10:30:08 | 00,000,672 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 10:09:12 | 00,001,355 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/29 18:15:37 | 31,358,784 | ---- | C] () -- C:\Program Files\NAV061200_2YR.exe
[2005/11/29 17:52:49 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2005/11/29 12:14:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/06/11 12:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/02/03 21:59:44 | 02,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll
[2004/08/12 09:33:16 | 00,001,020 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/12 09:30:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/12/22 15:40:06 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/11/20 17:39:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/01 19:45:50 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL

========== LOP Check ==========

[2009/10/16 22:11:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/23 11:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/19 21:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/02/06 23:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/06/09 22:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/03/04 20:56:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/01/28 22:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/06/09 22:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/07/05 18:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/03/02 21:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2005/12/02 16:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2007/12/17 00:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/09 22:26:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/06/09 22:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2006/02/27 23:33:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/02/27 22:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/04/18 22:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/04/18 22:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/10/16 21:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/12 22:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2005/11/29 12:14:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/02/06 23:07:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dick Lavoie\Application Data
[2006/01/16 11:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dick Lavoie\Application Data\TextPad
[2006/02/27 22:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dick Lavoie\Application Data\You've Got Pictures Screensaver
[2009/06/09 22:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/02/22 19:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/02/06 23:07:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rhonda Mobley\Application Data
[2006/03/08 21:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Mobley\Application Data\Intuit
[2009/10/16 22:10:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\T- Mob\Application Data
[2008/01/22 13:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\.clamwin
[2008/01/22 14:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\BearShare
[2008/01/22 16:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\CyberLink
[2007/09/17 21:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T- Mob\Application Data\Intuit
[2009/10/16 22:27:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data
[2009/06/01 22:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\.clamwin
[2009/03/19 21:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\acccore
[2008/01/13 19:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Aquatica Azure
[2007/02/10 19:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Autodesk
[2008/10/01 18:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\BitZipper
[2006/03/10 20:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\CyberLink
[2009/02/10 23:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\DNA
[2009/05/22 17:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\GARMIN
[2007/07/05 18:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Intuit
[2006/03/14 18:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Leadertech
[2009/06/01 22:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\LimeWire
[2006/03/14 18:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\NCH Swift Sound
[2006/02/27 23:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\NetMedia Providers
[2006/03/16 20:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Opera
[2006/02/27 23:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Publish Providers
[2006/03/14 18:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\RecordPad
[2009/09/27 16:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\RGSystemFonts
[2007/12/16 23:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Ringtone
[2006/04/24 21:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\SmartDraw
[2009/03/02 23:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Smith Micro
[2009/09/27 19:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\TagControl
[2006/04/23 19:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\TextPad
[2006/04/09 03:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Thalia
[2009/09/19 19:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\U3
[2006/04/16 16:27:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\Ulead Systems
[2006/03/03 14:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Troy D Mobley\Application Data\You've Got Pictures Screensaver
[2009/10/01 08:57:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/12 09:23:47 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/16 22:16:31 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/16 22:20:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/16 22:16:32 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/10/16 22:16:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16827 (vista_gdr.090226-1506)
# OnlineScanner.ocx=1.0.0.6208
# api_version=3.0.2
# EOSSerial=4e4e31715888284487d2f78c9bde8d1b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-17 04:25:58
# local_time=2009-10-17 12:25:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 106322 106322 0 0
# compatibility_mode=2817 16777215 100 100 10053333 10917993 0 0
# compatibility_mode=3839 16777215 0 0 0 0 0 0
# compatibility_mode=4351 16777215 0 0 0 0 0 0
# compatibility_mode=5890 16777214 0 0 0 0 0 0
# compatibility_mode=8447 16777215 0 0 0 0 0 0
# compatibility_mode=9217 16777214 0 0 0 0 0 0
# scanned=142934
# found=3
# cleaned=3
# scan_time=4678
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091014-175951-213.dll a variant of Win32/Kryptik.AVM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10162009_223729\WINDOWS\System32\FYiuX.vbs VBS/Disabler.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:15 AM

Posted 17 October 2009 - 07:34 AM

Looks much better. How is your computer behaving now?
Go ahead and reboot into normal mode and let me know what issues you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 tdm9183

tdm9183
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 October 2009 - 09:30 PM

I started in normal mode and command32.exe opened and ran also so did cmd.exe. Spybot picked up all the Registry entries and I allowed them to be deleted. (startup entries: command32.exe and cmd.exe, also the ace4902b684P.exe) It also said Windows Recovered from a Fatal Error, would you like to send a Error Report, then Blue Screened(crashed) with this message.
"DRIVER_IRQL_NOT_LESS_OR_EQUAL STOP: 0x000000D1 ( 0x000004F0, 0x00000002, 0x00000000, 0xECC8E6DL) ADDRESS: ECC8E6DL bast at ECC6500 datestamp: 4AA0C1A8. Beginning dump of Physical Memory.

After that I rebooted, Windows loaded normally, I attempted to uninstall some unwanted software and Windows said Windows Installer Service could not be accessed. This could happen if you are running Windows in SAFE MODE. So I updated the Windows Installer from Microsoft.com & rebooted and it provided no help. It seems Windows is stuck in SAFE MODE(including the classic style task bar which you cant change back to XP themes) without saying SAFE MODE in the corners.


I have ran CheckDisk and these are the results:

Checking file system on C:
The type of the file system is NTFS.
Volume label is Local Hard Drive.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 2011 unused index entries from index $SII of file 0x9.
Cleaning up 2011 unused index entries from index $SDH of file 0x9.
Cleaning up 2011 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0xa25ca3000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xa25ca5000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0xa25cf6000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xa25cf7000 for 0x1000 bytes.
Windows replaced bad clusters in file 106543
of name \RECYCLER\S-1-5-~2\Dc25\Comedy\DAVECH~1.MP4.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Adding 2 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

78108029 KB total disk space.
26160644 KB in 117675 files.
45084 KB in 12826 indexes.
8 KB in bad sectors.
298213 KB in use by the system.
65536 KB occupied by the log file.
51604080 KB available on disk.

4096 bytes in each allocation unit.
19527007 total allocation units on disk.
12901020 allocation units available on disk.

Internal Info:
c0 72 03 00 d1 fd 01 00 c1 f6 02 00 00 00 00 00 .r..............
8c 01 00 00 02 00 00 00 3a 10 00 00 00 00 00 00 ........:.......
fc ad 9d 0d 00 00 00 00 96 95 bf 82 00 00 00 00 ................
22 1a d0 2a 00 00 00 00 1a d5 14 51 05 00 00 00 "..*.......Q....
18 6f 54 f7 04 00 00 00 ee 8b 1e 0c 0b 00 00 00 .oT.............
20 cb 26 ca 00 00 00 00 98 38 07 00 ab cb 01 00 .&......8......
00 00 00 00 00 10 b8 3c 06 00 00 00 1a 32 00 00 .......<.....2..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I'm trying to locate the Recovery CD and Format. I have saved all the files I wanted onto an external HD. And I'm ready to start from square one unless you have any suggestions.

I thank you for your time very much.

Troy

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:15 AM

Posted 20 October 2009 - 07:13 AM

You've definitely got some issues, although I don't think at this point they're related to malware. If you're ready for a format and clean install, here's an excellent guide to follow.

http://web.mit.edu/ist/products/winxp/adva...all-format.html
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 tdm9183

tdm9183
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 20 October 2009 - 07:20 PM

Thank You very much for your time and dedication towards my issues.


Sincerely,
Troy

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:15 AM

Posted 21 October 2009 - 08:04 AM

Glad I could help. :(

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users