Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wscript.exe Norton 360 intrusions Network Hack


  • This topic is locked This topic is locked
20 replies to this topic

#1 TADDY

TADDY

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 09 July 2010 - 06:22 PM

I was looking up NBA pictures on the internet, but when I clicked into one about an "ex-NBA now homeless" link, a virus notification popped up. My dos command screen popped up, then someone joined my network. I shut off my internet and did a virus scan, but nothing popped up. Norton history stated that I allowed wscript.exe. and invited someone to my network. I marked the intruder, but did not know how to correct wscript.exe. I noticed when I did a search on my computer, that the last wscript modified said wscript.exe/prefech (or something to that nature). I deleted the file. I did a spyware scan, but nothing popped up. My Norton kept stating that it was blocking an intruder. That's when I came to this site. I followed the directions, but I could never complete gmer (it would lock up). I did the malware scan and it showed koob virus and adaware. I was finally able to run gmer, but only in safe mode. Any assistance you could offer would be greatly appreciated. I'm prepared to do a full restore if I have too, but at last resort. Thanks in advance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by king at 15:14:50.65 on Mon 07/05/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1331 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Program Files\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\Network Magic\nmapp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\Taddy's Music\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\CTSMode.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\king\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mDefault_Page_URL = hxxp://att.yahoo.com
mSearch Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CTSMode] c:\program files\creative\sound blaster x-fi\automode switcher\CTSMode.exe /trayicon /nt
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative AutoUpdate v1.10.10)" -"http://www.nickjr.com/playtime/cats/games/little_bear/bear_puzzle.jhtml"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTSysVol] f:\program files\surround mixer\CTSysVol.exe /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LXDCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDCtime.dll,_RunDLLEntry@16
mRun: [nmapp] "f:\program files\network magic\nmapp.exe" -autorun -nosplash
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "f:\taddy's music\itunes\iTunesHelper.exe"
IE: Add to AMV Converter... - f:\kids mp3\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\king\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-20 116784]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-20 126392]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-8-7 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-8-7 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-8-7 73752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-20 102448]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2008-8-7 1222680]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100702.001\IDSXpx86.sys [2010-7-2 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100705.002\NAVENG.SYS [2010-7-5 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100705.002\NAVEX15.SYS [2010-7-5 1347504]
S2 gupdate1c9df3ce1178d7e;Google Update Service (gupdate1c9df3ce1178d7e);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-2-7 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\common files\creative labs shared\service\DDLLicensing.exe [2009-2-7 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2009-2-7 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-8-7 198168]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-8-7 1353240]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2008-9-16 12160]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-8-7 73752]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2008-7-26 815104]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-22 40552]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-10-23 582424]
S4 SageTV;SageTV; [x]

=============== Created Last 30 ================

2010-07-05 19:09:52 0 ----a-w- c:\documents and settings\king\defogger_reenable
2010-07-05 03:55:48 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-06-28 22:57:32 0 d-----w- c:\program files\iPod
2010-06-28 22:52:36 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 09:59:32 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-16 09:59:32 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-16 09:59:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-16 09:59:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-10 00:57:51 98968 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-08 04:26:27 103784 ----a-w- c:\documents and settings\king\GoToAssistDownloadHelper.exe
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-04 16:15:17 249856 ------w- c:\windows\Setup1.exe
2010-05-04 16:15:16 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-07-18 23:40:39 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-07-18 09:14:08 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071820080719\index.dat

============= FINISH: 15:15:39.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 12 July 2010 - 06:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 TADDY

TADDY
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 12 July 2010 - 11:01 PM

OTL logfile created on: 7/12/2010 11:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\king\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.10 Gb Free Space | 55.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 229.18 Gb Total Space | 145.47 Gb Free Space | 63.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TADPOLE
Current User Name: king
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/08/25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 10:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/19 08:57:58 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/02/19 08:53:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 17:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/07/18 19:03:02 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/21 17:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- F:\Program Files\Network Magic\nmapp.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 21:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2007/02/12 19:56:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe
PRC - [2007/01/24 18:33:12 | 000,430,080 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\CTSMode.exe
PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/03/22 20:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/03/10 21:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- F:\Program Files\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/01 12:46:16 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\ShHook.dll
MOD - [2005/03/10 16:33:48 | 000,053,248 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SageTV)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/10/23 17:58:06 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/08/25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/07 19:48:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/02/07 19:43:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2009/02/07 19:42:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- F:\Program Files\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/09/05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/20 15:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007/02/12 19:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100712.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/27 00:00:57 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 00:00:57 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/22 14:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/16 05:59:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/12 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100712.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/12 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100712.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2009/02/19 10:55:20 | 000,015,384 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2009/02/19 10:54:48 | 001,222,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2009/02/19 10:53:16 | 001,179,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/02/19 10:52:42 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/02/19 10:52:04 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/02/19 10:51:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/02/19 10:50:46 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/02/19 10:45:16 | 000,535,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/02/19 10:44:40 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/02/19 10:43:50 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/02/19 10:43:50 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/02/19 10:43:10 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/02/19 10:43:10 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/02/19 10:42:26 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/02/19 10:42:26 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/01/26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/29 02:21:53 | 002,873,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/04 09:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/11/16 18:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/31 20:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/08/12 03:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/07/12 22:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/11/17 18:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/12 08:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/12/29 22:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://att.my.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/18 19:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/05/26 15:11:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/05/16 06:01:18 | 000,000,000 | ---D | M]

[2010/03/29 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions
[2010/03/29 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/18 05:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions\mozswing@mozswing.org

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] F:\Program Files\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [LXDCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [nmapp] F:\Program Files\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\Run: [CTSMode] C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\CTSMode.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to AMV Converter... - F:\Kids MP3\AMVConverter\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\king\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: F:\Desktop\Wallpaper\Beach chair.bmp
O24 - Desktop BackupWallPaper: F:\Desktop\Wallpaper\Beach chair.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/20 07:29:10 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b2261bf-21fb-11de-9e7e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2b2261bf-21fb-11de-9e7e-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35616d86-5edd-11dd-b6ef-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{35616d86-5edd-11dd-b6ef-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad735108-4e94-11dd-93f5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ad735108-4e94-11dd-93f5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "RichVideo"
MsConfig - Services: "MSSQL$PINNACLESYS"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "iPod Service"
MsConfig - Services: "SQLAgent$PINNACLESYS"
MsConfig - Services: "XoftSpyService"
MsConfig - Services: "SageTV"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - F:\Program Files\PhotoShop\apdproxy.exe File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AOL Fast Start - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: CTDVDDET - hkey= - key= - F:\Program Files\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: EA Core - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HostManager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - F:\Program Files\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: LaunchList - hkey= - key= - F:\Program Files\Pinnacle\LaunchList2.exe (Pinnacle Systems)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - F:\Program Files\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/12 23:42:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
[2010/07/11 17:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\My Documents\Downloads
[2010/07/10 14:53:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\king\Recent
[2010/07/08 17:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Application Data\Malwarebytes
[2010/07/08 17:01:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 17:01:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 17:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 17:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/08 17:00:06 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\king\Desktop\mbam-setup.exe
[2010/07/05 15:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Desktop\gmer
[2010/07/04 23:55:48 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/06/28 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 18:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/09 19:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Application Data\Audacity
[2010/06/05 13:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Application Data\Tific
[2010/05/31 22:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Application Data\freshgames
[2010/05/20 20:04:07 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/20 20:04:07 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/20 20:04:07 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/05/20 20:04:07 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/05/20 20:04:07 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/05/20 20:04:07 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/05/20 20:04:06 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/05/20 20:04:06 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/05/20 20:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/05/16 06:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\My Documents\Symantec
[2010/05/16 05:59:32 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/16 05:59:32 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/16 05:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/16 05:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/05/16 05:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/05/16 05:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/05/16 05:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/16 05:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/10 20:53:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/05/10 20:52:59 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/05/10 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/05/10 20:40:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/08 01:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/08 00:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Application Data\Symantec
[2010/05/08 00:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/05/08 00:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/05/08 00:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/03 10:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/03 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/03 10:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/03 09:52:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2010/05/02 16:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
[2010/05/01 22:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\My Documents\Recipes
[2010/05/01 18:43:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/01 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/05/01 18:41:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/01 12:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2010/04/26 03:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Maximize Games
[2008/09/16 04:08:09 | 000,014,336 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/07/19 19:31:05 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2008/07/19 19:31:05 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2008/07/19 19:31:05 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll
[2008/07/19 19:31:04 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2008/07/19 19:31:04 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2008/07/19 19:31:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2008/07/19 19:31:03 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2008/07/19 19:31:03 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2008/07/19 19:31:03 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2008/07/19 19:31:01 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2008/07/19 19:31:00 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll
[2008/07/19 19:30:59 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
[2010/07/12 23:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 19:00:31 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\king\My Documents\Document.rtf
[2010/07/12 18:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/12 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/07/12 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/07/12 11:47:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 11:47:47 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/07/12 11:47:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 11:47:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 10:37:43 | 000,055,796 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/12 10:37:43 | 000,055,796 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/12 10:37:43 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/12 10:37:39 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\king\ntuser.dat
[2010/07/12 10:37:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\king\ntuser.ini
[2010/07/12 00:33:16 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/07/08 19:51:10 | 000,000,982 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/08 17:01:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 17:00:06 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\king\Desktop\mbam-setup.exe
[2010/07/05 15:11:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\king\Desktop\dds.scr
[2010/07/05 15:09:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\king\defogger_reenable
[2010/07/05 14:12:45 | 000,101,793 | ---- | M] () -- C:\Documents and Settings\king\My Documents\1234.rtf
[2010/07/05 03:41:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/04 23:55:50 | 000,702,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/04 08:31:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/04 08:27:34 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/07/03 17:40:04 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\king\Application Data\mcs.rma
[2010/07/03 17:40:04 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\king\Application Data\1749AF
[2010/06/30 13:23:56 | 000,049,533 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/06/28 18:46:42 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\king\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 04:43:06 | 000,688,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 04:43:06 | 000,581,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 04:43:06 | 000,114,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 22:52:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/21 14:16:42 | 000,000,040 | ---- | M] () -- C:\WINDOWS\RSoftInfo.dat
[2010/06/11 05:35:26 | 000,472,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 05:23:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/29 20:43:24 | 000,000,066 | ---- | M] () -- C:\WINDOWS\CTWave32.ini
[2010/05/29 20:34:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2010/05/16 10:18:15 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2010/05/16 05:59:32 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/16 05:59:32 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/16 05:59:32 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/16 05:59:32 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/14 02:40:03 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/09 20:57:51 | 000,098,968 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/08 00:26:27 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\king\GoToAssistDownloadHelper.exe
[2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/05/06 00:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/06 00:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/04 11:40:29 | 000,002,384 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2010/05/03 18:59:49 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinTV.lnk
[2010/05/03 15:23:03 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\king\Desktop\GameHouse Games Manager.lnk
[2010/05/01 12:07:30 | 000,000,656 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/29 01:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/29 01:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/26 04:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/04/24 07:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/04/21 22:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/04/21 22:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/04/21 22:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/04/21 22:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 19:00:31 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\king\My Documents\Document.rtf
[2010/07/08 17:01:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 15:11:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\king\Desktop\dds.scr
[2010/07/05 15:09:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\king\defogger_reenable
[2010/07/05 14:12:44 | 000,101,793 | ---- | C] () -- C:\Documents and Settings\king\My Documents\1234.rtf
[2010/06/04 17:10:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/21 20:10:30 | 000,702,942 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/05/20 20:04:07 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/05/20 20:04:07 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/05/20 20:04:07 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/05/20 20:04:07 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/05/20 20:04:07 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/05/20 20:04:07 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/05/20 20:04:07 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/05/20 20:04:07 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/05/20 20:04:07 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/20 20:04:07 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/20 20:04:07 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/05/20 20:04:07 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/05/20 20:04:06 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/05/20 20:04:06 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/05/20 20:04:06 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/05/20 20:04:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/05/20 20:03:46 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/16 05:59:32 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/16 05:59:32 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/08 00:26:24 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\king\GoToAssistDownloadHelper.exe
[2010/05/04 06:37:25 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/05/03 15:23:03 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\king\Desktop\GameHouse Games Manager.lnk
[2010/05/02 00:03:45 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/05/01 19:00:22 | 013,107,200 | ---- | C] () -- C:\Documents and Settings\king\ntuser.dat
[2010/05/01 12:07:25 | 000,000,766 | ---- | C] () -- C:\WINDOWS\attwns.ico
[2010/05/01 12:07:06 | 000,002,238 | ---- | C] () -- C:\WINDOWS\ee.ico
[2010/05/01 12:07:01 | 000,000,766 | ---- | C] () -- C:\WINDOWS\zeus.ico
[2010/05/01 12:06:52 | 000,004,398 | ---- | C] () -- C:\WINDOWS\pharaoh.ico
[2010/03/18 05:56:06 | 000,000,066 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2010/01/01 20:09:18 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MonopolyBuildalot.ini
[2009/10/07 05:37:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/07/02 19:39:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009/02/23 11:34:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/02/23 11:34:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/02/23 11:34:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/02/07 20:37:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/21 13:38:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/09/16 04:08:15 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2008/08/20 19:43:19 | 000,000,170 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/08/10 08:01:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/06 22:44:38 | 000,027,402 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/08/06 22:44:38 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/06 22:15:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/08/06 22:15:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/07/27 18:16:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/27 08:21:36 | 000,000,656 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/26 22:39:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/07/26 22:38:55 | 000,006,434 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/07/26 19:46:24 | 000,030,688 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/22 19:20:26 | 000,049,533 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/20 07:29:09 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/07/20 07:29:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/07/20 07:29:09 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/07/19 20:50:31 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/07/19 20:25:45 | 000,000,347 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008/07/19 19:45:03 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2008/07/19 19:40:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/07/19 19:33:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2008/07/19 19:33:18 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2008/07/19 19:31:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini
[2008/07/19 19:31:06 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll
[2008/07/19 19:31:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2008/07/19 00:51:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/07/18 17:25:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/18 17:24:24 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/07/18 17:22:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/07/09 17:10:53 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/12 11:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 15:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/07/21 14:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/06/16 13:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2002/10/11 18:21:46 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\FixP4.dll
[2002/08/26 23:05:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ksProptyUtl.dll
[1999/05/26 21:13:14 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[1999/05/26 21:12:28 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll

========== LOP Check ==========

[2009/01/28 08:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons Family Resort
[2009/10/21 10:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2009/12/22 23:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2009/11/22 03:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/05/10 20:40:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/08/20 05:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2010/06/12 01:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/01/24 16:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/08/26 16:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/02/24 22:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/12/18 01:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/05/31 22:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/12/20 00:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/27 22:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/08/17 05:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/03/09 23:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/01/04 00:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/02/18 23:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/12/12 00:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/07/11 20:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/08 00:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/12/07 06:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2008/09/12 09:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/08/20 18:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/11/30 18:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/11/22 03:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/16 05:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/07/19 20:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/07/19 20:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/04/20 07:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/22 23:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/03/08 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2008/07/19 18:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/02/05 22:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/04/21 13:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/07/19 20:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/30 09:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2009/02/07 08:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/05/17 21:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/06 19:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2008/07/21 18:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/03 07:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2008/07/30 04:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/03/29 07:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZEMNOTT
[2009/04/03 06:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/03 05:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 13:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/11 19:59:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\king\Application Data\.#
[2008/07/21 18:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\acccore
[2008/07/19 09:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Acoustica
[2008/11/23 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Activision
[2009/04/17 06:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Alawar
[2009/03/15 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Anabel
[2009/01/28 08:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Ashtons Family Resort
[2009/10/21 12:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Ashtons. Family Resort
[2010/06/09 20:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Audacity
[2008/11/19 22:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\BeachPartyCraze
[2009/03/11 22:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Boolat Games
[2009/08/20 05:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\CasualForge
[2009/03/17 22:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\cerasus.media
[2009/11/30 12:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\DriverCure
[2010/06/01 04:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\DVDFab
[2009/02/25 23:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\EleFun Games
[2009/03/10 22:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Eyeblaster
[2009/03/21 23:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\FairyTale
[2010/05/31 22:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\freshgames
[2009/02/22 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Friday's games
[2009/04/07 21:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Fuel Industries
[2010/04/05 06:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\GameHouse Janes Realty2
[2009/12/27 22:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\GameHousev1002
[2008/12/22 23:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\GameInvest
[2008/08/22 09:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Gamelab
[2008/07/20 07:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\GetRightToGo
[2008/12/28 12:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\GOL_byHasbro
[2008/09/30 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\ITTNord
[2008/07/19 19:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Lexmark Imaging Studio
[2010/06/30 13:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\LimeWire
[2009/04/12 11:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Marine Aquarium 3
[2008/08/16 23:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Meridian93
[2009/11/15 10:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\MoveFab
[2008/08/01 07:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\My Games
[2010/03/25 16:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\MysteryStudio
[2008/08/10 21:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mysteryville2
[2008/10/08 23:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Opera
[2008/12/25 21:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\PetShowCraze
[2008/11/30 09:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Pharaohs Secret
[2010/04/20 07:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\PlayFirst
[2009/05/09 22:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Playrix Entertainment
[2009/03/08 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\PoBros
[2008/12/24 06:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Pogo Games
[2008/10/04 22:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Righteous Kill
[2008/07/22 20:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\RTPlayer
[2009/06/25 07:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Scrabble Plus
[2009/08/21 10:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Smart Recorder
[2009/05/23 01:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Snapfish
[2010/06/05 13:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Tific
[2008/07/19 10:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Total Eclipse
[2010/06/21 10:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Tunebite
[2008/12/20 13:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Unity
[2008/07/20 22:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\UNOUndercover
[2008/09/29 05:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\ViquaSoft
[2010/03/31 20:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Virtual City
[2010/03/29 16:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Vivox
[2009/12/27 19:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Vso
[2009/08/20 22:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\YoudaGames
[2009/03/29 07:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\ZEMNOTT
[2009/06/22 22:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/07/12 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/07/12 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/07/12 00:33:16 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/07/12 11:47:47 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/03/29 00:05:46 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2010/05/04 13:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 13:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/09 12:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/09 12:27:08 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/09 12:27:08 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2008/08/26 16:17:09 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2008/07/19 20:44:00 | 000,702,246 | ---- | M] () -- C:\adorage-protocol.txt
[2008/07/20 07:29:10 | 000,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/08 07:43:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/07/09 20:32:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/12 15:48:54 | 000,000,288 | ---- | M] () -- C:\DownloadLog.txt
[2010/05/04 09:59:03 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2008/07/26 22:33:31 | 000,256,556 | ---- | M] () -- C:\hcwclear.txt
[2008/07/09 20:32:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/01 21:04:15 | 000,000,819 | ---- | M] () -- C:\Log.txt
[2008/07/09 20:32:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/09 16:45:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/12 11:47:30 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/02/07 19:48:36 | 000,000,086 | ---- | M] () -- C:\Setup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/10/21 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD97.DLL
[2007/10/21 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP97.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/01/18 14:18:54 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdcdrpp.dll
[2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/09 16:43:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/09 16:43:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2007/12/19 15:43:54 | 000,171,024 | ---- | M] (AMD Technologies Inc.) MD5=1A54B47E4439C67C8B040BFCA3F292B9 -- C:\ATI\SUPPORT\8-4_xp32_dd_ccc_wdm_enu_60999\SBDrv\RAID7xx\x86\ahcix86.sys
[2008/03/07 21:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-6_xp32_dd_ccc_wdm_enu_64783\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/09 16:43:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/09 16:43:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\SP45106\Winall\Driver\IaStor.sys
[2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_1EC697820E6EB5E7B03DB047ED10DB6737571CEC\iaStor.sys
[2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\SP45106\Winall\Driver64\IaStor.sys
[2007/02/12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\dell\iastor\iastor.sys
[2007/02/12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2004/08/04 06:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 06:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:528A8DB3
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F39B6D8
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D455373F
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3436F8BB
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE6A1342
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B6B5197
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D09A3F7
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C255CAF0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63596073
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A0AB074
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA0EB21
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CBB9ED6
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:928218FA
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097031DF
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49DE0F09
< End of report >


OTL Extras logfile created on: 7/12/2010 11:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\king\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.10 Gb Free Space | 55.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 229.18 Gb Total Space | 145.47 Gb Free Space | 63.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TADPOLE
Current User Name: king
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe File not found
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe File not found
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe File not found
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe File not found
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe File not found
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:BorgListener -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdccoms.exe" = C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:1300 Series Server -- ( )
"F:\Program Files\Pinnacle\programs\RM.exe" = F:\Program Files\Pinnacle\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"F:\Program Files\Pinnacle\programs\Studio.exe" = F:\Program Files\Pinnacle\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"F:\Program Files\Pinnacle\programs\PMSRegisterFile.exe" = F:\Program Files\Pinnacle\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"F:\Program Files\Pinnacle\programs\umi.exe" = F:\Program Files\Pinnacle\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Device Monitor Appliaction -- File not found
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"F:\Papers\TurboTax Deluxe 2007\32bit\ttax.exe" = F:\Papers\TurboTax Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\Papers\TurboTax Deluxe 2007\32bit\updatemgr.exe" = F:\Papers\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"F:\Program Files\City of Heroes\CohUpdater.exe" = F:\Program Files\City of Heroes\CohUpdater.exe:*:Enabled:City of Heroes -- (Paragon Studios)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"F:\Program Files\DriverCure\DriverCure.exe" = F:\Program Files\DriverCure\DriverCure.exe:*:Enabled:DriverCure -- File not found
"F:\Taddy's Music\iTunes\iTunes.exe" = F:\Taddy's Music\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03756E6D-D8DC-4BD5-AC4F-8DF2F3F23CC8}" = Studio 11
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1AA87-C135-7BC7-3BAE-3415A3A44B91}" = CCC Help Chinese Traditional
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{14EA233B-D1BC-4497-936E-AACE23C1DCE6}" = itssnowing
"{150EAC76-CA0C-10E7-BC14-9B767CEB2ED3}" = ccc-core-static
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA203C9-E987-DC57-592F-BC66839B908C}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB616E7-CB05-76F5-E248-D9280FCD1DE4}" = Catalyst Control Center Localization Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45512BCE-97C7-4784-92E0-1FADFD1509A0}" = ccc-utility
"{468CE1F4-FE6E-38F7-13DF-74DF2139C0E6}" = Catalyst Control Center Localization Chinese Standard
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4F27FC00-7FD7-8914-051F-20D196E01198}" = Skins
"{53772B47-7A22-9B08-E478-A28C8EEC684E}" = Catalyst Control Center Localization Thai
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5D1EA48E-EFA2-FDDE-9B35-D75AC1094D74}" = CCC Help Chinese Standard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6B59DAA5-4313-C492-0CE0-F168C1E25685}" = Catalyst Control Center Graphics Light
"{6E2061C5-D96D-4358-9657-CDC4A5C8F191}" = Hoyle Kids Games 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = Zeus
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.19
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5D5622-BEF9-3647-4207-6DC4E3F5B47D}" = Catalyst Control Center Localization Korean
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA10540-2565-A1DC-9953-89457AAF5C55}" = Catalyst Control Center Graphics Full New
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B2417FCE-7785-C458-D416-D52CE1F5527A}" = Catalyst Control Center Localization Japanese
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7DB71A0-E639-CDFC-56D2-DFDEE0F64D18}" = CCC Help Thai
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5199F80-880C-03AF-B32E-E5B056C78BD9}" = CCC Help Korean
"{C731F57F-BD70-CDF0-D7D6-58B531535232}" = Catalyst Control Center Graphics Full Existing
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D361C406-ED11-4A88-AD42-4A749BBAE6F9}" = Hoyle Card Games 2007
"{D830BBB5-2058-0FF2-1BE4-ED7B656652D6}" = CCC Help English
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2BD6CF-2EB7-4BE4-9CAC-471F351BF24D}" = Hoyle Board Games 2007
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{ED1DD7A4-3048-0FBE-42A9-8E6DA14ABBDA}" = Catalyst Control Center Graphics Previews Common
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F863B682-5148-4738-B025-455AF892D723}" = Tunebite
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FAA1A3D0-1A27-A891-2965-AC4DA798E3AC}" = CCC Help Japanese
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FD8CF142-160D-C87D-FAAB-3564240AC566}" = ccc-core-preinstall
"3DMIDI" = Creative 3DMIDI Player
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"am-avenueflotm" = Avenue Flo™
"am-burgershop2tm" = Burger Shop 2™
"am-cakemaniatm3" = Cake Mania™ 3
"am-dinerdashr5boom" = Diner Dash® 5 - BOOM!
"am-doratheexplorerswipersbigadventure" = Dora The Explorer - Swiper's Big Adventure
"am-fishdomtm2premiumedition" = Fishdom™ 2 Premium Edition
"amg-pastrypassion" = Pastry Passion
"am-hamsterball" = Hamsterball
"am-hoteldashtmsuitesuccesstm" = Hotel Dash™ - Suite Success™
"am-jojosfashionshowworldtour" = Jojo's Fashion Show World Tour
"am-luxor3" = Luxor 3
"am-monopolyherenowedition" = MONOPOLY HERE & NOW EDITION
"am-powerpuzzlepack3in1" = Power Puzzle Pack - 3 in 1
"am-ranchrushr2" = Ranch Rush® 2
"am-rollerrush" = Roller Rush
"am-snailmail" = Snail Mail
"am-spongebobsobstacleodyssey" = SpongeBob's Obstacle Odyssey
"am-superglinx" = Super Glinx!
"am-thegameoflifetmbyhasbro" = THE GAME OF LIFE™ by Hasbro
"AT&T Yahoo! Activation" = AT&T Yahoo! Activation
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"AudibleManager" = AudibleManager
"AudioCS" = Creative Audio Control Panel
"Caesar 3" = Caesar 3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CoH" = City of Villains/City of Heroes (remove only)
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Console Launcher" = Creative Console Launcher
"Creative Volume Panel" = Volume Panel
"Diagnostics 4_5" = Creative Diagnostics
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Doggie Dash®" = Doggie Dash®
"Dora's Carnival 2: Boardwalk Adventure" = Dora's Carnival 2: Boardwalk Adventure
"DVDFab 6_is1" = DVDFab 6.0.2.2 (June 26, 2009)
"EA Download Manager" = EA Download Manager
"Fashion Boutique" = Fashion Boutique
"fitnessdashtm" = Fitness Dash™
"gamesmanager" = GameHouse Games Manager
"Google Chrome" = Google Chrome
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Casino 6" = Hoyle Casino 6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"La Casa De Dora" = La Casa De Dora (remove only)
"LifeGlobe Sharks, Terrors of the Deep 2_is1" = LifeGlobe Sharks, Terrors of the Deep 2
"LimeWire" = LimeWire 5.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monopolytmbuildalottmedition" = MONOPOLY™ Build-A-lot™ Edition
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"partyplanner" = Party Planner
"PokerStars.net" = PokerStars.net
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"PROSet" = Intel® PRO Network Connections Drivers
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure
"Rhapsody" = Rhapsody
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SFBM" = SoundFont Bank Manager
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"UnityWebPlayer" = Unity Web Player
"unorundercovertm" = UNO® - Undercover™
"ViewpointMediaPlayer" = Viewpoint Media Player
"WaveStudio 7" = Creative WaveStudio 7
"Web Games Player Plugin" = Web Games Player Plugin
"weddingdashrreadyaimlovetm" = Wedding Dash® - Ready, Aim, Love!™
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CohMapPack" = VidiotMaps Map Overlay
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 1:32:38 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 2:32:37 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 3:32:37 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 4:32:27 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 10:32:38 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 11:32:40 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/12/2010 12:32:37 AM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/12/2010 8:08:23 AM | Computer Name = TADPOLE | Source = STacSV | ID = 268435455
Description =

Error - 7/12/2010 11:48:24 AM | Computer Name = TADPOLE | Source = STacSV | ID = 268435455
Description =

Error - 7/12/2010 1:32:36 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 7/11/2010 1:32:38 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 2:32:37 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 3:32:37 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 4:32:27 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 10:32:38 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/11/2010 11:32:40 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/12/2010 12:32:37 AM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

Error - 7/12/2010 8:08:23 AM | Computer Name = TADPOLE | Source = STacSV | ID = 268435455
Description =

Error - 7/12/2010 11:48:24 AM | Computer Name = TADPOLE | Source = STacSV | ID = 268435455
Description =

Error - 7/12/2010 1:32:36 PM | Computer Name = TADPOLE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/12/2010 8:08:11 AM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/12/2010 8:08:39 AM | Computer Name = TADPOLE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/12/2010 11:48:00 AM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/12/2010 11:48:37 AM | Computer Name = TADPOLE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/12/2010 4:27:59 PM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/12/2010 4:42:58 PM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/12/2010 9:47:25 PM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/12/2010 10:00:15 PM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/12/2010 10:00:19 PM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/12/2010 10:28:07 PM | Computer Name = TADPOLE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 13 July 2010 - 06:15 PM

Hello, TADDY.

OK, the good news is that I don't see anything too bad in your logs. The bad news is that wscript.exe is a legitimate file so we'll want to restore it. It runs scripts, and some script was running that was calling it. I dont' see an entry, so it's quite possible that one of your security programs caught and removed it. Let's fix some other things and scan with MBAM. If it looks good, we'll restore wscript.exe.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case RegCure). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578


Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or McAfee.

Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    SRV - File not found [Disabled | Stopped] -- -- (SageTV)
    O3 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:528A8DB3
    @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F39B6D8
    @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D455373F
    @Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
    @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
    @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3436F8BB
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE6A1342
    @Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B6B5197
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D09A3F7
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C255CAF0
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63596073
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A0AB074
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA0EB21
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CBB9ED6
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:928218FA
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097031DF
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49DE0F09
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start\]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    :Commands
    [ResetHosts]
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

EDIT: typo

Edited by etavares, 13 July 2010 - 06:16 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 TADDY

TADDY
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 13 July 2010 - 10:25 PM

Thanks to all those that have assisted me with this problem. I have uninstalled LimeWire and RegCure as well as deleted the McAfee folders. Here's a copy of the requested data.


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Error: No service named wanatw) WAN Miniport (ATW was found to stop!
Service\Driver key wanatw) WAN Miniport (ATW not found.
File C:\WINDOWS\System32\DRIVERS\wanatw4.sys not found.
Service MRESP50a64 stopped successfully!
Service MRESP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS not found.
Service MREMP50a64 stopped successfully!
Service MREMP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS not found.
Service SageTV stopped successfully!
Service SageTV deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1390067357-1767777339-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:528A8DB3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F39B6D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D455373F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:512B5648 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3436F8BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FE6A1342 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B6B5197 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8D09A3F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A823589 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C255CAF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63596073 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A0AB074 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DA0EB21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3CBB9ED6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:928218FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:773DA865 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:097031DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:49DE0F09 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: king
->Temp folder emptied: 218316650 bytes
->Temporary Internet Files folder emptied: 733873585 bytes
->Java cache emptied: 310274012 bytes
->Google Chrome cache emptied: 5989181 bytes
->Apple Safari cache emptied: 1079239 bytes
->Flash cache emptied: 926917 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 37847 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 366816846 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 877145 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1742608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23415400 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 38563 bytes
RecycleBin emptied: 791393 bytes

Total Files Cleaned = 1,589.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07132010_224350

Files\Folders moved on Reboot...
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\W1I5PR4E\ads[2].htm moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\W1I5PR4E\iframe[1].htm moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\AT897RNN\ads[3].htm moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\AT897RNN\favicon[5].ico moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\AT897RNN\iframescript[1].htm moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\1PSNF23R\ads[7].htm moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\1PSNF23R\favicon[1].ico moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\1DN2JRQN\favicon[3].ico moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\1DN2JRQN\favicon[4].ico moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\Content.IE5\1DN2JRQN\topic330355[1].htm moved successfully.
C:\Documents and Settings\king\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5f8.dat not found!

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4310

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/13/2010 11:15:59 PM
mbam-log-2010-07-13 (23-15-59).txt

Scan type: Quick scan
Objects scanned: 130582
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 14 July 2010 - 05:32 PM

Looking better. Please run and post an OTL log as instructed in substeps 7-11 of Step 2 above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 TADDY

TADDY
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 14 July 2010 - 06:37 PM

OTL logfile created on: 7/14/2010 7:18:50 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\king\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.44 Gb Free Space | 55.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 229.18 Gb Total Space | 145.63 Gb Free Space | 63.54% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TADPOLE
Current User Name: king
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/08/25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 10:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/19 08:57:58 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/02/19 08:53:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 17:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/07/18 19:03:02 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/21 17:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- F:\Program Files\Network Magic\nmapp.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 21:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2007/02/12 19:56:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe
PRC - [2007/01/24 18:33:12 | 000,430,080 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\CTSMode.exe
PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/03/10 21:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- F:\Program Files\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/01 12:46:16 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\ShHook.dll
MOD - [2005/03/10 16:33:48 | 000,053,248 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/10/23 17:58:06 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/08/25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/07 19:48:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/02/07 19:43:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2009/02/07 19:42:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- F:\Program Files\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/09/05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/20 15:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007/02/12 19:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/07/13 21:22:10 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100714.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 21:22:10 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100714.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100713.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/27 00:00:57 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 00:00:57 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/22 14:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/16 05:59:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2009/02/19 10:55:20 | 000,015,384 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2009/02/19 10:54:48 | 001,222,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2009/02/19 10:53:16 | 001,179,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/02/19 10:52:42 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/02/19 10:52:04 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/02/19 10:51:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/02/19 10:50:46 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/02/19 10:45:16 | 000,535,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/02/19 10:44:40 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/02/19 10:43:50 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/02/19 10:43:50 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/02/19 10:43:10 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/02/19 10:43:10 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/02/19 10:42:26 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/02/19 10:42:26 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/01/26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/29 02:21:53 | 002,873,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/04 09:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/11/16 18:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/31 20:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/08/12 03:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/07/12 22:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/11/17 18:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/12 08:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/12/29 22:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://att.my.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/18 19:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/05/26 15:11:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/05/16 06:01:18 | 000,000,000 | ---D | M]

[2010/03/29 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions
[2010/03/29 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/18 05:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/14 19:07:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] F:\Program Files\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [LXDCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [nmapp] F:\Program Files\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\Run: [CTSMode] C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\CTSMode.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\king\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to AMV Converter... - F:\Kids MP3\AMVConverter\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\king\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: F:\Desktop\Wallpaper\Beach chair.bmp
O24 - Desktop BackupWallPaper: F:\Desktop\Wallpaper\Beach chair.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/20 07:29:10 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b2261bf-21fb-11de-9e7e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2b2261bf-21fb-11de-9e7e-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35616d86-5edd-11dd-b6ef-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{35616d86-5edd-11dd-b6ef-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad735108-4e94-11dd-93f5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ad735108-4e94-11dd-93f5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 22:43:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/13 22:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/13 22:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/13 22:15:39 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/12 23:42:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
[2010/07/11 17:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\My Documents\Downloads
[2010/07/10 14:53:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\king\Recent
[2010/07/08 17:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Application Data\Malwarebytes
[2010/07/08 17:01:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 17:01:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 17:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 17:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/08 17:00:06 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\king\Desktop\mbam-setup.exe
[2010/07/05 15:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Desktop\gmer
[2010/07/04 23:55:48 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/06/28 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 18:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/16 04:08:09 | 000,014,336 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/07/19 19:31:05 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2008/07/19 19:31:05 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2008/07/19 19:31:05 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll
[2008/07/19 19:31:04 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2008/07/19 19:31:04 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2008/07/19 19:31:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2008/07/19 19:31:03 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2008/07/19 19:31:03 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2008/07/19 19:31:03 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2008/07/19 19:31:01 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2008/07/19 19:31:00 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll
[2008/07/19 19:30:59 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/14 19:14:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/14 19:14:46 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/07/14 19:11:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/14 19:11:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/14 19:10:54 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\king\ntuser.dat
[2010/07/14 19:10:54 | 000,055,796 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/14 19:10:54 | 000,055,796 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/14 19:10:54 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/14 19:10:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\king\ntuser.ini
[2010/07/14 19:07:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/14 18:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/14 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/07/14 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/07/14 06:11:21 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\king\Application Data\mcs.rma
[2010/07/14 06:11:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\king\Application Data\1749AF
[2010/07/14 00:33:02 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/07/13 22:40:52 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\king\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/13 22:40:50 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\king\Desktop\NTREGOPT.lnk
[2010/07/13 22:15:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
[2010/07/12 19:00:31 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\king\My Documents\Document.rtf
[2010/07/12 18:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/08 19:51:10 | 000,000,982 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/08 17:01:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 17:00:06 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\king\Desktop\mbam-setup.exe
[2010/07/07 13:58:24 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\king\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/05 15:11:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\king\Desktop\dds.scr
[2010/07/05 15:09:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\king\defogger_reenable
[2010/07/05 14:12:45 | 000,101,793 | ---- | M] () -- C:\Documents and Settings\king\My Documents\1234.rtf
[2010/07/04 08:31:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/04 08:27:34 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/06/30 13:23:56 | 000,049,533 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/06/28 18:46:42 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\king\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 04:43:06 | 000,688,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 04:43:06 | 000,581,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 04:43:06 | 000,114,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 22:52:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/21 14:16:42 | 000,000,040 | ---- | M] () -- C:\WINDOWS\RSoftInfo.dat
[2010/06/21 04:26:14 | 001,577,068 | -H-- | M] () -- C:\Documents and Settings\king\Local Settings\Application Data\IconCache.db
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 22:40:52 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\king\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/13 22:40:50 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\king\Desktop\NTREGOPT.lnk
[2010/07/12 19:00:31 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\king\My Documents\Document.rtf
[2010/07/08 17:01:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 15:11:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\king\Desktop\dds.scr
[2010/07/05 15:09:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\king\defogger_reenable
[2010/07/05 14:12:44 | 000,101,793 | ---- | C] () -- C:\Documents and Settings\king\My Documents\1234.rtf
[2010/03/18 05:56:06 | 000,000,066 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2010/01/01 20:09:18 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MonopolyBuildalot.ini
[2009/10/07 05:37:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/07/02 19:39:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009/02/23 11:34:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/02/23 11:34:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/02/23 11:34:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/02/07 20:37:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/21 13:38:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/09/16 04:08:15 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2008/08/20 19:43:19 | 000,000,170 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/08/10 08:01:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/06 22:44:38 | 000,027,402 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/08/06 22:44:38 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/06 22:15:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/08/06 22:15:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/07/27 18:16:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/27 08:21:36 | 000,000,656 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/26 22:39:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/07/26 22:38:55 | 000,006,434 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/07/26 19:46:24 | 000,030,688 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/22 19:20:26 | 000,049,533 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/20 07:29:09 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/07/20 07:29:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/07/20 07:29:09 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/07/19 20:50:31 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/07/19 20:25:45 | 000,000,347 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008/07/19 19:45:03 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2008/07/19 19:40:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/07/19 19:33:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2008/07/19 19:33:18 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2008/07/19 19:31:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini
[2008/07/19 19:31:06 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll
[2008/07/19 19:31:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2008/07/19 00:51:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/07/18 17:25:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/18 17:24:24 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/07/18 17:22:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/07/09 17:10:53 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/12 11:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 15:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/07/21 14:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/06/16 13:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2002/10/11 18:21:46 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\FixP4.dll
[2002/08/26 23:05:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ksProptyUtl.dll
[1999/05/26 21:13:14 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[1999/05/26 21:12:28 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
< End of report >


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 14 July 2010 - 06:42 PM

Hello, TADDY.

Ok, let's get another opinion, then we can restore wscript. Also, is NOrton running in real time protection mode? I just want to make sure it is. Thaks!



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 20 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 TADDY

TADDY
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 15 July 2010 - 03:59 AM

I was able to run the scan, but none of the options that you suggested popped up (push to find list of threats & push to export). I was able to do a print screen and save it as a pdf. There were 141575 files scan with no infections found or cleaned.

Attached Files

  • Attached File  Eset.pdf   147.24KB   5 downloads


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 15 July 2010 - 06:25 PM

Hello, TADDY.

OK, let's temp fate and restore wscript.exe. We need to find a clean copy first.



Step 1

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    CODE
    :filefind
    wscript.exe
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 TADDY

TADDY
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 16 July 2010 - 07:09 AM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:05 on 16/07/2010 by king (Administrator - Elevation successful)

========== filefind ==========

Searching for "wscript.exe"
C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe --a--c 155648 bytes [11:24 08/05/2008] [11:24 08/05/2008] CEA8F7E45B7B098F5FB085BB6A6A4432
C:\WINDOWS\$NtServicePackUninstall$\wscript.exe -----c 114688 bytes [20:44 09/07/2008] [10:00 04/08/2004] 3ADCE7346E279C8E7ADEC5F2428385C6
C:\WINDOWS\$NtUninstallKB951978$\wscript.exe -----c 155648 bytes [21:00 09/07/2008] [00:12 14/04/2008] 3E235D5E9093B8BAC47D9C8B124EA16C
C:\WINDOWS\ServicePackFiles\i386\wscript.exe -----c 155648 bytes [00:12 14/04/2008] [00:12 14/04/2008] 3E235D5E9093B8BAC47D9C8B124EA16C
C:\WINDOWS\system32\dllcache\wscript.exe -----c 155648 bytes [11:24 08/05/2008] [11:24 08/05/2008] CEA8F7E45B7B098F5FB085BB6A6A4432

-=End Of File=-

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 16 July 2010 - 06:07 PM

Hello, TADDY.
OK, let's give this a whirl. Let me know if your A/V catches anything.
  1. Please open Notepad.
  2. Copy and paste the text in the box below into Notepad, excluding the word code.
    CODE
    @ECHO OFF
    cd\
    copy c:\windows\system32\dllcache\wscript.exe c:\windows\system32\ > c:\wslog.txt
    dir c:\windows\system32\ws*.* >> c:\wslog.txt
    start c:\wslog.txt
    del %0

    This fix is custom made for this user's computer.
  3. Select File-->Save As
  4. Select File as Type: All Types (*.*)
  5. Save it to your desktop as fixme.bat
  6. Double-click to run it.
  7. A window will briefly pop up then close.
  8. A log will open, please copy and paste it into your response.
etavares

Edited by etavares, 16 July 2010 - 06:08 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 TADDY

TADDY
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 16 July 2010 - 06:15 PM

Hey etavares,

My A/V didn't catch anything.


1 file(s) copied.
Volume in drive C has no label.
Volume Serial Number is 98E7-FEEB

Directory of c:\windows\system32

04/13/2008 08:12 PM 19,968 ws2help.dll
04/13/2008 08:12 PM 82,432 ws2_32.dll
04/13/2008 08:12 PM 13,824 wscntfy.exe
05/08/2008 07:24 AM 155,648 wscript.exe
04/13/2008 08:12 PM 80,896 wscsvc.dll
04/13/2008 08:12 PM 148,480 wscui.cpl
08/04/2004 06:00 AM 9,216 wshatm.dll
04/13/2008 08:12 PM 108,032 wshbth.dll
04/13/2008 08:12 PM 36,864 wshcon.dll
05/09/2008 06:53 AM 90,112 wshext.dll
04/13/2008 08:12 PM 14,336 wship6.dll
08/04/2004 06:00 AM 11,776 wshisn.dll
08/04/2004 06:00 AM 7,168 wshnetbs.dll
05/09/2008 07:23 PM 135,168 wshom.ocx
04/13/2008 08:12 PM 11,264 wshrm.dll
04/13/2008 08:12 PM 19,456 wshtcpip.dll
04/13/2008 08:12 PM 41,984 wsnmp32.dll
04/13/2008 08:12 PM 22,528 wsock32.dll
04/13/2008 08:12 PM 50,688 wstdecod.dll
19 File(s) 1,059,840 bytes
0 Dir(s) 44,182,962,176 bytes free


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 16 July 2010 - 06:27 PM

Hello, TADDY.

Ok, let's take care of a few orphaned entries.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    SRV - File not found [Disabled | Stopped] -- -- (SageTV)
    O3 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 TADDY

TADDY
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 16 July 2010 - 10:21 PM

Hey etavares,

I was unable to complete the runfix. It kept generating an error. I have enclosed that long as well as the otl log.

Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)> in the current context!
Error: Unable to interpret <SRV - File not found [Disabled | Stopped] -- -- (SageTV)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.> in the current context!

OTL by OldTimer - Version 3.2.9.0 log created on 07162010_225106


OTL logfile created on: 7/16/2010 11:12:30 PM - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\king\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.12 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 229.18 Gb Total Space | 145.46 Gb Free Space | 63.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TADPOLE
Current User Name: king
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/08/25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 10:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/19 08:57:58 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/02/19 08:53:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 17:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/07/18 19:03:02 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/21 17:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- F:\Program Files\Network Magic\nmapp.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 21:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2007/02/12 19:56:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe
PRC - [2007/01/24 18:33:12 | 000,430,080 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\CTSMode.exe
PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/03/10 21:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- F:\Program Files\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/01 12:46:16 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\ShHook.dll
MOD - [2005/03/10 16:33:48 | 000,053,248 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/10/23 17:58:06 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/08/25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/07 19:48:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/02/07 19:43:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2009/02/07 19:42:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- F:\Program Files\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/09/05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/20 15:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007/02/12 19:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/07/13 21:22:10 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100716.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 21:22:10 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100716.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100716.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/27 00:00:57 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 00:00:57 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/22 14:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/16 05:59:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2009/02/19 10:55:20 | 000,015,384 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2009/02/19 10:54:48 | 001,222,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2009/02/19 10:53:16 | 001,179,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/02/19 10:52:42 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/02/19 10:52:04 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/02/19 10:51:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/02/19 10:50:46 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/02/19 10:45:16 | 000,535,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/02/19 10:44:40 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/02/19 10:43:50 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/02/19 10:43:50 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/02/19 10:43:10 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/02/19 10:43:10 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/02/19 10:42:26 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/02/19 10:42:26 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/01/26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/29 02:21:53 | 002,873,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/04 09:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/11/16 18:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/31 20:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/08/12 03:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/07/12 22:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/11/17 18:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/12 08:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/12/29 22:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://att.my.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/18 19:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/05/26 15:11:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/05/16 06:01:18 | 000,000,000 | ---D | M]

[2010/03/29 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions
[2010/03/29 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/18 05:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\king\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/14 19:07:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] F:\Program Files\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [LXDCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [nmapp] F:\Program Files\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\Run: [CTSMode] C:\Program Files\Creative\Sound Blaster X-Fi\AutoMode Switcher\CTSMode.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\king\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to AMV Converter... - F:\Kids MP3\AMVConverter\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\king\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1390067357-1767777339-682003330-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: F:\Desktop\Wallpaper\Beach chair.bmp
O24 - Desktop BackupWallPaper: F:\Desktop\Wallpaper\Beach chair.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/20 07:29:10 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b2261bf-21fb-11de-9e7e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2b2261bf-21fb-11de-9e7e-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35616d86-5edd-11dd-b6ef-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{35616d86-5edd-11dd-b6ef-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad735108-4e94-11dd-93f5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ad735108-4e94-11dd-93f5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/16 19:15:05 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/07/14 20:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/14 20:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/14 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/14 20:38:00 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/14 20:38:00 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/14 20:38:00 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/14 20:38:00 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/14 20:38:00 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/14 20:31:48 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\king\Desktop\jre-6u21-windows-i586.exe
[2010/07/13 22:43:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/13 22:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/13 22:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/13 22:15:39 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/12 23:42:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
[2010/07/11 17:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\My Documents\Downloads
[2010/07/10 14:53:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\king\Recent
[2010/07/08 17:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Application Data\Malwarebytes
[2010/07/08 17:01:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 17:01:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 17:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 17:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/08 17:00:06 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\king\Desktop\mbam-setup.exe
[2010/07/05 15:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\king\Desktop\gmer
[2010/07/04 23:55:48 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/06/28 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 18:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/16 04:08:09 | 000,014,336 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/07/19 19:31:05 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2008/07/19 19:31:05 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2008/07/19 19:31:05 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll
[2008/07/19 19:31:04 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2008/07/19 19:31:04 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2008/07/19 19:31:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2008/07/19 19:31:03 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2008/07/19 19:31:03 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2008/07/19 19:31:03 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2008/07/19 19:31:01 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2008/07/19 19:31:00 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll
[2008/07/19 19:30:59 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/16 23:09:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/16 23:09:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/07/16 22:53:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/16 22:53:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/16 22:52:22 | 000,055,796 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/16 22:52:22 | 000,055,796 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/16 22:52:22 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/07/16 22:52:07 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\king\ntuser.dat
[2010/07/16 22:52:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\king\ntuser.ini
[2010/07/16 22:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/16 08:05:15 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\king\Desktop\SystemLook.exe
[2010/07/16 00:33:17 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/07/15 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/07/15 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/07/15 04:50:51 | 000,150,771 | ---- | M] () -- C:\Documents and Settings\king\Desktop\Eset.pdf
[2010/07/14 20:37:42 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/14 20:37:42 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/14 20:37:42 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/14 20:37:42 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/14 20:37:42 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/14 20:31:48 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\king\Desktop\jre-6u21-windows-i586.exe
[2010/07/14 19:07:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/14 06:11:21 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\king\Application Data\mcs.rma
[2010/07/14 06:11:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\king\Application Data\1749AF
[2010/07/13 22:40:52 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\king\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/13 22:40:50 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\king\Desktop\NTREGOPT.lnk
[2010/07/13 22:15:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/12 23:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\king\Desktop\OTL.exe
[2010/07/12 19:00:31 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\king\My Documents\Document.rtf
[2010/07/12 18:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/08 19:51:10 | 000,000,982 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/08 17:01:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 17:00:06 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\king\Desktop\mbam-setup.exe
[2010/07/07 13:58:24 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\king\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/05 15:11:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\king\Desktop\dds.scr
[2010/07/05 15:09:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\king\defogger_reenable
[2010/07/05 14:12:45 | 000,101,793 | ---- | M] () -- C:\Documents and Settings\king\My Documents\1234.rtf
[2010/07/04 08:31:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/04 08:27:34 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/06/30 13:23:56 | 000,049,533 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/06/28 18:46:42 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\king\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 04:43:06 | 000,688,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 04:43:06 | 000,581,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 04:43:06 | 000,114,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 22:52:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/21 14:16:42 | 000,000,040 | ---- | M] () -- C:\WINDOWS\RSoftInfo.dat
[2010/06/21 04:26:14 | 001,577,068 | -H-- | M] () -- C:\Documents and Settings\king\Local Settings\Application Data\IconCache.db
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/16 08:05:15 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\king\Desktop\SystemLook.exe
[2010/07/15 04:50:50 | 000,150,771 | ---- | C] () -- C:\Documents and Settings\king\Desktop\Eset.pdf
[2010/07/13 22:40:52 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\king\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/13 22:40:50 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\king\Desktop\NTREGOPT.lnk
[2010/07/12 19:00:31 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\king\My Documents\Document.rtf
[2010/07/08 17:01:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 15:11:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\king\Desktop\dds.scr
[2010/07/05 15:09:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\king\defogger_reenable
[2010/07/05 14:12:44 | 000,101,793 | ---- | C] () -- C:\Documents and Settings\king\My Documents\1234.rtf
[2010/03/18 05:56:06 | 000,000,066 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2010/01/01 20:09:18 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MonopolyBuildalot.ini
[2009/10/07 05:37:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/07/02 19:39:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009/02/23 11:34:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/02/23 11:34:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/02/23 11:34:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/02/07 20:37:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/21 13:38:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/09/16 04:08:15 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2008/08/20 19:43:19 | 000,000,170 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/08/10 08:01:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/06 22:44:38 | 000,027,402 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/08/06 22:44:38 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/06 22:15:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/08/06 22:15:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/07/27 18:16:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/27 08:21:36 | 000,000,656 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/26 22:39:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/07/26 22:38:55 | 000,006,434 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/07/26 19:46:24 | 000,030,688 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/22 19:20:26 | 000,049,533 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/20 07:29:09 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/07/20 07:29:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/07/20 07:29:09 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/07/19 20:50:31 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/07/19 20:25:45 | 000,000,347 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008/07/19 19:45:03 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2008/07/19 19:40:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/07/19 19:33:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2008/07/19 19:33:18 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2008/07/19 19:31:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini
[2008/07/19 19:31:06 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll
[2008/07/19 19:31:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2008/07/19 00:51:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/07/18 17:25:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/18 17:24:24 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/07/18 17:22:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/07/09 17:10:53 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/12 11:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 15:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/07/21 14:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/06/16 13:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2002/10/11 18:21:46 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\FixP4.dll
[2002/08/26 23:05:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ksProptyUtl.dll
[1999/05/26 21:13:14 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[1999/05/26 21:12:28 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
< End of report >







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users