Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log: Please help diagnose


  • This topic is locked This topic is locked
26 replies to this topic

#1 Sean Vanner

Sean Vanner

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 17 March 2010 - 12:44 AM

I'm new (and I'm sure you hear that every day =D), and would first like to thank the creators of this site.
You rock.

From what someone with limited knowledge can tell ya:
1) Problem started today, with the little brother going through youtube like crazy.
2) Computer hangs up / freezes completely, with barely a warning.
3) Monitor can be dimmed / brightened, mouse usually continues movement, but windows, icons and the Start bar are completely unresponsive.
4) Task Manager won't open in this state. The only other thing I can do is hold the power button and force-shutdown.

I went into safe mode and did a full scan with Malwarebytes' Anti-Malware.. I see I made a mistake with losing the log file of the two files removed; when the problem wasn't solved, I tried System Restore (..worthless).

Hijack This provided me this log. I hope it helps:

-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:46 AM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera2\opera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7115 bytes


----------------------------


If there's anything I've missed, I apologize in advance. I read everything, but I'm known for missing out on the obvious.
Thanks for any assistance that can be provided.

Attached Files

  • Attached File  log   6.95KB   1 downloads


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 17 March 2010 - 10:56 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 18 March 2010 - 12:58 AM

Thanks for the quick response. =D

I'll just post what you requested from here.
--------------------------

OTL:

OTL logfile created on: 3/17/2010 11:18:45 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 560.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 111.94 Gb Free Space | 77.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/17 23:17:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
PRC - [2010/03/01 20:42:48 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera2\opera.exe
PRC - [2010/02/11 08:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/27 17:53:56 | 000,735,208 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/04/16 22:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/04/16 21:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/03/25 13:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009/03/13 19:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/19 11:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe


========== Modules (SafeList) ==========

MOD - [2010/03/17 23:17:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 15:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/26 18:45:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/06 21:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - [2009/12/14 20:28:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/10 21:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/05 17:08:52 | 000,009,216 | R--- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AmUStor.dll -- (AmUStor)
DRV - [2009/04/27 07:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/09 09:14:28 | 000,208,816 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/04/08 16:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/19 04:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/12/19 11:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 21:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/09 21:09:26 | 000,000,000 | ---D | M]

[2010/02/09 21:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Extensions
[2010/02/09 23:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/09 23:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\autofillForms@blueimp.net
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\smarterwiki@wikiatic.com
[2010/02/09 21:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\MyColors\fastload.dll - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/11 09:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3db12282-0698-11df-b48d-0025d3863b1e}\Shell - "" = AutoRun
O33 - MountPoints2\{3db12282-0698-11df-b48d-0025d3863b1e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa713b76-f29b-11de-b472-0025d3863b1e}\Shell - "" = AutoRun
O33 - MountPoints2\{aa713b76-f29b-11de-b472-0025d3863b1e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/11 09:15:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: yvhyahhj - C:\WINDOWS\system32\gzbfut.dll ()

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: XboxStat - hkey= - key= - c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173310768939008)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 23:17:30 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/17 01:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/17 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Opera2
[2010/03/17 00:55:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/27 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\My Documents\Adobe
[2010/02/27 00:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mobsters Healer
[2010/02/26 02:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Identities
[2010/02/24 17:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Myspace Picture Downloader
[2010/02/23 20:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Adder
[2010/02/05 09:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/12 03:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 03:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/11 09:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/11 09:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/11 09:16:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/11 09:16:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/17 23:19:15 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\NTUSER.DAT
[2010/03/17 23:17:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/17 23:11:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/17 23:11:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/17 01:49:12 | 004,295,536 | -H-- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\IconCache.db
[2010/03/17 01:38:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006UA.job
[2010/03/17 01:17:46 | 000,007,116 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\log
[2010/03/17 01:15:35 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\HijackThis.lnk
[2010/03/16 16:38:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006Core.job
[2010/03/16 00:09:58 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 21:30:40 | 000,000,506 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/14 12:31:41 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 12:31:41 | 000,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:31:41 | 000,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 01:08:58 | 000,044,444 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\l_99a47adc6e2ea475feb131e162fd8747.jpg
[2010/03/12 19:15:09 | 000,012,090 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Bio Crop.jpg
[2010/03/12 19:14:11 | 000,023,499 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\webcam1.jpg
[2010/03/12 19:11:34 | 000,003,913 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\private doggie.jpg
[2010/03/12 19:10:35 | 000,003,612 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Private layback.jpg
[2010/03/12 09:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/08 14:50:41 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 14:50:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/08 14:50:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/04 20:33:24 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Kellys Bellies.jpg
[2010/03/04 19:31:40 | 000,047,807 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\untitled.JPG
[2010/03/04 19:21:10 | 000,467,573 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\ohhhhhh.gif
[2010/03/04 19:21:02 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\smilllee.bmp
[2010/03/04 19:10:43 | 000,003,888 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Billy the zombie 01.jpg
[2010/03/04 18:40:37 | 005,971,616 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Dark_Stone_Texture_Stock_4_by_Sed_rah_Stock.jpg
[2010/03/04 13:35:28 | 000,322,703 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0240.jpg
[2010/03/04 13:35:10 | 000,317,736 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0242.jpg
[2010/03/04 13:23:42 | 000,220,267 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\MVC-005F.JPG
[2010/03/04 01:23:21 | 000,002,925 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 7.jpg
[2010/03/04 01:22:47 | 000,003,210 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 6.jpg
[2010/03/02 16:49:17 | 000,205,429 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\JUST WAKING UP.jpg
[2010/03/01 23:01:36 | 000,062,068 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\malcom1.jpg
[2010/03/01 21:34:09 | 000,068,289 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\19050_647019151695_42415969_37009562_5883986_n.jpg
[2010/03/01 18:47:00 | 000,110,994 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\skill points.JPG
[2010/02/27 14:50:18 | 000,061,021 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\sal04.jpg
[2010/02/27 14:47:47 | 000,015,689 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2010/02/27 14:35:10 | 000,006,151 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Yuck.JPG
[2010/02/27 00:37:57 | 000,016,932 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\awesome..jpg
[2010/02/26 22:25:00 | 000,044,826 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\beer bong whore.jpg
[2010/02/25 00:18:11 | 000,006,134 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\kutnt.JPG
[2010/02/23 12:19:59 | 000,092,622 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Arrows.JPG
[2010/02/22 18:06:31 | 000,376,246 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\porno.gif
[2010/02/22 02:06:58 | 000,064,457 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\no line..jpg
[2010/02/22 02:03:35 | 000,087,323 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\line.JPG
[2010/02/21 22:13:48 | 008,984,600 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\03 Pendulum - Plasticworld Feat. Fats & TC.mp3
[2010/02/21 15:34:32 | 002,162,834 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\071_71.JPG
[2010/02/21 15:34:09 | 001,503,697 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\078_78.JPG
[2010/02/21 15:31:04 | 000,291,567 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me & Destry @ Homecoming 06.jpg
[2010/02/21 15:27:56 | 000,041,720 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\CAENO5QZ.jpg
[2010/02/17 20:20:04 | 000,013,664 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\sextant.JPG
[2010/02/17 14:59:30 | 000,135,773 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00011.jpg
[2010/02/17 14:59:28 | 000,144,484 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00010.jpg
[2010/02/17 14:59:21 | 000,069,982 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\me.jpg
[2010/02/16 23:27:09 | 000,084,176 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\me soldier (3).jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 01:17:46 | 000,007,116 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\log
[2010/03/17 01:15:35 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\HijackThis.lnk
[2010/03/13 01:08:58 | 000,044,444 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\l_99a47adc6e2ea475feb131e162fd8747.jpg
[2010/03/12 19:15:09 | 000,012,090 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Bio Crop.jpg
[2010/03/12 19:14:10 | 000,023,499 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\webcam1.jpg
[2010/03/12 19:11:34 | 000,003,913 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\private doggie.jpg
[2010/03/12 19:10:34 | 000,003,612 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Private layback.jpg
[2010/03/04 20:33:22 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Kellys Bellies.jpg
[2010/03/04 19:20:47 | 000,467,573 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\ohhhhhh.gif
[2010/03/04 19:19:19 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\smilllee.bmp
[2010/03/04 19:10:43 | 000,003,888 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Billy the zombie 01.jpg
[2010/03/04 18:40:36 | 005,971,616 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Dark_Stone_Texture_Stock_4_by_Sed_rah_Stock.jpg
[2010/03/04 18:35:07 | 000,047,807 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\untitled.JPG
[2010/03/04 13:35:28 | 000,322,703 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0240.jpg
[2010/03/04 13:35:10 | 000,317,736 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0242.jpg
[2010/03/04 13:23:42 | 000,220,267 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\MVC-005F.JPG
[2010/03/04 01:22:51 | 000,002,925 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 7.jpg
[2010/03/04 01:22:44 | 000,003,210 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 6.jpg
[2010/03/02 16:49:10 | 000,205,429 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\JUST WAKING UP.jpg
[2010/03/01 23:01:34 | 000,062,068 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\malcom1.jpg
[2010/03/01 21:34:06 | 000,068,289 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\19050_647019151695_42415969_37009562_5883986_n.jpg
[2010/03/01 18:47:00 | 000,110,994 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\skill points.JPG
[2010/02/27 14:51:39 | 000,061,021 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\sal04.jpg
[2010/02/27 14:35:10 | 000,006,151 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Yuck.JPG
[2010/02/27 00:37:55 | 000,016,932 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\awesome..jpg
[2010/02/26 22:24:57 | 000,044,826 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\beer bong whore.jpg
[2010/02/25 11:40:54 | 000,524,288 | ---- | C] () -- C:\1005HA.ROM
[2010/02/25 00:18:11 | 000,006,134 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\kutnt.JPG
[2010/02/25 00:12:34 | 000,015,689 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2010/02/23 12:19:58 | 000,092,622 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Arrows.JPG
[2010/02/22 18:06:31 | 000,376,246 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\porno.gif
[2010/02/22 02:06:56 | 000,064,457 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\no line..jpg
[2010/02/22 02:03:35 | 000,087,323 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\line.JPG
[2010/02/21 22:13:01 | 008,984,600 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\03 Pendulum - Plasticworld Feat. Fats & TC.mp3
[2010/02/21 15:33:36 | 002,162,834 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\071_71.JPG
[2010/02/21 15:33:28 | 001,503,697 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\078_78.JPG
[2010/02/21 15:30:57 | 000,291,567 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me & Destry @ Homecoming 06.jpg
[2010/02/21 15:27:53 | 000,041,720 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\CAENO5QZ.jpg
[2010/02/17 20:20:04 | 000,013,664 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\sextant.JPG
[2010/02/17 14:59:28 | 000,135,773 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00011.jpg
[2010/02/17 14:59:25 | 000,144,484 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00010.jpg
[2010/02/17 14:59:19 | 000,069,982 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\me.jpg
[2010/02/16 23:27:07 | 000,084,176 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\me soldier (3).jpg
[2010/01/23 04:34:26 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/01/10 23:55:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\spukobot.ini
[2009/12/14 20:28:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/27 21:28:11 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/27 21:08:12 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 04:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 03:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 03:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 03:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 15:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 15:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 14:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 09:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/08/11 09:03:11 | 000,166,512 | RHS- | C] () -- C:\WINDOWS\System32\gzbfut.dll
[2009/06/09 10:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[1999/05/21 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[1997/11/17 19:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2010/03/16 23:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2009/12/14 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/20 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/02/12 19:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/14 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\BitTorrent
[2009/12/14 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\DAEMON Tools Lite
[2010/01/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Jasc
[2010/03/17 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Opera
[2010/02/15 01:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\TeamViewer
[2009/12/14 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Ubisoft

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/08/11 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/27 09:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/01/27 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/11 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/12/14 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/26 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/02/05 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/08 16:09:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/03 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/05 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/05 18:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/08/20 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/08/11 15:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/01/27 01:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/12 19:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/30 18:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/27 20:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/08/06 16:31:14 | 000,528,384 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe
[2009/11/10 15:39:00 | 000,607,472 | R--- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2010/02/27 23:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Adobe
[2010/01/27 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Apple Computer
[2010/03/14 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\BitTorrent
[2009/12/14 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\DAEMON Tools Lite
[2010/02/08 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Help
[2009/08/11 09:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Identities
[2009/08/20 08:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\InstallShield
[2010/01/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Jasc
[2009/11/27 20:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Macromedia
[2010/02/05 19:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Malwarebytes
[2010/02/26 02:04:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft
[2010/02/09 21:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla
[2010/03/17 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Opera
[2010/01/05 03:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Sun
[2010/02/15 01:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\TeamViewer
[2009/12/14 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Ubisoft
[2010/01/21 10:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\WinRAR
[2009/11/27 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2010/02/09 21:54:19 | 000,002,998 | R--- | M] () -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_18be6784.exe
[2010/02/09 21:54:19 | 000,002,998 | R--- | M] () -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_294823.exe

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/21 10:06:58 | 000,166,512 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\gzbfut.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

------------------------------------

Second log (Extras):

OTL Extras logfile created on: 3/17/2010 11:18:45 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 560.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 111.94 Gb Free Space | 77.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera2\opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3871:TCP" = 3871:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9377:TCP" = 9377:TCP:*:Enabled:ofnoz
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3871:TCP" = 3871:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Opera2\opera.exe" = C:\Program Files\Opera2\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}" = Opera 10.50
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}" = Emails generator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Active Mobster_is1" = Active Mobster 1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adriana Lima Screensaver" = Adriana Lima Screensaver
"Audacity_is1" = Audacity 1.2.6
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BitTorrent" = BitTorrent
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Eee Docking_is1" = Eee Docking 1.3.6.0
"Final Fantasy VII" = Final Fantasy VII
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Kickassscreensavers.com" = Kickassscreensavers.com - Start Menu Shortcut
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobster Commander Utility_is1" = Mobster Commander Utility 1.0.1
"Mobster Utility_is1" = Mobster Utility 2.4.0
"Mobsters Healer_is1" = Mobsters Healer 1.0.0
"Mobsters Hitlist Utility_is1" = Mobsters Hitlist Utility 1.0.5
"Mobsters Superbot_is1" = Mobsters Superbot
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myspace Picture Downloader_is1" = Myspace Picture Downloader 1.0.2
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"RealMedia" = RealMedia (remove only)
"ScriptMaker_is1" = ScriptMaker 2.0.10
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Ultimate Adder_is1" = Ultimate Adder 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2009 12:58:50 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 12/15/2009 1:02:34 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 12/15/2009 1:08:30 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 12/20/2009 1:27:55 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 1/10/2010 6:07:33 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 10.0.0.1102, faulting
module yui.dll, version 2008.2.1.1, fault address 0x000241a3.

Error - 1/13/2010 11:18:48 AM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module
asacpisvr.exe, version 6.1.1.1008, fault address 0x00006279.

Error - 1/26/2010 5:03:28 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 8.1.0.137, faulting module
3difr.x3d, version 8.1.0.0, fault address 0x0001bc79.

Error - 2/5/2010 6:35:30 PM | Computer Name = YOUR-LIE0J2FGST | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/5/2010 7:00:06 PM | Computer Name = YOUR-LIE0J2FGST | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/5/2010 7:18:54 PM | Computer Name = YOUR-LIE0J2FGST | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 3/17/2010 12:58:40 AM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7023
Description = The Driver Image service terminated with the following error: %%1114

Error - 3/17/2010 1:10:28 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:10:37 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:12:22 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:13:04 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:13:44 AM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7023
Description = The Driver Image service terminated with the following error: %%1114

Error - 3/17/2010 1:13:44 AM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AudioSrv service.

Error - 3/17/2010 11:11:46 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 11:12:16 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 11:13:07 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7023
Description = The Driver Image service terminated with the following error: %%1114


< End of report >

--------------------------------------

GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 01:46:33
Windows 5.1.2600 Service Pack 3
Running: 6l49bx4f.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwayqaod.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI \Device\00000040 85855DD0

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ACPI \Device\00000041 85855DD0

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ACPI \Device\00000042 85855DD0
Device \Driver\ACPI \Device\00000050 85855DD0
Device \Driver\ACPI \Device\00000043 85855DD0
Device \Driver\ACPI \Device\00000051 85855DD0
Device \Driver\ACPI \Device\00000044 85855DD0
Device \Driver\ACPI \Device\00000052 85855DD0
Device \Driver\ACPI \Device\00000053 85855DD0
Device \Driver\ACPI \Device\00000054 85855DD0
Device \Driver\ACPI \Device\00000064 85855DD0
Device \Driver\ACPI \Device\0000004a 85855DD0
Device \Driver\ACPI \Device\0000004b 85855DD0
Device \Driver\ACPI \Device\0000003f 85855DD0
Device \Driver\ACPI \Device\0000005a 85855DD0
Device \Driver\ACPI \Device\0000005b 85855DD0
Device \Driver\ACPI \Device\0000005c 85855DD0
Device \Driver\ACPI \Device\0000004f 85855DD0
Device \Driver\ACPI \Device\0000005f 85855DD0
Device \FileSystem\Fastfat \Fat F6869D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:204] 8570EEAB

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x36 0xE0 0xBC 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x65 0x29 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0x4A 0x11 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x36 0xE0 0xBC 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x65 0x29 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0x4A 0x11 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@DisplayName Driver Image
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@Description Stores security information for local user accounts.
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj\Parameters@ServiceDll C:\WINDOWS\system32\gzbfut.dll

---- EOF - GMER 1.0.15 ----



--------------------------------------

Again, the help with my problem is greatly appreciated.



Thanks for the quick response. =D

I'll just post what you requested from here.
--------------------------

OTL:

OTL logfile created on: 3/17/2010 11:18:45 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 560.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 111.94 Gb Free Space | 77.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/17 23:17:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
PRC - [2010/03/01 20:42:48 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera2\opera.exe
PRC - [2010/02/11 08:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/27 17:53:56 | 000,735,208 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/04/16 22:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/04/16 21:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/03/25 13:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009/03/13 19:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/19 11:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe


========== Modules (SafeList) ==========

MOD - [2010/03/17 23:17:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 15:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/26 18:45:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/06 21:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - [2009/12/14 20:28:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/10 21:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/05 17:08:52 | 000,009,216 | R--- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AmUStor.dll -- (AmUStor)
DRV - [2009/04/27 07:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/09 09:14:28 | 000,208,816 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/04/08 16:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/19 04:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/12/19 11:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 21:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/09 21:09:26 | 000,000,000 | ---D | M]

[2010/02/09 21:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Extensions
[2010/02/09 23:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/09 23:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\autofillForms@blueimp.net
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\smarterwiki@wikiatic.com
[2010/02/09 21:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\MyColors\fastload.dll - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/11 09:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3db12282-0698-11df-b48d-0025d3863b1e}\Shell - "" = AutoRun
O33 - MountPoints2\{3db12282-0698-11df-b48d-0025d3863b1e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa713b76-f29b-11de-b472-0025d3863b1e}\Shell - "" = AutoRun
O33 - MountPoints2\{aa713b76-f29b-11de-b472-0025d3863b1e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/11 09:15:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: yvhyahhj - C:\WINDOWS\system32\gzbfut.dll ()

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: XboxStat - hkey= - key= - c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173310768939008)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 23:17:30 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/17 01:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/17 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Opera2
[2010/03/17 00:55:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/27 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\My Documents\Adobe
[2010/02/27 00:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mobsters Healer
[2010/02/26 02:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Identities
[2010/02/24 17:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Myspace Picture Downloader
[2010/02/23 20:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Adder
[2010/02/05 09:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/12 03:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 03:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/11 09:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/11 09:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/11 09:16:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/11 09:16:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/17 23:19:15 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\NTUSER.DAT
[2010/03/17 23:17:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/17 23:11:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/17 23:11:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/17 01:49:12 | 004,295,536 | -H-- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\IconCache.db
[2010/03/17 01:38:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006UA.job
[2010/03/17 01:17:46 | 000,007,116 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\log
[2010/03/17 01:15:35 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\HijackThis.lnk
[2010/03/16 16:38:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006Core.job
[2010/03/16 00:09:58 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 21:30:40 | 000,000,506 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/14 12:31:41 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 12:31:41 | 000,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:31:41 | 000,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 01:08:58 | 000,044,444 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\l_99a47adc6e2ea475feb131e162fd8747.jpg
[2010/03/12 19:15:09 | 000,012,090 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Bio Crop.jpg
[2010/03/12 19:14:11 | 000,023,499 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\webcam1.jpg
[2010/03/12 19:11:34 | 000,003,913 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\private doggie.jpg
[2010/03/12 19:10:35 | 000,003,612 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Private layback.jpg
[2010/03/12 09:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/08 14:50:41 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 14:50:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/08 14:50:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/04 20:33:24 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Kellys Bellies.jpg
[2010/03/04 19:31:40 | 000,047,807 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\untitled.JPG
[2010/03/04 19:21:10 | 000,467,573 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\ohhhhhh.gif
[2010/03/04 19:21:02 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\smilllee.bmp
[2010/03/04 19:10:43 | 000,003,888 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Billy the zombie 01.jpg
[2010/03/04 18:40:37 | 005,971,616 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Dark_Stone_Texture_Stock_4_by_Sed_rah_Stock.jpg
[2010/03/04 13:35:28 | 000,322,703 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0240.jpg
[2010/03/04 13:35:10 | 000,317,736 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0242.jpg
[2010/03/04 13:23:42 | 000,220,267 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\MVC-005F.JPG
[2010/03/04 01:23:21 | 000,002,925 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 7.jpg
[2010/03/04 01:22:47 | 000,003,210 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 6.jpg
[2010/03/02 16:49:17 | 000,205,429 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\JUST WAKING UP.jpg
[2010/03/01 23:01:36 | 000,062,068 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\malcom1.jpg
[2010/03/01 21:34:09 | 000,068,289 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\19050_647019151695_42415969_37009562_5883986_n.jpg
[2010/03/01 18:47:00 | 000,110,994 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\skill points.JPG
[2010/02/27 14:50:18 | 000,061,021 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\sal04.jpg
[2010/02/27 14:47:47 | 000,015,689 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2010/02/27 14:35:10 | 000,006,151 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Yuck.JPG
[2010/02/27 00:37:57 | 000,016,932 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\awesome..jpg
[2010/02/26 22:25:00 | 000,044,826 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\beer bong whore.jpg
[2010/02/25 00:18:11 | 000,006,134 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\kutnt.JPG
[2010/02/23 12:19:59 | 000,092,622 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Arrows.JPG
[2010/02/22 18:06:31 | 000,376,246 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\porno.gif
[2010/02/22 02:06:58 | 000,064,457 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\no line..jpg
[2010/02/22 02:03:35 | 000,087,323 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\line.JPG
[2010/02/21 22:13:48 | 008,984,600 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\03 Pendulum - Plasticworld Feat. Fats & TC.mp3
[2010/02/21 15:34:32 | 002,162,834 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\071_71.JPG
[2010/02/21 15:34:09 | 001,503,697 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\078_78.JPG
[2010/02/21 15:31:04 | 000,291,567 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me & Destry @ Homecoming 06.jpg
[2010/02/21 15:27:56 | 000,041,720 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\CAENO5QZ.jpg
[2010/02/17 20:20:04 | 000,013,664 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\sextant.JPG
[2010/02/17 14:59:30 | 000,135,773 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00011.jpg
[2010/02/17 14:59:28 | 000,144,484 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00010.jpg
[2010/02/17 14:59:21 | 000,069,982 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\me.jpg
[2010/02/16 23:27:09 | 000,084,176 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\me soldier (3).jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 01:17:46 | 000,007,116 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\log
[2010/03/17 01:15:35 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\HijackThis.lnk
[2010/03/13 01:08:58 | 000,044,444 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\l_99a47adc6e2ea475feb131e162fd8747.jpg
[2010/03/12 19:15:09 | 000,012,090 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Bio Crop.jpg
[2010/03/12 19:14:10 | 000,023,499 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\webcam1.jpg
[2010/03/12 19:11:34 | 000,003,913 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\private doggie.jpg
[2010/03/12 19:10:34 | 000,003,612 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Private layback.jpg
[2010/03/04 20:33:22 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Kellys Bellies.jpg
[2010/03/04 19:20:47 | 000,467,573 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\ohhhhhh.gif
[2010/03/04 19:19:19 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\smilllee.bmp
[2010/03/04 19:10:43 | 000,003,888 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Billy the zombie 01.jpg
[2010/03/04 18:40:36 | 005,971,616 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Dark_Stone_Texture_Stock_4_by_Sed_rah_Stock.jpg
[2010/03/04 18:35:07 | 000,047,807 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\untitled.JPG
[2010/03/04 13:35:28 | 000,322,703 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0240.jpg
[2010/03/04 13:35:10 | 000,317,736 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0242.jpg
[2010/03/04 13:23:42 | 000,220,267 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\MVC-005F.JPG
[2010/03/04 01:22:51 | 000,002,925 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 7.jpg
[2010/03/04 01:22:44 | 000,003,210 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 6.jpg
[2010/03/02 16:49:10 | 000,205,429 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\JUST WAKING UP.jpg
[2010/03/01 23:01:34 | 000,062,068 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\malcom1.jpg
[2010/03/01 21:34:06 | 000,068,289 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\19050_647019151695_42415969_37009562_5883986_n.jpg
[2010/03/01 18:47:00 | 000,110,994 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\skill points.JPG
[2010/02/27 14:51:39 | 000,061,021 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\sal04.jpg
[2010/02/27 14:35:10 | 000,006,151 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Yuck.JPG
[2010/02/27 00:37:55 | 000,016,932 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\awesome..jpg
[2010/02/26 22:24:57 | 000,044,826 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\beer bong whore.jpg
[2010/02/25 11:40:54 | 000,524,288 | ---- | C] () -- C:\1005HA.ROM
[2010/02/25 00:18:11 | 000,006,134 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\kutnt.JPG
[2010/02/25 00:12:34 | 000,015,689 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2010/02/23 12:19:58 | 000,092,622 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Arrows.JPG
[2010/02/22 18:06:31 | 000,376,246 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\porno.gif
[2010/02/22 02:06:56 | 000,064,457 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\no line..jpg
[2010/02/22 02:03:35 | 000,087,323 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\line.JPG
[2010/02/21 22:13:01 | 008,984,600 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\03 Pendulum - Plasticworld Feat. Fats & TC.mp3
[2010/02/21 15:33:36 | 002,162,834 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\071_71.JPG
[2010/02/21 15:33:28 | 001,503,697 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\078_78.JPG
[2010/02/21 15:30:57 | 000,291,567 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me & Destry @ Homecoming 06.jpg
[2010/02/21 15:27:53 | 000,041,720 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\CAENO5QZ.jpg
[2010/02/17 20:20:04 | 000,013,664 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\sextant.JPG
[2010/02/17 14:59:28 | 000,135,773 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00011.jpg
[2010/02/17 14:59:25 | 000,144,484 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00010.jpg
[2010/02/17 14:59:19 | 000,069,982 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\me.jpg
[2010/02/16 23:27:07 | 000,084,176 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\me soldier (3).jpg
[2010/01/23 04:34:26 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/01/10 23:55:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\spukobot.ini
[2009/12/14 20:28:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/27 21:28:11 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/27 21:08:12 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 04:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 03:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 03:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 03:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 15:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 15:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 14:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 09:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/08/11 09:03:11 | 000,166,512 | RHS- | C] () -- C:\WINDOWS\System32\gzbfut.dll
[2009/06/09 10:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[1999/05/21 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[1997/11/17 19:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2010/03/16 23:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2009/12/14 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/20 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/02/12 19:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/14 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\BitTorrent
[2009/12/14 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\DAEMON Tools Lite
[2010/01/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Jasc
[2010/03/17 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Opera
[2010/02/15 01:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\TeamViewer
[2009/12/14 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Ubisoft

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/08/11 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/27 09:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/01/27 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/11 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/12/14 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/26 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/02/05 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/08 16:09:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/03 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/05 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/05 18:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/08/20 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/08/11 15:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/01/27 01:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/12 19:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/30 18:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/27 20:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/08/06 16:31:14 | 000,528,384 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe
[2009/11/10 15:39:00 | 000,607,472 | R--- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2010/02/27 23:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Adobe
[2010/01/27 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Apple Computer
[2010/03/14 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\BitTorrent
[2009/12/14 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\DAEMON Tools Lite
[2010/02/08 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Help
[2009/08/11 09:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Identities
[2009/08/20 08:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\InstallShield
[2010/01/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Jasc
[2009/11/27 20:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Macromedia
[2010/02/05 19:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Malwarebytes
[2010/02/26 02:04:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft
[2010/02/09 21:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla
[2010/03/17 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Opera
[2010/01/05 03:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Sun
[2010/02/15 01:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\TeamViewer
[2009/12/14 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Ubisoft
[2010/01/21 10:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\WinRAR
[2009/11/27 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2010/02/09 21:54:19 | 000,002,998 | R--- | M] () -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_18be6784.exe
[2010/02/09 21:54:19 | 000,002,998 | R--- | M] () -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_294823.exe

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/21 10:06:58 | 000,166,512 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\gzbfut.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

------------------------------------

Second log (Extras):

OTL Extras logfile created on: 3/17/2010 11:18:45 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 560.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 111.94 Gb Free Space | 77.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera2\opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3871:TCP" = 3871:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9377:TCP" = 9377:TCP:*:Enabled:ofnoz
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3871:TCP" = 3871:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Opera2\opera.exe" = C:\Program Files\Opera2\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}" = Opera 10.50
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}" = Emails generator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Active Mobster_is1" = Active Mobster 1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adriana Lima Screensaver" = Adriana Lima Screensaver
"Audacity_is1" = Audacity 1.2.6
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BitTorrent" = BitTorrent
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Eee Docking_is1" = Eee Docking 1.3.6.0
"Final Fantasy VII" = Final Fantasy VII
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Kickassscreensavers.com" = Kickassscreensavers.com - Start Menu Shortcut
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobster Commander Utility_is1" = Mobster Commander Utility 1.0.1
"Mobster Utility_is1" = Mobster Utility 2.4.0
"Mobsters Healer_is1" = Mobsters Healer 1.0.0
"Mobsters Hitlist Utility_is1" = Mobsters Hitlist Utility 1.0.5
"Mobsters Superbot_is1" = Mobsters Superbot
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myspace Picture Downloader_is1" = Myspace Picture Downloader 1.0.2
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"RealMedia" = RealMedia (remove only)
"ScriptMaker_is1" = ScriptMaker 2.0.10
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Ultimate Adder_is1" = Ultimate Adder 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2009 12:58:50 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 12/15/2009 1:02:34 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 12/15/2009 1:08:30 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 12/20/2009 1:27:55 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting
module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x0069bb38.

Error - 1/10/2010 6:07:33 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 10.0.0.1102, faulting
module yui.dll, version 2008.2.1.1, fault address 0x000241a3.

Error - 1/13/2010 11:18:48 AM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module
asacpisvr.exe, version 6.1.1.1008, fault address 0x00006279.

Error - 1/26/2010 5:03:28 PM | Computer Name = YOUR-LIE0J2FGST | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 8.1.0.137, faulting module
3difr.x3d, version 8.1.0.0, fault address 0x0001bc79.

Error - 2/5/2010 6:35:30 PM | Computer Name = YOUR-LIE0J2FGST | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/5/2010 7:00:06 PM | Computer Name = YOUR-LIE0J2FGST | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/5/2010 7:18:54 PM | Computer Name = YOUR-LIE0J2FGST | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 3/17/2010 12:58:40 AM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7023
Description = The Driver Image service terminated with the following error: %%1114

Error - 3/17/2010 1:10:28 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:10:37 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:12:22 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:13:04 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 1:13:44 AM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7023
Description = The Driver Image service terminated with the following error: %%1114

Error - 3/17/2010 1:13:44 AM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AudioSrv service.

Error - 3/17/2010 11:11:46 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 11:12:16 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/17/2010 11:13:07 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7023
Description = The Driver Image service terminated with the following error: %%1114


< End of report >

--------------------------------------

GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 01:46:33
Windows 5.1.2600 Service Pack 3
Running: 6l49bx4f.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwayqaod.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI \Device\00000040 85855DD0

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ACPI \Device\00000041 85855DD0

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ACPI \Device\00000042 85855DD0
Device \Driver\ACPI \Device\00000050 85855DD0
Device \Driver\ACPI \Device\00000043 85855DD0
Device \Driver\ACPI \Device\00000051 85855DD0
Device \Driver\ACPI \Device\00000044 85855DD0
Device \Driver\ACPI \Device\00000052 85855DD0
Device \Driver\ACPI \Device\00000053 85855DD0
Device \Driver\ACPI \Device\00000054 85855DD0
Device \Driver\ACPI \Device\00000064 85855DD0
Device \Driver\ACPI \Device\0000004a 85855DD0
Device \Driver\ACPI \Device\0000004b 85855DD0
Device \Driver\ACPI \Device\0000003f 85855DD0
Device \Driver\ACPI \Device\0000005a 85855DD0
Device \Driver\ACPI \Device\0000005b 85855DD0
Device \Driver\ACPI \Device\0000005c 85855DD0
Device \Driver\ACPI \Device\0000004f 85855DD0
Device \Driver\ACPI \Device\0000005f 85855DD0
Device \FileSystem\Fastfat \Fat F6869D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:204] 8570EEAB

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x36 0xE0 0xBC 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x65 0x29 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0x4A 0x11 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x36 0xE0 0xBC 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x65 0x29 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0x4A 0x11 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@DisplayName Driver Image
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj@Description Stores security information for local user accounts.
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\yvhyahhj\Parameters@ServiceDll C:\WINDOWS\system32\gzbfut.dll

---- EOF - GMER 1.0.15 ----



--------------------------------------

Again, the help with my problem is greatly appreciated.

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 18 March 2010 - 09:32 AM

Well done. thumbup2.gif

excl.gif P2P Warning excl.gif

Your log indicates that you have BitTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
  • It shall produce a log located at C:\RKill. Please copy and paste it into your next reply.

==========

Please download HelpAsst_mebroot_fix.exe by noahdfear and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • Please pay attention as this tool runs.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer. Type "Y" and then press "Enter".



  • Upon restarting, please wait about 5 minutes, click Start>Run then copy and paste the following bolded command in the run box then hit Enter.

helpasst -mbrt
  • When it completes, a log will open.
  • Please post the contents of that log.


Note: Only proceed to the next step if the tool did not detect an mbr infection!!!!!!!


==========

Only in the event the tool does not detect an mbr infection and completes then please do this......

  • Click Start>Run and copy and paste the following bolded command
  • Then hit Enter

mbr -f
  • Now, please do the Start>Run>mbr -f command a second time.
  • Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
  • Give it about 5 minutes, then click Start>Run and copy and paste the following bolded command, then hit Enter.

helpasst -mbrt
  • When it completes, a log will open.
  • Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

==========

Re-run RKill

==========


Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* RKill log
* Helpassistant log
* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 18 March 2010 - 09:21 PM

That last program had me all 0_o for about 15 minutes. =D

------------------------------

Rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Sean Vanner on 03/18/2010 at 21:17:22.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Sean Vanner\Desktop\rkill.pif


Rkill completed on 03/18/2010 at 21:17:26.

-------------------------------

HelpAssist Log:

C:\Documents and Settings\Sean Vanner\Desktop\HelpAsst_mebroot_fix.exe
Thu 03/18/2010 at 21:30:16.78

HelpAssistant account was found to be Active ~ attempting to de-activate

Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3871:TCP"=-
"3389:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3871:TCP"=-
"3389:TCP"=-

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2422217147-1366146706-4244603680-1005
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST ~ attempting to remove

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Thu 03/18/2010 at 21:48:23.25

Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spcb.sys >>UNKNOWN [0x86589938]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll present!


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

S-1-5-21-2422217147-1366146706-4244603680-1005
%SystemDrive%\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST.000

~~ Checking for HelpAssistant directories ~~

HelpAssistant
HelpAssistant.YOUR-LIE0J2FGST
HelpAssistant.YOUR-LIE0J2FGST.000

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
"3871:TCP"=3871:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

--------------------------------

Combofix log:

ComboFix 10-03-18.01 - Sean Vanner 03/18/2010 21:59:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.641 [GMT -4:00]
Running from: c:\documents and settings\Sean Vanner\Desktop\thcbytes.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\recycler\S-1-5-21-4155940279-453244667-3627011575-1003
c:\windows\system32\gzbfut.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YVHYAHHJ
-------\Service_yvhyahhj


((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-19 01:52 . 2010-03-19 01:54 -------- d-----w- C:\thcbytes
2010-03-19 01:30 . 2010-03-19 01:30 -------- d-----w- C:\HelpAsst_backup
2010-03-17 05:15 . 2010-03-17 05:15 -------- d-----w- c:\program files\Trend Micro
2010-03-17 05:05 . 2010-03-17 05:05 -------- d-----w- c:\documents and settings\HelpAssistant.YOUR-LIE0J2FGST\WINDOWS
2010-03-17 05:05 . 2010-03-17 05:05 -------- d-----w- c:\documents and settings\HelpAssistant.YOUR-LIE0J2FGST\PrivacIE
2010-03-17 05:02 . 2010-03-17 05:02 -------- d-----w- c:\program files\Opera2
2010-03-17 04:56 . 2010-03-17 04:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-17 02:23 . 2010-03-17 02:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-27 04:15 . 2010-03-15 19:38 -------- d-----w- c:\program files\Mobsters Healer
2010-02-26 06:04 . 2010-02-26 06:04 -------- d-----w- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Identities
2010-02-24 21:32 . 2010-03-08 19:07 -------- d-----w- c:\program files\Myspace Picture Downloader
2010-02-24 00:04 . 2010-02-24 00:26 -------- d-----w- c:\program files\Ultimate Adder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 04:55 . 2010-02-12 23:49 -------- d-----w- c:\program files\Opera
2010-03-16 06:33 . 2009-11-28 03:19 -------- d-----w- c:\program files\Zoom Player
2010-03-15 02:42 . 2009-11-28 03:16 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\BitTorrent
2010-03-08 06:24 . 2010-01-25 16:46 -------- d-----w- c:\program files\Active Mobster
2010-03-08 00:29 . 2010-01-25 17:26 -------- d-----w- c:\program files\Mobster Utility
2010-02-15 05:24 . 2010-02-13 18:35 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\TeamViewer
2010-02-14 02:30 . 2010-02-14 02:24 -------- d-----w- c:\program files\Mobster Commander Utility
2010-02-13 18:34 . 2010-02-13 18:34 -------- d-----w- c:\program files\TeamViewer
2010-02-13 18:19 . 2010-02-13 18:12 -------- d-----w- c:\program files\Mobsters Hitlist Utility
2010-02-12 23:29 . 2010-02-12 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-02-12 23:29 . 2010-02-12 23:29 -------- d-----w- c:\program files\Comcast
2010-02-12 23:25 . 2010-02-06 01:33 -------- d-----w- c:\program files\support.com
2010-02-11 21:04 . 2009-08-11 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-10 01:54 . 2010-02-10 01:54 2998 ----a-r- c:\documents and settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_294823.exe
2010-02-10 01:54 . 2010-02-10 01:54 2998 ----a-r- c:\documents and settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_18be6784.exe
2010-02-10 01:54 . 2010-02-10 01:54 -------- d-----w- c:\program files\Andromedasoft
2010-02-10 01:09 . 2010-02-10 01:09 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 01:33 . 2010-02-06 01:33 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-02-06 00:27 . 2009-08-11 19:52 -------- d-----w- c:\program files\Norton Internet Security
2010-02-06 00:18 . 2010-02-06 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-05 23:21 . 2010-02-05 23:21 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\Malwarebytes
2010-02-05 23:21 . 2010-02-05 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 23:21 . 2010-02-05 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-05 22:50 . 2010-02-05 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-04 14:54 . 2009-11-28 00:51 -------- d-----w- c:\program files\Yahoo!
2010-02-03 21:28 . 2009-11-28 12:28 60224 -c--a-w- c:\documents and settings\Sean Vanner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-03 21:15 . 2009-08-11 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-29 18:59 . 2010-01-26 16:07 -------- d-----w- c:\program files\Jasc Software Inc
2010-01-27 13:35 . 2010-01-27 13:35 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\Apple Computer
2010-01-27 13:13 . 2010-01-27 13:13 -------- d-----w- c:\program files\QuickTime
2010-01-27 13:13 . 2010-01-27 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-27 13:13 . 2010-01-27 13:13 -------- d-----w- c:\program files\Common Files\Apple
2010-01-27 13:12 . 2010-01-27 13:12 -------- d-----w- c:\program files\Apple Software Update
2010-01-27 13:12 . 2010-01-27 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-27 05:00 . 2010-01-27 05:00 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 05:00 . 2010-01-27 05:00 503808 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b5f9ba3-n\msvcp71.dll
2010-01-27 05:00 . 2010-01-27 05:00 499712 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b5f9ba3-n\jmc.dll
2010-01-27 05:00 . 2010-01-27 05:00 348160 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b5f9ba3-n\msvcr71.dll
2010-01-27 05:00 . 2010-01-27 05:00 61440 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1495a4fd-n\decora-sse.dll
2010-01-27 05:00 . 2010-01-27 05:00 12800 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1495a4fd-n\decora-d3d.dll
2010-01-27 05:00 . 2010-01-05 07:46 -------- d-----w- c:\program files\Java
2010-01-26 22:56 . 2010-01-26 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-26 22:53 . 2009-08-11 19:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-26 22:52 . 2010-01-26 22:52 -------- d-----w- c:\program files\Bonjour
2010-01-26 22:45 . 2010-01-26 22:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-26 22:31 . 2010-01-26 22:31 -------- d-----w- c:\program files\MagicISO
2010-01-26 16:08 . 2010-01-26 16:08 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\Jasc
2010-01-23 08:34 . 2010-01-23 08:34 -------- d-----w- c:\program files\Ulead Systems
2010-01-23 08:34 . 2009-08-11 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-20 05:04 . 2009-11-30 20:33 -------- d-----w- c:\program files\iCall
2010-01-18 03:21 . 2010-01-11 03:20 -------- d-----w- c:\program files\Mobsters Superbot
2010-01-10 19:08 . 2010-01-10 19:08 1701702 ----a-w- c:\windows\system32\Adriana Lima 1.scr
2010-01-07 21:07 . 2010-02-05 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-02-05 23:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 07:46 . 2010-01-05 07:46 152576 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-05 07:45 . 2010-01-05 07:45 79488 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2009-06-09 14:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-09 21:28 135664 ----atw- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 00:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Sean Vanner\\My Documents\\My Office\\Age of Empires 2\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\empires2A.EXE"=
"c:\\Documents and Settings\\Sean Vanner\\My Documents\\My Office\\Age of Empires 2\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\age2_x1.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera2\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9377:TCP"= 9377:TCP:ofnoz

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2009 8:28 PM 691696]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2/11/2010 7:42 AM 172328]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 9:59 PM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 1:47 AM 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 3:00 PM 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 8:24 AM 1015424]
.
Contents of the 'Scheduled Tasks' folder

2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006Core.job
- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-09 21:28]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006UA.job
- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-09 21:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-Final Fantasy VII - c:\program files\Square Soft



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\Stardock\MyColors\fastload.dll

- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-03-18 22:10:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-19 02:10

Pre-Run: 119,184,072,704 bytes free
Post-Run: 119,208,296,448 bytes free

- - End Of File - - 65A4061435301F395CF75372A7A1E0E5

---------------------------------


Files provided with this post, as before. =D
Thanks again. I plan on learning all this stuff and helping you some day.
(Shoulda gone to college. >.< Heh)

-Hope I did everything as specified.
(The computer froze on me, like it's been doing, during the Combofix run; but it was directly after installing the Windows Restore thing. And I'm sure you hate reading 'thing' or 'thing-a-mabob,' so I apologize for that.. but I had to restart and start Combofix again; it acted like the install was successful and went on with the scan, but I figured you should know anyway.)

Attached Files



#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 19 March 2010 - 10:39 AM

Your doing great. thumbup2.gif

I appreciate your detailed feedback. It is quite helpful!!

excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\system32\termsrv32.dll

Folder::
c:\documents and settings\HelpAssistant.YOUR-LIE0J2FGST

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9377:TCP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Download and run
HelpAssistantScan.exe
Post the contents of the resulting log for my review in your next reply.

==========

Please right click and delete OTL from your desktop.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    termsrv.dll
    termsrv32.dll
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

With your next post please provide:

* Combofix.txt
* HelpAssistant log
* OTL.txt
* Extra.txt
* How is your computer running now?

Kind regards,
~t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 19 March 2010 - 12:56 PM

=D It's not freezing anymore, but there is one thing I'm still having trouble with. Thanks for removing the hair-pulling aspect from this matter for me, at least.

-----------------------------

Combofix Log:

ComboFix 10-03-18.02 - Sean Vanner 03/19/2010 12:52:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.697 [GMT -4:00]
Running from: c:\documents and settings\Sean Vanner\Desktop\thcbytes.exe
Command switches used :: c:\documents and settings\Sean Vanner\Desktop\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\termsrv32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\termsrv32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-19 07:07 . 2010-03-19 07:07 -------- d-----w- c:\program files\CCleaner
2010-03-19 05:34 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-19 05:34 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-19 05:34 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-19 05:34 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-19 05:34 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-19 05:34 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-19 05:34 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-19 05:34 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-19 05:34 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-19 05:34 . 2010-03-19 05:34 -------- d-----w- c:\program files\Alwil Software
2010-03-19 05:34 . 2010-03-19 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-19 03:16 . 2010-03-19 04:05 -------- d-----w- C:\$AVG
2010-03-19 03:15 . 2010-03-19 03:20 -------- d-----w- c:\program files\AVG
2010-03-19 03:15 . 2010-03-19 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-19 01:57 . 2010-03-19 02:10 -------- d-----w- C:\thcbytes7393t
2010-03-19 01:52 . 2010-03-19 01:54 -------- d-----w- C:\thcbytes
2010-03-19 01:30 . 2010-03-19 01:30 -------- d-----w- C:\HelpAsst_backup
2010-03-17 05:15 . 2010-03-17 05:15 -------- d-----w- c:\program files\Trend Micro
2010-03-17 05:05 . 2010-03-17 05:05 -------- d-----w- c:\documents and settings\HelpAssistant.YOUR-LIE0J2FGST\WINDOWS
2010-03-17 05:05 . 2010-03-17 05:05 -------- d-----w- c:\documents and settings\HelpAssistant.YOUR-LIE0J2FGST\PrivacIE
2010-03-17 05:02 . 2010-03-17 05:02 -------- d-----w- c:\program files\Opera2
2010-03-17 04:56 . 2010-03-17 04:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-17 02:23 . 2010-03-17 02:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-27 04:15 . 2010-03-15 19:38 -------- d-----w- c:\program files\Mobsters Healer
2010-02-26 06:04 . 2010-02-26 06:04 -------- d-----w- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Identities
2010-02-24 21:32 . 2010-03-08 19:07 -------- d-----w- c:\program files\Myspace Picture Downloader
2010-02-24 00:04 . 2010-02-24 00:26 -------- d-----w- c:\program files\Ultimate Adder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 07:26 . 2010-01-05 07:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-17 04:55 . 2010-02-12 23:49 -------- d-----w- c:\program files\Opera
2010-03-16 06:33 . 2009-11-28 03:19 -------- d-----w- c:\program files\Zoom Player
2010-03-15 02:42 . 2009-11-28 03:16 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\BitTorrent
2010-03-08 06:24 . 2010-01-25 16:46 -------- d-----w- c:\program files\Active Mobster
2010-03-08 00:29 . 2010-01-25 17:26 -------- d-----w- c:\program files\Mobster Utility
2010-02-15 05:24 . 2010-02-13 18:35 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\TeamViewer
2010-02-14 02:30 . 2010-02-14 02:24 -------- d-----w- c:\program files\Mobster Commander Utility
2010-02-13 18:34 . 2010-02-13 18:34 -------- d-----w- c:\program files\TeamViewer
2010-02-13 18:19 . 2010-02-13 18:12 -------- d-----w- c:\program files\Mobsters Hitlist Utility
2010-02-12 23:29 . 2010-02-12 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-02-12 23:29 . 2010-02-12 23:29 -------- d-----w- c:\program files\Comcast
2010-02-12 23:25 . 2010-02-06 01:33 -------- d-----w- c:\program files\support.com
2010-02-11 21:04 . 2009-08-11 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-10 01:54 . 2010-02-10 01:54 2998 ----a-r- c:\documents and settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_294823.exe
2010-02-10 01:54 . 2010-02-10 01:54 2998 ----a-r- c:\documents and settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_18be6784.exe
2010-02-10 01:54 . 2010-02-10 01:54 -------- d-----w- c:\program files\Andromedasoft
2010-02-10 01:09 . 2010-02-10 01:09 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 01:33 . 2010-02-06 01:33 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-02-06 00:27 . 2009-08-11 19:52 -------- d-----w- c:\program files\Norton Internet Security
2010-02-06 00:18 . 2010-02-06 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-05 23:21 . 2010-02-05 23:21 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\Malwarebytes
2010-02-05 23:21 . 2010-02-05 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 23:21 . 2010-02-05 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-05 22:50 . 2010-02-05 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-04 14:54 . 2009-11-28 00:51 -------- d-----w- c:\program files\Yahoo!
2010-02-03 21:28 . 2009-11-28 12:28 60224 -c--a-w- c:\documents and settings\Sean Vanner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-03 21:15 . 2009-08-11 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-29 18:59 . 2010-01-26 16:07 -------- d-----w- c:\program files\Jasc Software Inc
2010-01-27 13:35 . 2010-01-27 13:35 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\Apple Computer
2010-01-27 13:13 . 2010-01-27 13:13 -------- d-----w- c:\program files\QuickTime
2010-01-27 13:13 . 2010-01-27 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-27 13:13 . 2010-01-27 13:13 -------- d-----w- c:\program files\Common Files\Apple
2010-01-27 13:12 . 2010-01-27 13:12 -------- d-----w- c:\program files\Apple Software Update
2010-01-27 13:12 . 2010-01-27 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-27 05:00 . 2010-01-27 05:00 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 05:00 . 2010-01-27 05:00 503808 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b5f9ba3-n\msvcp71.dll
2010-01-27 05:00 . 2010-01-27 05:00 499712 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b5f9ba3-n\jmc.dll
2010-01-27 05:00 . 2010-01-27 05:00 348160 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b5f9ba3-n\msvcr71.dll
2010-01-27 05:00 . 2010-01-27 05:00 61440 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1495a4fd-n\decora-sse.dll
2010-01-27 05:00 . 2010-01-27 05:00 12800 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1495a4fd-n\decora-d3d.dll
2010-01-27 05:00 . 2010-01-05 07:46 -------- d-----w- c:\program files\Java
2010-01-26 22:56 . 2010-01-26 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-26 22:53 . 2009-08-11 19:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-26 22:52 . 2010-01-26 22:52 -------- d-----w- c:\program files\Bonjour
2010-01-26 22:45 . 2010-01-26 22:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-26 22:31 . 2010-01-26 22:31 -------- d-----w- c:\program files\MagicISO
2010-01-26 16:08 . 2010-01-26 16:08 -------- d-----w- c:\documents and settings\Sean Vanner\Application Data\Jasc
2010-01-23 08:34 . 2010-01-23 08:34 -------- d-----w- c:\program files\Ulead Systems
2010-01-23 08:34 . 2009-08-11 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-20 05:04 . 2009-11-30 20:33 -------- d-----w- c:\program files\iCall
2010-01-10 19:08 . 2010-01-10 19:08 1701702 ----a-w- c:\windows\system32\Adriana Lima 1.scr
2010-01-07 21:07 . 2010-02-05 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-02-05 23:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 07:46 . 2010-01-05 07:46 152576 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-05 07:45 . 2010-01-05 07:45 79488 ----a-w- c:\documents and settings\Sean Vanner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-19_02.07.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-11-28 12:25 . 2010-03-19 02:06 49152 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-28 12:25 . 2010-03-19 16:51 49152 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-19 16:51 . 2010-03-19 16:51 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat
+ 2009-11-28 12:25 . 2010-03-19 16:51 16384 c:\windows\Temp\History\History.IE5\index.dat
- 2009-11-28 12:25 . 2010-03-19 02:06 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-11-28 12:25 . 2010-03-19 16:51 16384 c:\windows\Temp\Cookies\index.dat
- 2009-11-28 12:25 . 2010-03-19 02:06 16384 c:\windows\Temp\Cookies\index.dat
- 2009-11-28 00:45 . 2010-02-25 02:55 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-11-28 00:45 . 2010-03-19 07:18 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-03-19 07:26 . 2010-03-19 07:26 153376 c:\windows\system32\javaws.exe
- 2010-01-27 05:00 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
+ 2010-03-19 07:26 . 2010-03-19 07:26 145184 c:\windows\system32\javaw.exe
- 2010-01-27 05:00 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
- 2010-01-27 05:00 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2010-03-19 07:26 . 2010-03-19 07:26 145184 c:\windows\system32\java.exe
+ 2010-03-19 05:34 . 2010-03-19 05:34 219648 c:\windows\Installer\a9ea5.msi
+ 2010-03-19 07:26 . 2010-03-19 07:26 576000 c:\windows\Installer\61c364.msi
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-09 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2009-06-09 14:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-09 21:28 135664 ----atw- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 00:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Sean Vanner\\My Documents\\My Office\\Age of Empires 2\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\empires2A.EXE"=
"c:\\Documents and Settings\\Sean Vanner\\My Documents\\My Office\\Age of Empires 2\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\age2_x1.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera2\\opera.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/19/2010 1:34 AM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/19/2010 1:34 AM 19024]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2/11/2010 7:42 AM 172328]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 9:59 PM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 1:47 AM 39040]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2009 8:28 PM 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 3:00 PM 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 8:24 AM 1015424]
.
Contents of the 'Scheduled Tasks' folder

2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006Core.job
- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-09 21:28]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006UA.job
- c:\documents and settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-09 21:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 12:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\Stardock\MyColors\fastload.dll
.
Completion time: 2010-03-19 13:02:18
ComboFix-quarantined-files.txt 2010-03-19 17:02
ComboFix2.txt 2010-03-19 02:10

Pre-Run: 118,857,834,496 bytes free
Post-Run: 119,105,585,152 bytes free

- - End Of File - - 51D78D34EA3BF939276DF017C133D98F

-------------------------------------------

Help Assist Log:

C:\Documents and Settings\Sean Vanner\Desktop\HAMeb_check.exe
Fri 03/19/2010 at 13:17:00.59

Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators

~~ Checking profile list ~~

S-1-5-21-2422217147-1366146706-4244603680-1005
%SystemDrive%\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST.000

~~ Checking for HelpAssistant directories ~~

HelpAssistant
HelpAssistant.YOUR-LIE0J2FGST
HelpAssistant.YOUR-LIE0J2FGST.000

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"3871:TCP"=3871:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

--------------------------------------




OTL Logs: (OTL, then Extras)

OTL logfile created on: 3/19/2010 1:20:20 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 608.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 110.95 Gb Free Space | 76.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/19 13:19:15 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
PRC - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/01 20:42:48 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera2\opera.exe
PRC - [2010/02/11 08:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 13:19:15 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/26 18:45:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/06 21:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/09 06:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 06:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 06:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/14 20:28:21 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/10 21:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/05 17:08:52 | 000,009,216 | R--- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AmUStor.dll -- (AmUStor)
DRV - [2009/04/27 07:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/09 09:14:28 | 000,208,816 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/04/08 16:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/19 04:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/12/19 11:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 21:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/19 03:26:29 | 000,000,000 | ---D | M]

[2010/02/09 21:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Extensions
[2010/02/09 23:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/09 23:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\autofillForms@blueimp.net
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\smarterwiki@wikiatic.com
[2010/03/19 03:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/18 22:06:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\MyColors\fastload.dll - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/11 09:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/11 09:15:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: XboxStat - hkey= - key= - c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 13:19:15 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/19 03:26:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/19 03:26:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/19 03:26:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/19 03:26:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/19 03:08:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sean Vanner\Recent
[2010/03/19 03:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/19 01:34:38 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/19 01:34:38 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/19 01:34:38 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/19 01:34:38 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/19 01:34:37 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/19 01:34:37 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/19 01:34:37 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/19 01:34:25 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/19 01:34:25 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/19 01:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/19 01:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/19 01:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/19 01:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/19 01:20:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/19 01:20:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/18 23:16:36 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/03/18 23:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/18 23:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/18 21:57:53 | 000,000,000 | ---D | C] -- C:\thcbytes7393t
[2010/03/18 21:54:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/18 21:53:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/18 21:53:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/18 21:53:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/18 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/18 21:52:15 | 000,000,000 | ---D | C] -- C:\thcbytes
[2010/03/18 21:51:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/18 21:30:21 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/03/18 21:30:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/03/17 01:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/17 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Opera2
[2010/03/17 00:55:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/27 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\My Documents\Adobe
[2010/02/27 00:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mobsters Healer
[2010/02/26 02:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Identities
[2010/02/24 17:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Myspace Picture Downloader
[2010/02/23 20:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Adder
[2010/02/05 09:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/12 03:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 03:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/19 13:19:15 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/19 13:16:45 | 000,485,704 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\HAMeb_check.exe
[2010/03/19 13:02:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/19 12:59:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/19 12:51:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 12:50:41 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\NTUSER.DAT
[2010/03/19 12:49:30 | 005,010,540 | -H-- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\IconCache.db
[2010/03/19 12:44:06 | 003,894,804 | R--- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\thcbytes.exe
[2010/03/19 12:43:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006UA.job
[2010/03/19 03:43:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006Core.job
[2010/03/19 03:26:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/19 03:26:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/19 03:26:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/19 03:26:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/19 03:26:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/19 01:34:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/18 22:06:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/18 21:54:43 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/16 00:09:58 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 21:30:40 | 000,000,506 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/14 12:31:41 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 12:31:41 | 000,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:31:41 | 000,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 01:08:58 | 000,044,444 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\l_99a47adc6e2ea475feb131e162fd8747.jpg
[2010/03/12 19:15:09 | 000,012,090 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Bio Crop.jpg
[2010/03/12 19:14:11 | 000,023,499 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\webcam1.jpg
[2010/03/12 19:11:34 | 000,003,913 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\private doggie.jpg
[2010/03/12 19:10:35 | 000,003,612 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Private layback.jpg
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 09:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/09 06:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 06:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 06:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 06:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 06:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 06:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 14:50:41 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 14:50:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/04 20:33:24 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Kellys Bellies.jpg
[2010/03/04 19:31:40 | 000,047,807 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\untitled.JPG
[2010/03/04 19:21:10 | 000,467,573 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\ohhhhhh.gif
[2010/03/04 19:21:02 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\smilllee.bmp
[2010/03/04 19:10:43 | 000,003,888 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Billy the zombie 01.jpg
[2010/03/04 18:40:37 | 005,971,616 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Dark_Stone_Texture_Stock_4_by_Sed_rah_Stock.jpg
[2010/03/04 13:35:28 | 000,322,703 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0240.jpg
[2010/03/04 13:35:10 | 000,317,736 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0242.jpg
[2010/03/04 13:23:42 | 000,220,267 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\MVC-005F.JPG
[2010/03/04 01:23:21 | 000,002,925 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 7.jpg
[2010/03/04 01:22:47 | 000,003,210 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 6.jpg
[2010/03/02 16:49:17 | 000,205,429 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\JUST WAKING UP.jpg
[2010/03/01 23:01:36 | 000,062,068 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\malcom1.jpg
[2010/03/01 21:34:09 | 000,068,289 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\19050_647019151695_42415969_37009562_5883986_n.jpg
[2010/03/01 18:47:00 | 000,110,994 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\skill points.JPG
[2010/02/27 14:50:18 | 000,061,021 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\sal04.jpg
[2010/02/27 14:47:47 | 000,015,689 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2010/02/27 14:35:10 | 000,006,151 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Yuck.JPG
[2010/02/27 00:37:57 | 000,016,932 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\awesome..jpg
[2010/02/26 22:25:00 | 000,044,826 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\beer bong whore.jpg
[2010/02/25 00:18:11 | 000,006,134 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\kutnt.JPG
[2010/02/23 12:19:59 | 000,092,622 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Arrows.JPG
[2010/02/22 18:06:31 | 000,376,246 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\porno.gif
[2010/02/22 02:06:58 | 000,064,457 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\no line..jpg
[2010/02/22 02:03:35 | 000,087,323 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\line.JPG
[2010/02/21 22:13:48 | 008,984,600 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\03 Pendulum - Plasticworld Feat. Fats & TC.mp3
[2010/02/21 15:34:32 | 002,162,834 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\071_71.JPG
[2010/02/21 15:34:09 | 001,503,697 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\078_78.JPG
[2010/02/21 15:31:04 | 000,291,567 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me & Destry @ Homecoming 06.jpg
[2010/02/21 15:27:56 | 000,041,720 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\CAENO5QZ.jpg
[2010/02/17 20:20:04 | 000,013,664 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\sextant.JPG
[2010/02/17 14:59:30 | 000,135,773 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00011.jpg
[2010/02/17 14:59:28 | 000,144,484 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00010.jpg
[2010/02/17 14:59:21 | 000,069,982 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\My Documents\me.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/19 13:16:45 | 000,485,704 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\HAMeb_check.exe
[2010/03/19 12:44:05 | 003,894,804 | R--- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\thcbytes.exe
[2010/03/18 21:54:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/18 21:54:39 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/18 21:53:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/18 21:53:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/18 21:53:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/18 21:30:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/18 21:30:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/03/13 01:08:58 | 000,044,444 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\l_99a47adc6e2ea475feb131e162fd8747.jpg
[2010/03/12 19:15:09 | 000,012,090 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Bio Crop.jpg
[2010/03/12 19:14:10 | 000,023,499 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\webcam1.jpg
[2010/03/12 19:11:34 | 000,003,913 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\private doggie.jpg
[2010/03/12 19:10:34 | 000,003,612 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Private layback.jpg
[2010/03/04 20:33:22 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Kellys Bellies.jpg
[2010/03/04 19:20:47 | 000,467,573 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\ohhhhhh.gif
[2010/03/04 19:19:19 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\smilllee.bmp
[2010/03/04 19:10:43 | 000,003,888 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Billy the zombie 01.jpg
[2010/03/04 18:40:36 | 005,971,616 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Dark_Stone_Texture_Stock_4_by_Sed_rah_Stock.jpg
[2010/03/04 18:35:07 | 000,047,807 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\untitled.JPG
[2010/03/04 13:35:28 | 000,322,703 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0240.jpg
[2010/03/04 13:35:10 | 000,317,736 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\100_0242.jpg
[2010/03/04 13:23:42 | 000,220,267 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\MVC-005F.JPG
[2010/03/04 01:22:51 | 000,002,925 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 7.jpg
[2010/03/04 01:22:44 | 000,003,210 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me 6.jpg
[2010/03/02 16:49:10 | 000,205,429 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\JUST WAKING UP.jpg
[2010/03/01 23:01:34 | 000,062,068 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\malcom1.jpg
[2010/03/01 21:34:06 | 000,068,289 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\19050_647019151695_42415969_37009562_5883986_n.jpg
[2010/03/01 18:47:00 | 000,110,994 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\skill points.JPG
[2010/02/27 14:51:39 | 000,061,021 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\sal04.jpg
[2010/02/27 14:35:10 | 000,006,151 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Yuck.JPG
[2010/02/27 00:37:55 | 000,016,932 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\awesome..jpg
[2010/02/26 22:24:57 | 000,044,826 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\beer bong whore.jpg
[2010/02/25 11:40:54 | 000,524,288 | ---- | C] () -- C:\1005HA.ROM
[2010/02/25 00:18:11 | 000,006,134 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\kutnt.JPG
[2010/02/25 00:12:34 | 000,015,689 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2010/02/23 12:19:58 | 000,092,622 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Arrows.JPG
[2010/02/22 18:06:31 | 000,376,246 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\porno.gif
[2010/02/22 02:06:56 | 000,064,457 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\no line..jpg
[2010/02/22 02:03:35 | 000,087,323 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\line.JPG
[2010/02/21 22:13:01 | 008,984,600 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\03 Pendulum - Plasticworld Feat. Fats & TC.mp3
[2010/02/21 15:33:36 | 002,162,834 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\071_71.JPG
[2010/02/21 15:33:28 | 001,503,697 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\078_78.JPG
[2010/02/21 15:30:57 | 000,291,567 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\Me & Destry @ Homecoming 06.jpg
[2010/02/21 15:27:53 | 000,041,720 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\CAENO5QZ.jpg
[2010/02/17 20:20:04 | 000,013,664 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\sextant.JPG
[2010/02/17 14:59:28 | 000,135,773 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00011.jpg
[2010/02/17 14:59:25 | 000,144,484 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\p_00010.jpg
[2010/02/17 14:59:19 | 000,069,982 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\My Documents\me.jpg
[2010/01/23 04:34:26 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/01/10 23:55:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\spukobot.ini
[2009/11/27 21:28:11 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/27 21:08:12 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 04:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 03:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 03:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 03:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 15:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 15:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 14:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 09:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/06/09 10:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[1999/05/21 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[1997/11/17 19:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2010/03/16 23:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2010/03/19 01:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/19 01:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/14 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/20 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/02/12 19:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/14 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\BitTorrent
[2009/12/14 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\DAEMON Tools Lite
[2010/01/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Jasc
[2010/03/17 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Opera
[2010/02/15 01:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\TeamViewer
[2009/12/14 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Ubisoft

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/08/11 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/03/19 01:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/27 09:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/01/27 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/11 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010/03/19 01:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/14 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/26 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/02/05 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/08 16:09:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/03 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/05 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/05 18:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/08/20 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/08/11 15:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/01/27 01:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/12 19:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/30 18:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/27 20:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/08/06 16:31:14 | 000,528,384 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe
[2009/11/10 15:39:00 | 000,607,472 | R--- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2010/02/27 23:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Adobe
[2010/01/27 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Apple Computer
[2010/03/14 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\BitTorrent
[2009/12/14 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\DAEMON Tools Lite
[2010/02/08 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Help
[2009/08/11 09:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Identities
[2009/08/20 08:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\InstallShield
[2010/01/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Jasc
[2009/11/27 20:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Macromedia
[2010/02/05 19:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Malwarebytes
[2010/03/19 01:20:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft
[2010/02/09 21:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla
[2010/03/17 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Opera
[2010/01/05 03:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Sun
[2010/02/15 01:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\TeamViewer
[2009/12/14 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Ubisoft
[2010/01/21 10:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\WinRAR
[2009/11/27 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2010/02/09 21:54:19 | 000,002,998 | R--- | M] () -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_18be6784.exe
[2010/02/09 21:54:19 | 000,002,998 | R--- | M] () -- C:\Documents and Settings\Sean Vanner\Application Data\Microsoft\Installer\{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}\_294823.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys
[2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: TERMSRV.DLL >
[2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\dllcache\termsrv.dll
[2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: TERMSRV32.DLL >
[2009/08/11 09:13:15 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=56F4867BAE6FD78E5365A3A7AFA59C82 -- C:\HelpAsst_backup\termsrv32.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/11 02:09:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/11 02:09:15 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/11 02:09:15 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 08:00:00 | 000,068,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\MSCTFP.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

-------------------------------------

OTL Extras logfile created on: 3/19/2010 1:20:21 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 608.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 110.95 Gb Free Space | 76.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera2\opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3871:TCP" = 3871:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Opera2\opera.exe" = C:\Program Files\Opera2\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}" = Opera 10.50
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}" = Emails generator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Active Mobster_is1" = Active Mobster 1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adriana Lima Screensaver" = Adriana Lima Screensaver
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Eee Docking_is1" = Eee Docking 1.3.6.0
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Kickassscreensavers.com" = Kickassscreensavers.com - Start Menu Shortcut
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobster Commander Utility_is1" = Mobster Commander Utility 1.0.1
"Mobster Utility_is1" = Mobster Utility 2.4.0
"Mobsters Healer_is1" = Mobsters Healer 1.0.0
"Mobsters Hitlist Utility_is1" = Mobsters Hitlist Utility 1.0.5
"Mobsters Superbot_is1" = Mobsters Superbot
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myspace Picture Downloader_is1" = Myspace Picture Downloader 1.0.2
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"RealMedia" = RealMedia (remove only)
"ScriptMaker_is1" = ScriptMaker 2.0.10
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Ultimate Adder_is1" = Ultimate Adder 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 3/19/2010 12:59:11 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 12:59:41 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/19/2010 12:59:41 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 1:00:11 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/19/2010 1:00:15 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 1:00:41 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/19/2010 1:00:42 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 1:01:11 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/19/2010 1:01:12 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 1:01:41 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.


< End of report >


----------------------------------------


I'm not sure if what I tried before coming to you affected my computer, but here's what I do know:
After deleting a couple of infected files, my browser (Opera, and I tried Chrome and Firefox just to make sure it was my computer and not just the particular browser) quit initiating javascripts(?). It's not the most important thing in the world to me, but for an example, I've provided a screenshot on an app I play on Myspace that won't load since the malware infected my computer. Like I said, it's not the app that I care about; I just don't want to run across the problem later for something I might actually need, if the malware took an important file with it upon deletion.
I'm sure I'm not being detailed enough for you, but I'm trying, I promise. =D
(I work all around the country. My laptop is the only thing I really have to pass the time when I'm not working. And I leave tomorrow at 9a.m. eastern for Illinois, from Virginia. LoL)

If this is related in any way, I'd appreciate that info.. common sense would strongly imply it to be so.
=D BUT MY COMPUTER ISN'T FREEZING ANYMORE! WOOOOOO!

And because of your suggestion, I'm booting bit torrent from my computer. Screw that.
Many thanks!

EDIT: I just realized that my trackpad won't cut off now. (Asus Eee mini laptop) There's a button on the top-left I can push...
Wow. in fact, none of my function controls (sound, monitor dimmer / brightener, etc) are responding. 0_o
I sure would like to openly speak my mind on this post, but you never know if little kids are watching.

Attached Files


Edited by Sean Vanner, 19 March 2010 - 01:25 PM.


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 19 March 2010 - 04:17 PM

Ok. Still infected. You have a remote service running called HelpAssistant. We need to disable the service and nuke the directory. The 1st try failed. Let's give it another go. In regards to all the other problems....yes they are likely secondary to the malware. Do you have your install disc? We might need a few files from it to replace damaged one's with.

Please re-run HelpAsst_mebroot_fix.exe by noahdfear and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • Please pay attention as this tool runs.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer. Type "Y" and then press "Enter".



  • Upon restarting, please wait about 5 minutes, click Start>Run then copy and paste the following bolded command in the run box then hit Enter.

helpasst -mbrt
  • When it completes, a log will open.
  • Please post the contents of that log.


Note: Only proceed to the next step if the tool did not detect an mbr infection!!!!!!!


==========

Only in the event the tool does not detect an mbr infection and completes then please do this......

  • Click Start>Run and copy and paste the following bolded command
  • Then hit Enter

mbr -f
  • Now, please do the Start>Run>mbr -f command a second time.
  • Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
  • Give it about 5 minutes, then click Start>Run and copy and paste the following bolded command, then hit Enter.

helpasst -mbrt
  • When it completes, a log will open.
  • Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

With your next post please provide:

* HelpAssistant logs
* MBAM log
* ESET log
* Do you have your install disc?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 19 March 2010 - 11:21 PM

Dude, that last scan took like, four hours. O_O
You should add to the instructions, "..grab a Snickers™ for this one. =D"
Bahahaha.

Just a note: I've replaced some of the drivers that went missing, because they were affecting computer functionality. This was done before the scans logged below.

All righty.. here are the logs you requested. They'll be attached as well, of course.
...wait. 0_o I saved the Extras log earlier. I can't seem to locate it now. Maybe something ate it? I honestly have no idea where it went. I can scan again, but you still need the logs I do have, so here ya go:

-----------------------------

Help Assistant:

C:\Documents and Settings\Sean Vanner\Desktop\HelpAsst_mebroot_fix.exe
Fri 03/19/2010 at 18:58:33.48

HelpAssistant account was found to be Inactive


~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list


HelpAssistant profile not found in registry

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Fri 03/19/2010 at 19:04:24.00

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spdn.sys >>UNKNOWN [0x86588938]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

HelpAssistant
HelpAssistant.YOUR-LIE0J2FGST
HelpAssistant.YOUR-LIE0J2FGST.000

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


------------------------------------

Extras Log: (0_o Seriously, it was on my desktop earlier.)

------------------------------------

MBAM Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/19/2010 7:21:53 PM
mbam-log-2010-03-19 (19-21-53).txt

Scan type: Quick Scan
Objects scanned: 158532
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J7JYE2P\eHff139cc8V01000f98001R7dcd8d68102Tb4b3a950O00000765Q000002fd801901F002d000aJ00000000l000930dP000101080[1] (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST\Local Settings\Temp\uOrG.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J7JYE2P\eHff139cc8V01000f98001R7dcd8d68102Tb4b3a950O00000765Q000002fd801901F002d000aJ00000000l000930dP000101080[1] (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST.000\Local Settings\Temp\uOrG.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST.000\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J7JYE2P\eHff139cc8V01000f98001R7dcd8d68102Tb4b3a950O00000765Q000002fd801901F002d000aJ00000000l000930dP000101080[1] (Spyware.Agent) -> Quarantined and deleted successfully.


------------------------------------------

ESET log:

C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP49\A0034600.dll Win32/TrojanDownloader.Mebload.Z trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP49\A0035603.dll Win32/TrojanDownloader.Mebload.Z trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP50\A0036311.dll Win32/TrojanDownloader.Mebload.Z trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP51\A0038675.dll Win32/TrojanDownloader.Mebload.Z trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP51\A0039621.dll Win32/TrojanDownloader.Mebload.Z trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP52\A0042571.dll Win32/TrojanDownloader.Mebload.Z trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP52\A0043627.dll Win32/TrojanDownloader.Mebload.Z trojan cleaned by deleting - quarantined

----------------------------------------


One question I do have for you, though; you pointed out in your last reply that Help Assistant was malware.
And then you told me to run Help Assist. LoL. Am I missing something?
Don't worry, I still trust ya. =D
Lemme make a last-ditch effort to find that Extras file.

...yeah, the copy I found is from three days ago. >.< Hope this isn't hindering you.
Thanks for any help you can still provide without that excerpt from Help Assist.
OH! And lastly: I'm using an Asus Eee PC (mini laptop) 1005HAB: It doesn't come with a disk drive. Any drivers / codecs needing replacement will have to be done through the internet. I can handle that if I know what they are. =D

"Eventually, I'll be a pain in your rectum. I'm just trying to delay the inevitable." -Me. thumbup2.gif

Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 20 March 2010 - 01:18 PM

Alright. Good.

Hold off on downloading codecs and files for now please.

QUOTE
Dude, that last scan took like, four hours. O_O

Sorry. whistling.gif

==========

QUOTE
..wait. 0_o I saved the Extras log earlier. I can't seem to locate it now.
You already posted that log.

==========

QUOTE
One question I do have for you, though; you pointed out in your last reply that Help Assistant was malware.
And then you told me to run Help Assist. LoL. Am I missing something?

The name of the fix is "HelpAssistant". It targets the infection that uses the HelpAssistant remote service account that is supposed to be on your computer. The fix removes the infection and turns off the remote service.

==========

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Files
    C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST
    C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST.000

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

Re-run MBAM and post a log.

==========

Re-run http://noahdfear.net/downloads/HAMeb_check.exe and post the log

==========

With your next post please provide:

* OTL fix log
* MBAM log
* HA log
* What problems remain?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 20 March 2010 - 03:16 PM

Looks like the scanners are running out of things to delete. =D

----------------------------------------

OTL Log:


OTL logfile created on: 3/20/2010 2:47:54 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 108.82 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/20 14:39:26 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
PRC - [2010/03/14 13:57:58 | 000,798,688 | ---- | M] () -- C:\Program Files\Driver Fetch\2.2.0.4\DriverFetch.exe
PRC - [2010/03/09 06:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/11 08:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/27 17:53:56 | 000,735,208 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/04/16 22:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/04/16 21:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/03/25 13:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009/03/13 19:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/28 12:02:00 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/20 14:39:26 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 15:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/26 18:45:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/06 21:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - [2010/03/09 06:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 06:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 06:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/14 20:28:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/18 17:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/27 15:09:50 | 000,044,032 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/07/10 21:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/05 17:08:52 | 000,009,216 | R--- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AmUStor.dll -- (AmUStor)
DRV - [2009/04/08 16:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/07 00:58:44 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/28 12:02:00 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/11/19 04:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/09/12 01:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2002/04/15 09:50:00 | 000,068,816 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/04/15 09:50:00 | 000,052,224 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2002/04/15 09:50:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 21:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/19 03:26:29 | 000,000,000 | ---D | M]

[2010/02/09 21:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Extensions
[2010/03/19 19:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/09 23:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\autofillForms@blueimp.net
[2010/02/09 21:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Vanner\Application Data\Mozilla\Firefox\Profiles\tzqiibcw.default\extensions\smarterwiki@wikiatic.com
[2010/03/19 19:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/18 22:06:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Driver Fetch] C:\Program Files\Driver Fetch\2.3.0.2\DriverFetch.exe ()
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\MyColors\fastload.dll - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/11 09:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 14:39:26 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/19 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/19 17:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/19 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/19 17:17:08 | 000,208,304 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/03/19 17:17:08 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/03/19 17:17:08 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCOM.dll
[2010/03/19 17:17:08 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/03/19 17:17:08 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010/03/19 17:17:07 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010/03/19 16:42:28 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/03/19 16:34:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/19 16:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\Desktop\VGA
[2010/03/19 16:29:05 | 000,000,000 | ---D | C] -- C:\Ibmtools
[2010/03/19 16:28:28 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2010/03/19 16:28:00 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMNCTR.DLL
[2010/03/19 16:28:00 | 000,017,408 | ---- | C] (Logitech Inc. ) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2010/03/19 16:28:00 | 000,016,384 | ---- | C] (Logitech Inc. ) -- C:\WINDOWS\System32\LOGILANG.DLL
[2010/03/19 16:28:00 | 000,003,792 | ---- | C] (Logitech Inc. ) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2010/03/19 16:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/03/19 16:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\MouseWare
[2010/03/19 16:27:58 | 000,152,064 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lmoufrc.dll
[2010/03/19 16:27:58 | 000,068,816 | ---- | C] (Logitech) -- C:\WINDOWS\System32\drivers\LMouFlt2.sys
[2010/03/19 16:27:58 | 000,052,224 | ---- | C] (Logitech) -- C:\WINDOWS\System32\drivers\L8042Pr2.sys
[2010/03/19 16:27:58 | 000,040,750 | ---- | C] (Logitech) -- C:\WINDOWS\System32\drivers\LHIDUSB.SYS
[2010/03/19 16:27:58 | 000,023,328 | ---- | C] (Logitech) -- C:\WINDOWS\System32\drivers\LHIDFLT2.SYS
[2010/03/19 16:27:58 | 000,019,182 | ---- | C] (Logitech) -- C:\WINDOWS\System32\LCoInst.dll
[2010/03/19 16:27:58 | 000,013,054 | ---- | C] (Logitech) -- C:\WINDOWS\System32\drivers\LCCFLTR.SYS
[2010/03/19 16:27:58 | 000,005,840 | ---- | C] (Logitech) -- C:\WINDOWS\System32\drivers\LKbdFlt2.sys
[2010/03/19 16:27:47 | 000,000,000 | ---D | C] -- C:\Compaq
[2010/03/19 16:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\Application Data\WinBatch
[2010/03/19 14:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\Application Data\Blitware
[2010/03/19 14:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Fetch
[2010/03/19 03:26:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/19 03:26:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/19 03:26:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/19 03:26:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/19 03:08:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sean Vanner\Recent
[2010/03/19 03:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/19 01:34:38 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/19 01:34:38 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/19 01:34:38 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/19 01:34:38 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/19 01:34:37 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/19 01:34:37 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/19 01:34:37 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/19 01:34:25 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/19 01:34:25 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/19 01:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/19 01:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/19 01:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/19 01:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/19 01:20:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/19 01:20:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/18 23:16:36 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/03/18 23:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/18 23:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/18 21:57:53 | 000,000,000 | ---D | C] -- C:\thcbytes7393t
[2010/03/18 21:54:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/18 21:53:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/18 21:53:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/18 21:53:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/18 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/18 21:52:15 | 000,000,000 | ---D | C] -- C:\thcbytes
[2010/03/18 21:51:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/18 21:30:21 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/03/18 21:30:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/03/17 01:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/17 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Opera2
[2010/03/17 00:55:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/27 00:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mobsters Healer
[2010/02/26 02:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\Identities
[2010/02/24 17:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Myspace Picture Downloader
[2010/02/23 20:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Adder
[2010/02/05 09:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/12 03:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 03:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 14:43:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006UA.job
[2010/03/20 14:41:31 | 000,485,704 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\HAMeb_check.exe
[2010/03/20 14:39:26 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Vanner\Desktop\OTL.exe
[2010/03/20 03:43:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422217147-1366146706-4244603680-1006Core.job
[2010/03/19 21:25:31 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Fetch.lnk
[2010/03/19 19:29:38 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/19 19:29:38 | 000,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/19 19:29:38 | 000,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/19 19:27:23 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\esetsmartinstaller_enu.exe
[2010/03/19 19:24:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/19 19:24:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 19:23:58 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\NTUSER.DAT
[2010/03/19 19:22:45 | 006,434,564 | -H-- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\IconCache.db
[2010/03/19 18:55:31 | 000,000,002 | ---- | M] () -- C:\dummy.dummy
[2010/03/19 17:34:34 | 000,488,240 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/19 17:17:01 | 000,001,746 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2010/03/19 16:56:30 | 000,000,443 | ---- | M] () -- C:\WINDOWS\Cmousecc.ini
[2010/03/19 14:51:46 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/03/19 12:59:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/19 03:26:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/19 03:26:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/19 03:26:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/19 03:26:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/19 03:26:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/19 01:34:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/18 22:06:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/18 21:54:43 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/16 00:09:58 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 21:30:40 | 000,000,506 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 09:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/09 06:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 06:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 06:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 06:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 06:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 06:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 14:50:41 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 14:50:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/02/27 14:47:47 | 000,015,689 | ---- | M] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/20 14:41:31 | 000,485,704 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\HAMeb_check.exe
[2010/03/19 20:25:28 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Fetch.lnk
[2010/03/19 19:27:05 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\esetsmartinstaller_enu.exe
[2010/03/19 18:55:31 | 000,000,002 | ---- | C] () -- C:\dummy.dummy
[2010/03/19 17:34:34 | 000,488,240 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/19 17:17:01 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/03/19 16:37:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/03/19 16:28:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/03/19 16:28:00 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/03/19 14:51:45 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/03/18 21:54:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/18 21:54:39 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/18 21:53:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/18 21:53:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/18 21:53:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/18 21:30:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/18 21:30:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/02/25 11:40:54 | 000,524,288 | ---- | C] () -- C:\1005HA.ROM
[2010/02/25 00:12:34 | 000,015,689 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\captcha.jpg
[2010/01/23 04:34:26 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/01/10 23:55:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\spukobot.ini
[2009/12/14 20:28:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/27 21:28:11 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/27 21:08:12 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Sean Vanner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 04:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 03:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 03:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 03:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 15:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 15:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 14:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 09:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/06/09 10:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[1999/05/21 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[1997/11/17 19:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Custom Scans ==========


< :Files >

< C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST >

< C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST.000 >

< >

< :Commands >

< [resethosts] >

< [emptytemp] >

< [Reboot] >
< End of report >

----------------------------------------

Extras (bahaha) Log:

OTL Extras logfile created on: 3/20/2010 2:40:53 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Sean Vanner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 438.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 108.82 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LIE0J2FGST
Current User Name: Sean Vanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera2\opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\empires2A.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe" = C:\Documents and Settings\Sean Vanner\My Documents\My Office\Age of Empires 2\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Opera2\opera.exe" = C:\Program Files\Opera2\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}" = Opera 10.50
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.60
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735BFEEC-D330-496A-85B2-DF1B56BF2BB0}_is1" = Driver Fetch
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C92AEC6B-FC1C-498D-9ADA-CFD791B10CAA}" = Emails generator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Active Mobster_is1" = Active Mobster 1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adriana Lima Screensaver" = Adriana Lima Screensaver
"All ATI Software" = ATI - Software Uninstall Utility
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Eee Docking_is1" = Eee Docking 1.3.6.0
"ESET Online Scanner" = ESET Online Scanner v3
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Kickassscreensavers.com" = Kickassscreensavers.com - Start Menu Shortcut
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobster Commander Utility_is1" = Mobster Commander Utility 1.0.1
"Mobster Utility_is1" = Mobster Utility 2.4.0
"Mobsters Healer_is1" = Mobsters Healer 1.0.0
"Mobsters Hitlist Utility_is1" = Mobsters Hitlist Utility 1.0.5
"Mobsters Superbot_is1" = Mobsters Superbot
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myspace Picture Downloader_is1" = Myspace Picture Downloader 1.0.2
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"RealMedia" = RealMedia (remove only)
"ScriptMaker_is1" = ScriptMaker 2.0.10
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Ultimate Adder_is1" = Ultimate Adder 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2422217147-1366146706-4244603680-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 2/9/2010 5:00:18 PM | Computer Name = YOUR-LIE0J2FGST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/11/2010 8:33:05 PM | Computer Name = YOUR-LIE0J2FGST | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 1:33:05 AM | Computer Name = YOUR-LIE0J2FGST | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 5:38:05 PM | Computer Name = YOUR-LIE0J2FGST | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 6:41:29 PM | Computer Name = YOUR-LIE0J2FGST | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/19/2010 7:27:29 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 7:27:59 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/19/2010 7:27:59 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 7:28:29 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/19/2010 7:28:29 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 7:28:59 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/19/2010 7:28:59 PM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/19/2010 7:29:29 PM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/20/2010 3:43:00 AM | Computer Name = YOUR-LIE0J2FGST | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 3/20/2010 3:43:30 AM | Computer Name = YOUR-LIE0J2FGST | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.


< End of report >

-------------------------------------------

MBAM Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/20/2010 3:58:29 PM
mbam-log-2010-03-20 (15-58-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 286581
Time elapsed: 1 hour(s), 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------------------------------

Help Assist Log:

C:\Documents and Settings\Sean Vanner\Desktop\HAMeb_check.exe
Sat 03/20/2010 at 16:00:20.28

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

HelpAssistant
HelpAssistant.YOUR-LIE0J2FGST
HelpAssistant.YOUR-LIE0J2FGST.000

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spon.sys >>UNKNOWN [0x86588938]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


----------------------------------------------

I appreciate you stickin' it out with me.

QUOTE
I'm not sure if what I tried before coming to you affected my computer, but here's what I do know:
After deleting a couple of infected files, my browser (Opera, and I tried Chrome and Firefox just to make sure it was my computer and not just the particular browser) quit initiating javascripts(?). It's not the most important thing in the world to me, but for an example, I've provided a screenshot on an app I play on Myspace that won't load since the malware infected my computer. Like I said, it's not the app that I care about; I just don't want to run across the problem later for something I might actually need, if the malware took an important file with it upon deletion.


^----- No changes there. Otherwise, the computer is running smoothly.
The only thing this computer has to revert to factory default, from what I can see, is a hidden partition during startup that reverts back to the computer's original state, before purchase. I don't think / know if it would restore the deleted drivers / codecs / whatever it may be that I'm assuming has been deleted, so I'm just throwing it out there for the much-more-wise to take a gander at. ^_^

I'm leaving tonight for Illinois. I'll hook up to the hotel's internet when I get there, so please don't think I forgot about ya.
Many thanks again for getting my computer out of that red-zone some of us like to call "going apeshyt."

Attached Files


Edited by Sean Vanner, 20 March 2010 - 03:20 PM.


#12 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 20 March 2010 - 03:21 PM

I just took a look and noticed OTL Log didn't upload. I think I ran out of upload space, so let me try with another post.
Sorry about that.

#13 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 20 March 2010 - 03:21 PM

I just took a look and noticed OTL Log didn't upload. I think I ran out of upload space.
Greeeat.

Edited by Sean Vanner, 20 March 2010 - 03:26 PM.


#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 20 March 2010 - 03:29 PM

Oops. Slow down. You did the OTL fix wrong. You need to press the red "Run Fix" button not the blue "Run Scan" button!!!! Read closely and do this again....

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Files
    C:\Documents and Settings\HelpAssistant
    C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST
    C:\Documents and Settings\HelpAssistant.YOUR-LIE0J2FGST.000

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

Re-run http://noahdfear.net/downloads/HAMeb_check.exe and post the log

==========

With your next post please provide:

* OTL fix log
* HA log
* What problems remain?

Your right. After were done you might want to back up your data and restore!!! Let see how it goes.

Cold and windy in Illinois I think.

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 Sean Vanner

Sean Vanner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 20 March 2010 - 03:45 PM

The error returned was:

Sorry, your post was too long, please reduce it <--- That's not good. LoL

Can you PM me an email? Or can you delete some of the older posts so I have enough room to post the logs?
I tried it a moment ago. >.<

Edited by Sean Vanner, 20 March 2010 - 03:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users