Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Visa Advancd Verification virus and HelpAssistant virus


  • This topic is locked This topic is locked
40 replies to this topic

#1 Rick Wooton

Rick Wooton

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 05 May 2010 - 11:58 PM

Hello all.

I have seen several posts about this Visa Verification Virus. I am getting the exact same popup, that then locks up the browser so I have to go in to task manager to close it. Also, I noticed that when I try to log into PayPal, I get their normal screen that already has by default email in place, but as soon as I enter my password I am directed to an obviously phoney page asking for all my personal information. When I contacted Paypal on the phone, they said their system never ever showed me as logged in.

Also I have this HelpAssistant thing I have seen here a few times too. It completely duplicated the Documents and Settings, and today when I tried to delete it, it created a NEW folder called HelpAssistant.RICKS (the name of the compuiter). Also wierd - it won't let me type "HelpAssistant" in Yahoo for help. As soon as I hit enter, it erases those words!

I hope you guys can help, this is really a drag, and my system has come to a complete halt.

Thanks
Rick Wooton
Rochester, Minnesota

DDS.TXT:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Rick at 22:41:44.17 on Wed 05/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.573 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
d:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe
F:\NSW\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
F:\NSW\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
F:\NSW\NswUiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.models-1.com/
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - f:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - d:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {8BCB5337-EC01-4E38-840C-A964F174255B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [NswUiTray] f:\nsw\NswUiTray.exe
mRun: [NSWosCheck] "f:\nsw\osCheck.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010031414
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - f:\nsw\norton cleanup\WCQuick.lnk
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231081404079
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231101466921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
uASetup: {DZLklnQW-TWl3-wxDn-jUBN-ZiXSxR0OTAKH} - c:\windows\sysUpdate.exe

============= SERVICES / DRIVERS ===============

R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2002-5-23 73600]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys [2010-4-13 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys [2010-4-13 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-4-13 501888]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-2-23 95024]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\ironx86.sys [2010-4-13 116784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100429.001\IDSXpx86.sys [2010-5-3 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100505.021\NAVENG.SYS [2010-5-5 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100505.021\NAVEX15.SYS [2010-5-5 1324720]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]

=============== Created Last 30 ================

2010-04-29 21:42:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-29 01:18:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 17:14:46 104 ----a-w- c:\windows\system32\NvApps.xml
2010-04-14 16:59:35 0 d-----w- c:\windows\LMI7.tmp
2010-04-14 16:42:27 65914840 ----a-w- C:\regbkp.reg
2010-04-14 16:30:14 0 d-----w- c:\windows\system32\drivers\vrq
2010-04-14 16:30:14 0 d-----w- c:\program files\NortonVRQ
2010-04-14 16:30:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton VRQ
2010-04-14 16:25:26 0 d-----w- c:\windows\LMI9.tmp
2010-04-14 01:13:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-14 01:13:17 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-04-14 01:11:57 0 d-----w- c:\windows\system32\drivers\N360
2010-04-14 00:59:10 0 d-----w- c:\windows\system32\drivers\NSS
2010-04-14 00:59:10 0 d-----w- c:\program files\Norton Security Scan
2010-04-14 00:27:28 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-04-13 23:10:18 0 d-----w- c:\docume~1\rick\applic~1\Tific
2010-04-13 23:09:01 0 d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-04-13 23:08:59 0 d-----w- c:\program files\Norton PC Checkup
2010-04-13 23:08:29 0 d-----w- c:\program files\NortonInstaller
2010-04-13 22:37:08 2330 ----a-w- C:\rollback.ini
2010-04-13 22:12:37 0 d-----w- c:\program files\common files\ParetoLogic
2010-04-13 07:22:52 0 d-----w- c:\program files\Yahoo!
2010-04-10 08:31:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-04-14 01:38:31 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-14 01:38:30 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-14 01:38:30 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-14 01:38:30 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-02-10 16:20:24 737280 ----a-w- c:\windows\iun6002.exe
2009-01-25 19:45:40 90 --sh--w- c:\windows\cnerolf.dat

============= FINISH: 22:44:57.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 May 2010 - 08:43 AM

My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please give me a little time to look over your log and I'll reply back.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 May 2010 - 08:51 AM

Hello, Rick Wooton.

Please don't miss my post above.

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 Rick Wooton

Rick Wooton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 May 2010 - 11:58 AM

Thanks.

I already deleted Norton and got a refund on it, and I have Avast reinstalled.


C:\Documents and Settings\Rick\Desktop\HAMeb_check.exe
Sat 05/08/2010 at 11:56:40.60

Account active Yes
Local Group Memberships *Administrators

~~ Checking profile list ~~

S-1-5-21-3136207814-2154702590-596957751-1005
%SystemDrive%\Documents and Settings\HelpAssistant

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862BF6B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x862bf6b8
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

~~ Checking for termsrv32.dll ~~

termsrv32.dll present!


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv32.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"7445:TCP"=7445:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
80:TCP=80:TCP:*:Enabled:Services
"8916:TCP"=8916:TCP:*:Enabled:Services
"8917:TCP"=8917:TCP:*:Enabled:Services
"7654:TCP"=7654:TCP:*:Enabled:Services
"7653:TCP"=7653:TCP:*:Enabled:Services
"4167:TCP"=4167:TCP:*:Enabled:Services
"6834:TCP"=6834:TCP:*:Enabled:Services
"9139:TCP"=9139:TCP:*:Enabled:Services
"9138:TCP"=9138:TCP:*:Enabled:Services
"1559:TCP"=1559:TCP:*:Enabled:Services
"1618:TCP"=1618:TCP:*:Enabled:Services
"7513:TCP"=7513:TCP:*:Enabled:Services
"7514:TCP"=7514:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"7445:TCP"=7445:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"8916:TCP"=8916:TCP:*:Enabled:Services
"8917:TCP"=8917:TCP:*:Enabled:Services
"7654:TCP"=7654:TCP:*:Enabled:Services
"7653:TCP"=7653:TCP:*:Enabled:Services
"4167:TCP"=4167:TCP:*:Enabled:Services
"6834:TCP"=6834:TCP:*:Enabled:Services
"9139:TCP"=9139:TCP:*:Enabled:Services
"9138:TCP"=9138:TCP:*:Enabled:Services
"1559:TCP"=1559:TCP:*:Enabled:Services
"1618:TCP"=1618:TCP:*:Enabled:Services
"7513:TCP"=7513:TCP:*:Enabled:Services
"7514:TCP"=7514:TCP:*:Enabled:Services


~~ EOF ~~


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 May 2010 - 12:03 PM

Hello, Rick Wooton.
Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 Rick Wooton

Rick Wooton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 May 2010 - 12:19 PM

Here's the log.

Is it important to know that I have a hidden file on my J drive that scanners always see and say is a threat. They always say they fixed it, but it never leaves. It's called " $@sdntvt_optimize.tmp "





C:\Documents and Settings\Rick\Desktop\HelpAsst_mebroot_fix.exe
Sat 05/08/2010 at 12:06:22.59

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"7445:TCP"=-
"3389:TCP"=-
80:TCP=-
"8916:TCP"=-
"8917:TCP"=-
"7654:TCP"=-
"7653:TCP"=-
"4167:TCP"=-
"6834:TCP"=-
"9139:TCP"=-
"9138:TCP"=-
"1559:TCP"=-
"1618:TCP"=-
"7513:TCP"=-
"7514:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"7445:TCP"=-
"3389:TCP"=-
"8916:TCP"=-
"8917:TCP"=-
"7654:TCP"=-
"7653:TCP"=-
"4167:TCP"=-
"6834:TCP"=-
"9139:TCP"=-
"9138:TCP"=-
"1559:TCP"=-
"1618:TCP"=-
"7513:TCP"=-
"7514:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-3136207814-2154702590-596957751-1005
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 05/08/2010 at 12:15:50.48

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IdeChnDr.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
80:TCP=80:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 May 2010 - 12:39 PM

Hello, Rick Wooton.

Ok, looking better, but we still have more work to do. Let's get an updated scan with OTL.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 Rick Wooton

Rick Wooton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 May 2010 - 12:52 PM

OTL logfile created on: 5/8/2010 12:42:05 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Rick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.02 Gb Free Space | 20.64% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 5.74 Gb Free Space | 29.38% Space Free | Partition Type: NTFS
Drive E: | 39.07 Gb Total Space | 1.14 Gb Free Space | 2.91% Space Free | Partition Type: NTFS
Drive F: | 24.79 Gb Total Space | 8.04 Gb Free Space | 32.44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.88 Gb Total Space | 34.07 Gb Free Space | 14.63% Space Free | Partition Type: NTFS

Computer Name: RICKS
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/08 12:40:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- f:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- f:\Program Files\a-squared Free\a2service.exe
PRC - [2008/09/25 15:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- F:\NSW\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 15:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- F:\NSW\Norton Utilities\NPROTECT.EXE
PRC - [2008/09/25 15:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- F:\NSW\NswUiTray.exe
PRC - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () -- d:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/03/19 12:01:02 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/03/04 19:35:26 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe


========== Modules (SafeList) ==========

MOD - [2010/05/08 12:40:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (YahooAUService)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- f:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- f:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- f:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- f:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/01/31 03:25:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/25 15:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\NSW\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 15:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\NSW\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- d:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2002/03/04 19:35:26 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/13 20:38:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/23 11:02:02 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/26 21:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/09/25 15:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 15:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/03/22 22:31:52 | 000,302,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\snpstd2.sys -- (snpstd2) USB PC Camera (SN9C103)
DRV - [2002/05/12 19:26:38 | 000,073,600 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttrak.sys -- (fasttrak)
DRV - [2002/04/11 21:21:38 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\usbcm.sys -- (usbcm)
DRV - [2002/03/28 17:55:30 | 001,167,936 | R--- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2002/03/26 09:00:00 | 000,093,242 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/03/26 09:00:00 | 000,013,782 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/03/04 19:35:42 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/17 21:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 21:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 21:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 14:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bestbuy.msn.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bestbuy.msn.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bestbuy.msn.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bestbuy.msn.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.models-1.com/
IE - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/12/18 22:43:57 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast5] f:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NSWosCheck] F:\NSW\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NswUiTray] F:\NSW\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - F:\NSW\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - F:\NSW\Norton Cleanup\WCQuick.lnk ()
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231081404079 (WUWebControl Class)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1231101466921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 68.115.71.53 24.196.64.53
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2009/01/04 10:24:01 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "YahooAUService"
MsConfig - Services: "ERSvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - D:\PROGRA~1\MICROS~1\Office\OSA9.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Rick^Start Menu^Programs^Startup^WorldClock.lnk - F:\PROGRA~1\SHARPW~1\SHARPW~1.EXE - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Evidence Eliminator - hkey= - key= - D:\Program Files\Evidence Eliminator\ee.exe (Robin Hood Software Ltd.)
MsConfig - StartUpReg: gn5h3SybLVkS3I - hkey= - key= - C:\WINDOWS\sysUpdate.exe File not found
MsConfig - StartUpReg: gqjgnqbv - hkey= - key= - C:\Documents and Settings\Rick\Local Settings\Application Data\knjyil\ykxdsysguard.exe File not found
MsConfig - StartUpReg: GWMDMMSG - hkey= - key= - C:\WINDOWS\GWMDMMSG.exe (GTW)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
MsConfig - StartUpReg: HXDL.EXE - hkey= - key= - C:\Program Files\BestBuy\HelpExpress\HXDL.EXE File not found
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - F:\Program Files\QuickTime\qttask.exe File not found
MsConfig - StartUpReg: RTReminder - hkey= - key= - C:\Program Files\Lavasoft\Lavasoft Registry Tuner\RegistryTuner.exe File not found
MsConfig - StartUpReg: SNPSTD2 - hkey= - key= - C:\WINDOWS\vsnpstd2.exe ()
MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\WINDOWS\vsnpstd3.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: svchost.exe - hkey= - key= - C:\Documents and Settings\Rick\Application Data\Microsoft\svchost.exe File not found
MsConfig - StartUpReg: tsnpstd3 - hkey= - key= - C:\WINDOWS\tsnpstd3.exe ()
MsConfig - StartUpReg: uTorrent - hkey= - key= - F:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {76C19B30-F0C8-11cf-87CC-0020AFEECF20} - Japanese Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B87ABD7D-212C-0360-70C3-470EB66846A8} - NetShow
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DCF466C9-05DE-E671-0A11-1402423934BF} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DZLklnQW-TWl3-wxDn-jUBN-ZiXSxR0OTAKH} -
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: MIDI2 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.D263 - C:\WINDOWS\System32\xl_x263dec.dll (Xirlink, Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MLCY - C:\WINDOWS\System32\mlc.dll ()
Drivers32: vidc.ulra - C:\WINDOWS\SYSTEM32\utvideo.dll ()
Drivers32: vidc.ulrg - C:\WINDOWS\SYSTEM32\utvideo.dll ()
Drivers32: vidc.uly0 - C:\WINDOWS\SYSTEM32\utvideo.dll ()
Drivers32: vidc.uly2 - C:\WINDOWS\SYSTEM32\utvideo.dll ()
Drivers32: vidc.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: vidc.VP40 - C:\WINDOWS\System32\vp4vfw.dll (On2.com)
Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.WTVC - C:\WINDOWS\System32\wtvc.DLL (WebTrain Communications)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/05/08 12:40:18 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2010/05/08 12:06:24 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/05/08 12:06:21 | 000,278,016 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/05/08 04:31:35 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/08 04:31:35 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/08 04:31:35 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/08 04:31:35 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/08 04:31:35 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/08 04:31:35 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/08 04:31:35 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/08 04:31:03 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/08 04:31:03 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/08 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\My Documents\a-squared Free
[2010/05/06 09:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Local Settings\Application Data\Yahoo
[2010/05/06 09:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/05/06 09:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/04/29 16:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/29 14:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/04/28 20:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/28 20:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/14 12:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/04/14 11:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI7.tmp
[2010/04/14 11:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton VRQ
[2010/04/14 11:25:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI9.tmp
[2010/04/13 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/04/13 20:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/04/13 19:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/04/13 18:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Local Settings\Application Data\Tific
[2010/04/13 18:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Tific
[2010/04/13 17:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/04/13 17:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Local Settings\Application Data\Downloaded Installations
[2010/04/10 03:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/22 16:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/03/22 16:04:29 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/03/22 16:04:25 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/03/22 16:04:19 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/03/22 16:04:18 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/03/22 16:04:17 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/03/22 16:04:16 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/03/22 16:04:15 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/03/22 16:04:15 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/03/22 16:04:14 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/03/22 16:04:13 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/03/22 16:04:03 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/03/22 16:04:03 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/03/22 16:04:01 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/03/22 16:03:50 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/03/22 16:03:50 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/03/22 16:03:50 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/03/22 16:03:49 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/03/22 16:03:49 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/03/22 16:03:48 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/03/22 16:03:48 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/03/22 16:03:47 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/03/22 16:03:44 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/03/22 16:03:43 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/03/22 16:03:36 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/03/22 16:03:31 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/03/22 16:02:32 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/03/22 16:02:31 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/03/22 16:02:31 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/03/22 16:02:31 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/03/22 16:02:30 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/03/22 16:02:28 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/03/22 16:02:27 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/03/22 16:02:27 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/03/22 16:02:27 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/03/22 16:02:25 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/03/22 16:02:25 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/03/22 16:02:00 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/03/22 16:02:00 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/03/22 16:02:00 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/03/22 16:01:59 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/03/22 16:01:59 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/03/22 16:01:59 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/03/22 16:01:58 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/03/22 16:01:57 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/03/22 16:01:56 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/03/22 16:01:56 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/03/22 16:01:55 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/03/22 16:01:55 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/03/22 16:01:54 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/03/22 16:01:54 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/03/22 16:01:53 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/03/22 16:01:53 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/03/22 16:01:52 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/03/22 16:01:52 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/03/22 16:01:47 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/03/22 16:01:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/03/22 16:01:46 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/03/22 16:01:45 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/03/22 16:01:45 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/03/22 16:01:44 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/03/22 16:01:44 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/03/22 16:01:26 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/03/22 16:01:25 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/03/22 16:01:22 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/03/22 16:01:14 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/03/22 16:01:13 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/03/22 16:01:13 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/03/22 16:01:12 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/03/22 16:01:12 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/03/22 16:01:11 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/03/22 16:01:10 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/03/22 16:01:08 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/03/22 16:01:07 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/03/22 16:01:05 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/03/22 16:01:04 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/03/22 16:01:04 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/02/25 19:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Skype
[2010/02/25 19:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/02/25 19:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/02/23 11:02:15 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/23 10:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/10 12:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/02/10 12:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/02/10 12:09:35 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/02/10 12:09:14 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2009/01/04 21:12:34 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2009/01/04 21:12:34 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd2.dll
[2009/01/04 21:12:34 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[2009/01/04 20:37:48 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/01/04 20:37:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/01/04 20:37:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/01/04 20:37:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/08 12:40:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2010/05/08 12:14:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/08 12:13:54 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/08 12:13:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/08 12:08:41 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\Rick\NTUSER.DAT
[2010/05/08 12:05:55 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\HelpAsst_mebroot_fix.exe
[2010/05/08 11:56:22 | 000,485,896 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\HAMeb_check.exe
[2010/05/08 08:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/05/08 07:00:04 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/05/08 07:00:04 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/05/08 04:37:28 | 003,702,256 | -H-- | M] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\IconCache.db
[2010/05/08 04:31:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/08 04:31:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/08 02:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/05/08 01:07:32 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/05/07 23:21:00 | 000,008,180 | ---- | M] () -- C:\WINDOWS\lviewp.ini
[2010/05/07 20:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/07 14:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/06 15:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 04:17:33 | 000,246,728 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\NORTONdoesn'twork.jpg
[2010/05/05 22:49:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\gmer.zip
[2010/05/05 22:37:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\dds.scr
[2010/05/05 21:21:43 | 000,001,131 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/05 21:21:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/05 21:21:43 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2010/05/03 12:00:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010/05/01 02:00:25 | 000,200,010 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\paypal2.jpg
[2010/05/01 01:59:09 | 000,240,749 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\paypal1.jpg
[2010/04/29 14:23:58 | 000,027,199 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\75974350I.jpg
[2010/04/28 23:03:40 | 000,258,483 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\M5.jpg
[2010/04/28 21:06:56 | 000,222,778 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\M4.jpg
[2010/04/28 20:47:02 | 000,153,868 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\M3.jpg
[2010/04/28 20:43:46 | 000,291,893 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\M2.jpg
[2010/04/28 20:40:04 | 000,227,921 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\M1.jpg
[2010/04/14 11:53:10 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/14 11:53:10 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/14 11:53:10 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/14 11:53:10 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/14 11:53:10 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/14 11:53:10 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/14 11:52:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/14 11:52:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/14 11:42:40 | 065,914,840 | ---- | M] () -- C:\regbkp.reg
[2010/04/13 20:38:31 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/13 20:38:30 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/13 20:38:30 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/13 20:38:30 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/13 17:37:08 | 000,002,330 | ---- | M] () -- C:\rollback.ini
[2010/03/22 15:53:18 | 000,508,296 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 15:53:18 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/22 15:53:18 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/19 09:17:27 | 000,110,703 | ---- | M] () -- C:\stephaniecourteny.jpg
[2010/03/18 21:22:24 | 000,000,002 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/02/25 20:50:58 | 000,077,312 | ---- | M] () -- C:\WINDOWS\mbr.exe
[2010/02/23 11:02:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/22 13:16:18 | 000,299,008 | ---- | M] (Robin Hood Software Ltd) -- C:\WINDOWS\System32\EEGenFn1.dll
[2010/02/10 12:21:24 | 002,068,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/10 12:15:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rick\ntuser.ini
[2010/02/10 11:20:24 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/02/10 11:09:01 | 000,041,488 | ---- | M] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/07 19:55:03 | 000,028,491 | ---- | M] () -- C:\results.gif
[2010/02/07 19:54:22 | 000,020,743 | ---- | M] () -- C:\ncbrand-skull-4.jpg
[2010/02/07 18:55:08 | 000,006,885 | ---- | M] () -- C:\small.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 12:06:21 | 000,082,944 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/08 12:06:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/05/08 12:05:53 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\HelpAsst_mebroot_fix.exe
[2010/05/08 11:56:19 | 000,485,896 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\HAMeb_check.exe
[2010/05/08 04:31:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/08 01:07:32 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/05/08 00:08:25 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\EEInstMngr.exe
[2010/05/06 04:12:57 | 000,246,728 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\NORTONdoesn'twork.jpg
[2010/05/05 22:50:24 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\gmer.exe
[2010/05/05 22:49:42 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\gmer.zip
[2010/05/05 22:37:02 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\dds.scr
[2010/05/03 14:54:23 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/03 14:54:20 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/01 02:00:23 | 000,200,010 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\paypal2.jpg
[2010/05/01 01:59:06 | 000,240,749 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\paypal1.jpg
[2010/04/29 14:24:24 | 000,027,199 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\75974350I.jpg
[2010/04/28 23:03:37 | 000,258,483 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\M5.jpg
[2010/04/28 21:06:53 | 000,222,778 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\M4.jpg
[2010/04/28 20:46:58 | 000,153,868 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\M3.jpg
[2010/04/28 20:43:43 | 000,291,893 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\M2.jpg
[2010/04/28 20:40:01 | 000,227,921 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\M1.jpg
[2010/04/14 12:14:46 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/14 11:42:27 | 065,914,840 | ---- | C] () -- C:\regbkp.reg
[2010/04/13 17:37:08 | 000,002,330 | ---- | C] () -- C:\rollback.ini
[2010/04/10 00:29:17 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/04/10 00:29:17 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/22 16:04:17 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/03/22 16:04:16 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/03/22 16:04:16 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/03/22 16:02:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/03/22 16:02:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/03/22 16:02:17 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/03/22 16:02:17 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/03/22 16:02:17 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/03/22 16:02:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/03/22 16:02:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/03/22 16:02:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/03/22 16:02:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/03/22 16:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/03/22 16:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/03/22 16:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/03/22 16:02:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/03/22 16:02:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/03/22 16:02:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/03/22 16:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/03/22 16:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/03/22 16:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/03/22 16:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/03/22 16:02:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/03/22 16:02:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/03/22 16:02:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/03/22 16:02:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/03/22 16:02:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/03/22 16:02:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/03/22 16:02:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/03/22 16:02:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/03/22 16:02:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/03/22 16:02:08 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/03/22 16:02:08 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/03/22 16:02:08 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/03/22 16:02:07 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/03/22 16:02:07 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/03/22 16:02:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/03/22 16:02:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/03/22 16:02:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/03/22 16:02:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/03/22 16:02:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/03/22 16:02:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/03/22 16:02:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/03/22 16:02:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/03/22 16:02:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/03/22 16:02:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/03/22 16:02:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/03/22 16:02:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/03/22 16:02:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/03/22 16:02:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/03/22 16:01:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/03/22 16:01:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/03/22 16:01:37 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/03/22 16:01:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/03/22 16:01:37 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/03/22 16:01:36 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/03/22 16:01:36 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/03/22 16:01:36 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/03/22 16:01:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/03/22 16:01:30 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/03/19 09:17:33 | 000,110,703 | ---- | C] () -- C:\stephaniecourteny.jpg
[2010/02/10 12:09:36 | 000,009,047 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/02/10 12:09:24 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/07 19:42:58 | 000,020,743 | ---- | C] () -- C:\ncbrand-skull-4.jpg
[2010/02/07 19:38:00 | 000,028,491 | ---- | C] () -- C:\results.gif
[2010/02/07 18:55:03 | 000,006,885 | ---- | C] () -- C:\small.jpg
[2009/11/18 02:37:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/11/08 23:08:07 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\mlc.dll
[2009/10/22 17:32:32 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/10/22 17:32:10 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/10/14 07:30:22 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\utvideo.dll
[2009/10/03 15:39:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/08/23 10:06:44 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/23 09:43:46 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/09 21:06:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009/03/08 18:24:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\gvjpeg32.dll
[2009/01/06 03:22:04 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/04 22:34:57 | 000,008,180 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2009/01/04 21:12:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2009/01/04 21:12:44 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2009/01/04 21:12:39 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2009/01/04 20:37:51 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/01/04 20:37:50 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\DeNoise.sys
[2009/01/04 19:02:05 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\fpxacc.dll
[2009/01/04 15:51:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/04 10:14:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/12/08 17:45:34 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\esftchk2.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/28 22:04:04 | 000,001,271 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2004/10/27 10:50:26 | 000,315,728 | ---- | C] () -- C:\WINDOWS\System32\flt1chk3.dll
[2004/01/27 07:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/01/27 07:13:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2003/07/14 19:57:20 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\flt1chk2.dll
[2003/07/12 22:40:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\SAWZipNG.dll
[2002/05/21 02:23:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/04/04 01:31:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/03 23:46:01 | 000,000,632 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/13 00:46:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/02/06 17:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 23:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/10 03:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/09/06 01:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/04/13 19:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/01/04 14:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/01/22 16:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/12 12:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/01/04 16:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/19 05:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/01/29 19:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Atari
[2009/08/29 16:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Canneverbe_Limited
[2010/01/29 18:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\GetRightToGo
[2010/02/16 16:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Hoyle
[2009/04/08 04:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Hoyle FaceCreator
[2010/03/10 12:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Hoyle Puzzle and Board Games
[2010/02/08 10:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Moyea
[2009/11/30 00:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\NewsLeecher
[2010/04/13 20:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Tific
[2010/04/14 02:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\uTorrent
[2010/05/08 02:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/05/08 08:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/05/07 14:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/05/07 20:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/04 13:20:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/01/04 13:20:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\i386\AGP440.SYS
[2001/08/17 23:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/04 13:20:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/01/04 13:20:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys
[2001/08/17 15:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2001/08/17 15:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2001/08/17 15:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll

< MD5 for: IDECHNDR.SYS >
[2002/03/26 09:00:00 | 000,093,242 | ---- | M] (Intel Corporation) MD5=83C96EA7322B109A225D0A6C611D8881 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\idechndr.sys
[2002/03/26 09:00:00 | 000,093,242 | ---- | M] (Intel Corporation) MD5=83C96EA7322B109A225D0A6C611D8881 -- C:\WINDOWS\SYSTEM32\drivers\IdeChnDr.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 211605 bytes -> C:\WINDOWS\Greatest Airliners: 727 Uninstall Log.txt
< End of report >







OTL Extras logfile created on: 5/8/2010 12:42:05 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Rick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.02 Gb Free Space | 20.64% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 5.74 Gb Free Space | 29.38% Space Free | Partition Type: NTFS
Drive E: | 39.07 Gb Total Space | 1.14 Gb Free Space | 2.91% Space Free | Partition Type: NTFS
Drive F: | 24.79 Gb Total Space | 8.04 Gb Free Space | 32.44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.88 Gb Total Space | 34.07 Gb Free Space | 14.63% Space Free | Partition Type: NTFS

Computer Name: RICKS
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\LMI8A.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI8A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"F:\Program Files\Activision Value\WSOP 2008\WSOPBFTB.exe" = F:\Program Files\Activision Value\WSOP 2008\WSOPBFTB.exe:*:Enabled:WSOPBFTB -- ()
"F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Rick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Rick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"D:\Program Files\WS_FTP Pro\ftp95pro.exe" = D:\Program Files\WS_FTP Pro\ftp95pro.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\Program Files\Encore\Hoyle Casino 2009\Hoyle Casino.exe" = D:\Program Files\Encore\Hoyle Casino 2009\Hoyle Casino.exe:*:Enabled:Hoyle Casino -- ()
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"E:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = E:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\dpnsvr.exe" = C:\WINDOWS\SYSTEM32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Program Files\WS_FTP Pro\ftpsync.exe" = D:\Program Files\WS_FTP Pro\ftpsync.exe:*:Enabled:WS_FTP Synchronize Utility -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington MA)
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe" = C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"F:\Program Files\uTorrent\uTorrent.exe" = F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{05CD4873-2FB6-4FFD-8691-B9F3045772B5}" = TBPB v1.1.1 for FS9
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D313614-B2C8-446C-B88C-015D99925853}" = Simmer's Sky - Japanese Airports vol.8
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48969BDB-A81B-4688-8339-F7613436AC3D}" = Norton SystemWorks Basic Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50AE42F5-82B0-4648-B49D-F1C39701D7EF}" = KIND v1.1.1 for FS9
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 EN
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6EC5D2BB-C70D-4A1E-9E0E-384568CA5E97}" = Intel® PRO Intelligent Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98297A57-368B-4FC3-A236-5BDEBB0C3702}" = KMSP v1.1.1 for FS2004
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9CA48456-E0FE-411A-BE20-248B9792A6EC}" = Douglas DC-6 for FS2004
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D5DF0A-FEA8-4872-9491-CDA50AF01E56}" = NameWiz
"{A42161BB-2DD7-474E-A33C-3230DB527350}" = Simmer's Sky - Japanese Airports vol.9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE967F90-A197-4CF9-9F76-254EE1F0A44A}" = VP4 Video For Windows Codec
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CBA7F867-DB37-4C94-9F49-C5466C56F4B0}" = KIND v1.1.1 2009 for FS9
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec
"{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}" = VP6 Decoder
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7C44034-DFFD-4D96-ADFA-D2FCB740EFD6}" = Simmer's Sky - Japanese Airports vol.7
"{D9A4683E-ACBB-4EB2-A22D-2FC219C3D892}" = Ut Video Codec Suite (x86)
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}" = Microsoft GB18030 Support Package
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = GE MiniCam Pro
"{EF28AF2A-AF4D-4798-82A9-17E1360F3E66}" = KMEM v1.1.1 for FS9
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx D4 4.5.1" = 3ivx D4 4.5.1 (remove only)
"A&O Sub" = A&O Sub
"A346 Livery Pack" = A346 Livery Pack
"AceIt_is1" = AceIt v1.3.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"a-squared Free_is1" = a-squared Free 4.5
"Automotores TAF" = Automotores TAF
"avast5" = avast! Free Antivirus
"BNSF Scenic Subdivision" = BNSF Scenic Subdivision
"Cascade Crossing" = Cascade Crossing
"CLS A340-600" = CLS A340-600
"CLS Airbus Pack FS9" = CLS Airbus Pack FS9
"CLS DC10" = CLS DC10
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Commercial Level Simulations Airbus A340-600 for Flight Simulator 2004" = Commercial Level Simulations Airbus A340-600 for Flight Simulator 2004
"ConBuilder" = ConBuilder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"East Metro RR" = East Metro RR
"EMRR Activity Pack" = EMRR Activity Pack
"EMRR Retro Metro 1" = EMRR Retro Metro 1
"EMRR Retro Metro 2" = EMRR Retro Metro 2
"Evidence Eliminator" = Evidence Eliminator
"FLV Player" = FLV Player 2.0 (build 25)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer
"GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer
"GP-Cab-v1a" = GP-Cab-v1a
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"HTML Assistant Pro 2000" = HTML Assistant Pro 2000
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"JAIELangPack" = Japanese Language Support
"Kicking Horse Pass (v. 2.0)" = Kicking Horse Pass (v. 2.0)
"Maple Leaf Tracks - Niagara Corridor" = Maple Leaf Tracks - Niagara Corridor
"Michigan Iron Ore" = Michigan Iron Ore
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MLT Rogers Pass V1.0" = MLT Rogers Pass V1.0
"MLT Rogers Pass V1.01 Patch" = MLT Rogers Pass V1.01 Patch
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTS AutoPack Vol.1" = MSTS AutoPack Vol.1
"MSTS CN Intermodal" = MSTS CN Intermodal
"MSTS CN Intermodal Cars" = MSTS CN Intermodal Cars
"NameWiz" = NameWiz
"News Rover" = News Rover
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NS Buffel for MSTS v1.3" = NS Buffel for MSTS v1.3
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickPar" = QuickPar 0.9
"Route_Riter v7.0.89" = Route_Riter v7.0.89
"Steel Cars_is1" = MSTS Steel Cars v1.0
"SymSetup.{48969BDB-A81B-4688-8339-F7613436AC3D}" = Norton SystemWorks (Symantec Corporation)
"TexoMatic_Unique" = Flight One Text-o-Matic
"TGATool2A_is1" = TGATool2A version 4.00.34
"The Bridge Line Route" = The Bridge Line Route
"The FFS Saab 340 Base InstallerVersion 1.0.0" = The FFS Saab 340 Base Installer
"The Very Singapore" = The Very Singapore
"ThumbsPlus 3.30" = ThumbsPlus version 3.30-R
"Train Artisan CWAC60 Locomotive Add-on for MSTS" = Train Artisan CWAC60 Locomotive Add-on for MSTS
"Train Artisan Zephyr TrainSet for MSTS" = Train Artisan Zephyr TrainSet for MSTS
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store V3.2" = Train Store V3.2
"tsimkdabx9" = Daytona Beach Intl' - Florida, USA FS9 2.0
"tsimsbglx9" = Rio de Janeiro Galeăo Intl' Airport FS2004 v1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Union Pacific C40-8 Set #1" = Union Pacific C40-8 Set #1
"uTorrent" = µTorrent
"VHHH Hong Kong FS2004" = VHHH Hong Kong FS2004
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wings of POWER II: P47 "Solo"" = Wings of POWER II: P47 "Solo"
"Wings of POWER II: P51 Mustang" = Wings of POWER II: P51 Mustang
"Wings of Power: Heavy Bombers and Jets" = Wings of Power: Heavy Bombers and Jets
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"World Series of Poker 2008" = World Series of Poker 2008: Battle for the Bracelets
"WS_FTPPro" = Ipswitch WS_FTP Pro Uninstall
"WTVC" = WTVC Codec (Remove Only)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-treme King Air B200v.2.0.1" = X-treme King Air B200 v.2.0.1
"XviD Video Codec" = XviD Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3136207814-2154702590-596957751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Carenado's C172N Skyhawk II FS2004" = Carenado's C172N Skyhawk II FS2004
"Fallen Flag Shops: Lehigh Valley GP38 Update" = Fallen Flag Shops: Lehigh Valley GP38 Update
"Maple Leaf Tracks CNBala V1.5 Route Upgrade" = Maple Leaf Tracks CNBala V1.5 Route Upgrade
"Maple Leaf Tracks Soldier Summit" = Maple Leaf Tracks Soldier Summit
"Maple Leaf Tracks Bala Sub V1.0" = Maple Leaf Tracks Bala Sub V1.0
"MLT Bala Patch V1.1" = MLT Bala Patch V1.1
"MLT Greater Toronto Area" = MLT Greater Toronto Area
"MLT GTA Oshawa" = MLT GTA Oshawa
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Route_Riter v7.1.29" = Route_Riter v7.1.29
"Route_Riter v7.5" = Route_Riter v7.5
"Springfield Terminal Railway route" = Springfield Terminal Railway route
"STR_60s" = STR_60s
"Wupper Express 11 Actpack 1.0" = Wupper Express 11 Actpack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2010 3:22:45 AM | Computer Name = RICKS | Source = ESENT | ID = 489
Description = wuauclt (2980) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/6/2010 3:22:45 AM | Computer Name = RICKS | Source = ESENT | ID = 455
Description = wuaueng.dll (2980) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/6/2010 3:22:55 AM | Computer Name = RICKS | Source = ESENT | ID = 489
Description = wuauclt (2480) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/6/2010 3:22:55 AM | Computer Name = RICKS | Source = ESENT | ID = 455
Description = wuaueng.dll (2480) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/6/2010 3:23:05 AM | Computer Name = RICKS | Source = ESENT | ID = 489
Description = wuauclt (2480) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/6/2010 3:23:05 AM | Computer Name = RICKS | Source = ESENT | ID = 455
Description = wuaueng.dll (2480) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/6/2010 3:23:15 AM | Computer Name = RICKS | Source = ESENT | ID = 489
Description = wuauclt (3552) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/6/2010 3:23:15 AM | Computer Name = RICKS | Source = ESENT | ID = 455
Description = wuaueng.dll (3552) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/6/2010 3:23:25 AM | Computer Name = RICKS | Source = ESENT | ID = 489
Description = wuauclt (3552) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/6/2010 3:23:25 AM | Computer Name = RICKS | Source = ESENT | ID = 455
Description = wuaueng.dll (3552) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 5/8/2010 5:37:43 AM | Computer Name = RICKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 5/8/2010 5:37:43 AM | Computer Name = RICKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service ALG with arguments
"" in order to run the server: {D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error - 5/8/2010 5:37:46 AM | Computer Name = RICKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/8/2010 5:38:43 AM | Computer Name = RICKS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm SCDEmu

Error - 5/8/2010 5:42:49 AM | Computer Name = RICKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/8/2010 5:45:34 AM | Computer Name = RICKS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 5/8/2010 11:24:54 AM | Computer Name = RICKS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 5/8/2010 1:14:26 PM | Computer Name = RICKS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 5/8/2010 1:42:27 PM | Computer Name = RICKS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/8/2010 1:42:27 PM | Computer Name = RICKS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 May 2010 - 02:56 PM

Hello, Rick Wooton.
Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as Rick WootonCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Rick WootonCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Rick Wooton

Rick Wooton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 May 2010 - 03:08 PM

It didn't work.

First it said I can't rename it to that. So I took the space out and tried again. Then a cmd box came up that says

'SWSC' is not recognized as an internal or external command, operable program or batch file.



#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 May 2010 - 03:13 PM

ok, please delete combofix off of your desktop, redownload a new copy and save it as CFix.exe then double-click to run it.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 Rick Wooton

Rick Wooton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 May 2010 - 03:17 PM

Got the same 'SWSC' screen.....

#13 Rick Wooton

Rick Wooton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 May 2010 - 03:20 PM

I'll have to pick up where we left off a little later. I've been up all night and all day with this, and I can't keep my eyes open any more.

I really appreciate your help so far!!

Rick


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 May 2010 - 04:01 PM

Hello, Rick Wooton.
OK, no problem. It may be due to the multiple drives you have set up. Let's try this instead.

First...you mentioned there were other HELPASSISTANT folders...please let me know if they still exist and I have a tool to clear them.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (YahooAUService)
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Reg Error: Value error. (Reg Error: Key error.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    @Alternate Data Stream - 211605 bytes -> C:\WINDOWS\Greatest Airliners: 727 Uninstall Log.txt
    :registry
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "gn5h3SybLVkS3I"=-
    "gqjgnqbv"=-
    "svchost.exe"=-
    :files
    C:\Documents and Settings\Rick\Application Data\Microsoft\svchost.exe
    C:\Documents and Settings\Rick\Local Settings\Application Data\knjyil\
    C:\WINDOWS\sysUpdate.exe
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Rick Wooton

Rick Wooton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 May 2010 - 08:23 PM

I have one folder called "Administrator.RICKS" which is another duplicate.. if I leave there, after a reboot I see "Administrator.RICKS.0000"






========== OTL ==========
Service YahooAUService stopped successfully!
Service YahooAUService deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
ADS C:\WINDOWS\Greatest Airliners: 727 Uninstall Log.txt deleted successfully.
Error: Unable to interpret <:registry> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]> in the current context!
Error: Unable to interpret <"gn5h3SybLVkS3I"=-> in the current context!
Error: Unable to interpret <"gqjgnqbv"=-> in the current context!
Error: Unable to interpret <"svchost.exe"=-> in the current context!
========== FILES ==========
File\Folder C:\Documents and Settings\Rick\Application Data\Microsoft\svchost.exe not found.
Folder C:\Documents and Settings\Rick\Local Settings\Application Data\knjyil not found.
File\Folder C:\WINDOWS\sysUpdate.exe not found.

OTL by OldTimer - Version 3.2.4.1 log created on 05082010_202017





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users