Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe


  • This topic is locked This topic is locked
33 replies to this topic

#1 Brrrandon

Brrrandon

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 22 July 2010 - 11:22 PM

Hello bleeping computer, My problem is Everytime i turn on my PC in my task manager iexplore.exe will be there 2-4 times when i dont even have internet explorer opened. Also it laggs my pc alot because its acting like im on the internet when im not also if i turn on my sound sometimes it does not work, and sometimes it works but you hear clicking like a person is changing sites online when im not even on, Also i am getting random popup's throught out the day and i think that has to do with the iexplore.exe being up also, I would please like if someone could help me out thank you.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 17:19:47.70 on Thu 07/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.144 [GMT -4:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

svchost.exe 4
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
svchost.exe 4
C:\Documents and Settings\Owner\My Documents\Downloads\Defogger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-CEC4-75A487FD6484} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NodEnabler] c:\program files\eset\eset smart security\nodenabler\NodEnabler.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?796fd4cdd67b4710a5899b3e7a97f504
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?796fd4cdd67b4710a5899b3e7a97f504
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3253534D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/3/4/F345356C-453F-439C-8977-81149FBF0980/wms9dmo.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/1253c2e00f2cbcb5eb14/netzip/RdxIE601.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} - hxxp://wahu.mysynergyroom.com/iv4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178932772375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://brookseckerd.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
DPF: {FC686D83-E465-46AE-A315-7D1BD14F8163} - hxxp://www.groupboard.com/groupconf/groupconf.cab
Notify: explorer - explorer.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-9-8 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-10 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 skfilt;skfilt; [x]
S3 USB18PRG;mikroElektronika USB18F Device (x86 Platform);c:\windows\system32\drivers\USB18PRG.sys [2009-2-8 39424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-22 21:15:15 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-07-20 23:15:36 0 d-----w- C:\ComboFix
2010-07-20 07:08:09 0 d-----w- c:\docume~1\owner\applic~1\Registry Mechanic
2010-07-13 19:23:16 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 00:44:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-11 21:09:55 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-07-11 09:01:59 0 ----a-w- c:\documents and settings\owner\ntuser.tmp
2010-07-09 19:27:10 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1f9cb9aea6c2.mof

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-08-03 23:48:08 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-05-30 04:13:19 1603 --sha-w- c:\windows\system32\rerolpxe.dat
2005-05-29 22:04:42 1154 --sha-w- c:\windows\system32\rerolpxei.dat
2008-08-30 23:10:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 17:21:30.31 ===============

Attached Files


Edited by Brrrandon, 23 July 2010 - 01:17 AM.


BC AdBot (Login to Remove)

 


#2 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 24 July 2010 - 07:06 PM

About how long does it take to get help on here?

EDIT: Please be patient. There are over 480 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

Edited by Budapest, 24 July 2010 - 07:36 PM.


#3 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 29 July 2010 - 12:06 AM

Ive waited like 6 days sad.gif and i see people posting and in a hour or day getting help.. i thought this ran differently.

EDIT: Currently there are about 45 people who posted before you and have not yet received help ~BP

Edited by Budapest, 29 July 2010 - 01:47 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 30 July 2010 - 05:32 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

PS> In some cases, we do pick up specific newer logs for a variety of reasons. In my case, I guarantee I pick up the 20 oldest logs for every new log I pick up...maybe more.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 31 July 2010 - 07:22 PM

Well im having problems with Iexplore.exe it was running on the task manager when i turned my pc on.. but now its not on there but its still running somehow in the background and i still hear clicking pages in the background my wave sound goes down all the time... My computers running really slow because of these processes and im also getting random ad pop ups and my Anti-Virus is showing blocked sites that im not even on. Here's the logs u asked for thx for the help.

OTL LOG


OTL logfile created on: 7/31/2010 12:33:14 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 26.00 Mb Available Physical Memory | 5.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.20 Gb Free Space | 51.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Brandon
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/31 00:29:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/22 18:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\verizon\McciTrayApp.exe
PRC - [2010/03/14 12:03:44 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/15 23:31:57 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 15:20:04 | 002,061,816 | ---- | M] (Verizon) -- C:\Program Files\verizon\VSP\VerizonServicepoint.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/05/23 14:20:28 | 000,050,744 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe
PRC - [2005/05/20 11:11:52 | 000,357,944 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
PRC - [2005/05/11 13:05:10 | 000,108,088 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/31 00:29:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/05/26 00:01:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/09/08 15:58:15 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/07/16 18:32:00 | 000,039,424 | ---- | M] (mikroElektronika) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB18PRG.sys -- (USB18PRG) mikroElektronika USB18F Device (x86 Platform)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/26 01:39:43 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2005/02/26 01:39:43 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2005/02/26 01:39:43 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2005/02/26 01:39:43 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/08/28 19:58:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/06 05:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 05:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 05:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 05:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 05:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 05:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 05:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 05:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 05:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 07:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 15:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 15:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/07/02 11:26:20 | 000,202,368 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/07/02 11:25:24 | 000,631,680 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/02 11:24:16 | 001,063,936 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 22:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/06/20 06:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/12/17 16:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/14 12:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/05/26 17:23:00 | 000,000,000 | ---D | M]

[2008/07/17 16:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2bo0jq5w.default\extensions
[2008/07/17 16:58:04 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2bo0jq5w.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [A Verizon App] C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe (Verizon Internet Solutions)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-18..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/3...980/wms9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/1253c2e00f2cbc...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} http://wahu.mysynergyroom.com/iv4.cab (iVocalize Web Conference 4 Setup)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1178932772375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://brookseckerd.pnimedia.com/upload/ac...tupv2.0.0.9.cab? (Photo Upload Plugin Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FC686D83-E465-46AE-A315-7D1BD14F8163} http://www.groupboard.com/groupconf/groupconf.cab (Cgroupconf_control Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\explorer: DllName - explorer.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Comcast Universal Caller ID.lnk - C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe - ()
MsConfig - StartUpReg: RegistryMechanic - hkey= - key= - C:\Program Files\Registry Mechanic\RegMech.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Software)
MsConfig - StartUpReg: VolPanel - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/31 00:28:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/28 01:27:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/27 20:12:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/20 19:15:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/20 18:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/20 03:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic
[2010/07/13 16:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/11 20:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/11 20:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/11 20:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/11 20:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/11 20:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2010/07/11 20:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/07/11 20:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/07/11 17:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/07/09 22:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\NodEnabler 3.4
[2010/07/09 15:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Windows Search
[2010/07/09 15:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/07/09 15:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/07/09 12:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/07 03:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nade
[2010/06/14 13:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/05/26 18:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/26 18:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/05/26 18:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/05/26 18:25:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/05/26 17:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2010/05/26 17:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ESET
[2010/05/26 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/05/26 17:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/26 17:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/05/24 17:47:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\FIOS
[2010/05/14 00:08:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/13 23:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/13 23:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/05/13 23:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/05/13 23:27:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/31 01:00:00 | 000,000,266 | -H-- | M] () -- C:\WINDOWS\tasks\A8686C269187E10E.job
[2010/07/31 00:57:50 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/31 00:30:09 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/31 00:30:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/31 00:29:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/31 00:23:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/31 00:22:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/31 00:22:24 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2049760794-839522115-1003.job
[2010/07/31 00:22:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 00:22:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/30 14:17:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/30 14:17:07 | 027,525,120 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/30 13:44:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2049760794-839522115-1003.job
[2010/07/27 01:58:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/23 04:04:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/23 04:04:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/23 04:04:00 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/22 17:23:50 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/22 17:17:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/22 17:11:33 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/16 14:56:03 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WeddingReceptionChoices.xls
[2010/07/13 16:26:01 | 000,626,250 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/13 16:26:01 | 000,522,988 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/13 16:26:01 | 000,094,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/09 22:32:23 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NodEnabler 3.4.lnk
[2010/07/09 15:28:10 | 000,542,927 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fiveguys.JPG
[2010/07/08 02:36:22 | 002,110,160 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/07 15:15:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/07/07 08:20:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/04 13:53:31 | 000,003,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSN Games - Free Online Games.url
[2010/06/22 15:57:36 | 008,794,112 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/06/22 15:57:36 | 004,328,448 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/06/11 12:14:04 | 000,459,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/25 19:18:49 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Resume FiOS Activation.lnk
[2010/05/13 23:27:23 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/05/11 18:49:27 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\weddinginvitation3.doc
[2010/05/11 18:22:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ddinginvitation3.doc
[2010/05/11 18:20:44 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\weddinginvitation2.doc
[2010/05/11 17:32:23 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ddinginvitation.doc
[2010/05/09 17:09:16 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/22 17:25:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/07/22 17:23:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/22 17:17:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/22 17:11:33 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/14 00:35:49 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Owner\hershey.txt
[2010/07/09 22:32:23 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NodEnabler 3.4.lnk
[2010/07/09 15:28:10 | 000,542,927 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fiveguys.JPG
[2010/07/08 14:18:39 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/08 14:18:39 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/04 13:53:31 | 000,003,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSN Games - Free Online Games.url
[2010/06/30 20:59:06 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WeddingReceptionChoices.xls
[2010/05/24 17:47:39 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Resume FiOS Activation.lnk
[2010/05/20 16:50:14 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\Owner\niagara trip advisor.txt
[2010/05/13 23:39:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/05/13 23:27:22 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/05/12 22:24:28 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2049760794-839522115-1003.job
[2010/05/11 18:22:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ddinginvitation3.doc
[2010/05/11 18:22:21 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\weddinginvitation3.doc
[2010/05/11 17:32:23 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ddinginvitation.doc
[2009/01/23 19:47:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2008/09/28 00:38:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/12/29 02:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/30 11:56:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/10/30 11:56:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/09/13 22:02:18 | 001,200,128 | ---- | C] () -- C:\WINDOWS\System32\iv4.dll
[2006/08/03 19:29:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TotRecal.INI
[2006/08/03 19:28:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Arcade.ini
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/12/09 14:41:57 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/12/05 21:36:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/08/06 20:21:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GamChest.INI
[2005/08/06 20:13:14 | 000,000,840 | ---- | C] () -- C:\WINDOWS\Wgi.ini
[2005/08/06 20:13:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ProBack.INI
[2005/07/23 23:22:06 | 000,000,591 | ---- | C] () -- C:\WINDOWS\System32\daq2imvi.ini
[2005/07/03 14:18:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/07/02 12:26:51 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/23 04:25:05 | 000,000,340 | ---- | C] () -- C:\WINDOWS\mswgidll.ini
[2005/05/17 01:36:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nbara.dll
[2005/05/06 20:15:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\rlcos.dll
[2005/05/06 16:51:04 | 000,001,168 | ---- | C] () -- C:\WINDOWS\msvxdll.ini
[2005/05/06 16:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ADBack.INI
[2005/05/01 02:27:44 | 000,000,956 | ---- | C] () -- C:\WINDOWS\mswrddll.ini
[2005/04/30 12:07:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkxo32.dll
[2005/04/30 10:34:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3vl32.dll
[2005/04/30 10:19:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addye.dll
[2005/04/29 09:09:26 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crbg.dll
[2005/04/29 01:24:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\iezj32.dll
[2005/04/29 01:16:59 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crzn32.dll
[2005/04/29 01:09:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netkj32.dll
[2005/04/28 23:15:17 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3pd32.dll
[2005/04/28 21:56:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkkx32.dll
[2005/04/28 18:14:38 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkub32.dll
[2005/04/28 18:00:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appfm.dll
[2005/04/28 13:35:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlcw32.dll
[2005/04/28 13:06:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javadc32.dll
[2005/04/28 11:55:15 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipqe32.dll
[2005/04/28 10:07:53 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcwf.dll
[2005/04/28 09:03:27 | 000,084,107 | ---- | C] () -- C:\WINDOWS\atlst.dll
[2005/04/28 07:44:43 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addzm.dll
[2005/04/28 06:33:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javasp.dll
[2005/04/28 05:14:23 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winmi32.dll
[2005/04/28 01:46:48 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\iexd32.dll
[2005/04/27 14:26:46 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipmo.dll
[2005/04/27 10:44:51 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apidi.dll
[2005/04/27 07:02:57 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipjj.dll
[2005/04/27 00:36:24 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msxs.dll
[2005/04/26 22:49:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crem32.dll
[2005/04/26 22:06:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlfv32.dll
[2005/04/26 15:39:32 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntoc32.dll
[2005/04/26 13:30:41 | 000,084,107 | ---- | C] () -- C:\WINDOWS\cryx32.dll
[2005/04/26 09:05:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javafd32.dll
[2005/04/26 05:09:36 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipzr32.dll
[2005/04/26 00:37:35 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msyu32.dll
[2005/04/25 19:15:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msnp32.dll
[2005/04/25 18:11:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntjv.dll
[2005/04/25 17:13:46 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlec32.dll
[2005/04/25 13:24:43 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addiu.dll
[2005/04/25 09:35:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntvo32.dll
[2005/04/25 09:35:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javaym.dll
[2005/04/25 05:32:16 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkwq.dll
[2005/04/25 01:07:24 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msyd.dll
[2005/04/25 00:45:56 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javapy32.dll
[2005/04/24 21:32:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crrr32.dll
[2005/04/24 10:48:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netgg32.dll
[2005/04/24 06:09:14 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msgt32.dll
[2005/04/24 01:15:45 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3id32.dll
[2005/04/24 00:39:58 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipak32.dll
[2005/04/24 00:04:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlzb.dll
[2005/04/23 21:48:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkwv.dll
[2005/04/23 15:50:15 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\crvf.dll
[2005/04/23 15:00:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcge32.dll
[2005/04/23 05:13:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msrn32.dll
[2005/04/22 17:10:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apint.dll
[2005/04/22 14:54:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winsj32.dll
[2005/04/22 14:11:13 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javaon32.dll
[2005/04/22 13:35:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\netsk.dll
[2005/04/22 11:26:35 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javank32.dll
[2005/04/22 10:36:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apitx32.dll
[2005/04/22 08:20:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdksg32.dll
[2005/04/22 05:14:21 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipnp.dll
[2005/04/22 02:44:01 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netzl32.dll
[2005/04/22 01:18:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\crho32.dll
[2005/04/22 01:18:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\apinb.dll
[2005/04/21 21:21:54 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sysxc.dll
[2005/04/21 11:20:36 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msuh32.dll
[2005/04/21 03:28:09 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntmj.dll
[2005/04/21 02:23:44 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appsh32.dll
[2005/04/20 23:46:15 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winxk.dll
[2005/04/20 16:51:04 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkap32.dll
[2005/04/20 15:32:20 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appgi32.dll
[2005/04/20 13:16:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javanh32.dll
[2005/04/20 06:06:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\d3vg32.dll
[2005/04/20 05:23:53 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appgj.dll
[2005/04/19 18:39:38 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntbp.dll
[2005/04/19 13:03:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msnu32.dll
[2005/04/19 12:13:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winbc32.dll
[2005/04/19 09:06:58 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winhs.dll
[2005/04/18 22:58:31 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkqw.dll
[2005/04/18 21:54:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfczb32.dll
[2005/04/18 21:18:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlgq32.dll
[2005/04/18 20:56:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\mfcca32.dll
[2005/04/18 14:23:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msfr.dll
[2005/04/18 13:40:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcyx32.dll
[2005/04/18 13:33:01 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addnx32.dll
[2005/04/18 12:42:54 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\apivg32.dll
[2005/04/18 09:22:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlup32.dll
[2005/04/18 05:40:34 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appdf.dll
[2005/04/18 01:01:23 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netdt32.dll
[2005/04/18 00:11:17 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winiw32.dll
[2005/04/17 10:22:16 | 000,084,070 | ---- | C] () -- C:\WINDOWS\System32\mstq32.dll
[2005/04/17 07:57:45 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mspx.dll
[2005/04/17 03:25:45 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlgp32.dll
[2005/04/17 02:21:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipqw.dll
[2005/04/17 00:55:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ierm.dll
[2005/04/17 00:12:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addzz.dll
[2005/04/16 23:51:00 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appnk.dll
[2005/04/16 10:57:54 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appej.dll
[2005/04/16 06:40:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipis.dll
[2005/04/16 04:31:21 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcrt32.dll
[2005/04/16 01:39:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3ih.dll
[2005/04/15 23:09:14 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winqq.dll
[2005/04/15 22:54:55 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntko.dll
[2005/04/15 09:26:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntgr.dll
[2005/04/15 02:45:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\syssk.dll
[2005/04/14 12:52:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\wcfgdll.ini
[2005/04/14 07:54:09 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winpz.dll
[2005/04/14 07:39:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addwh32.dll
[2005/04/14 05:30:59 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkdi32.dll
[2005/04/13 19:22:32 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msek.dll
[2005/04/13 18:18:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntth32.dll
[2005/04/13 10:18:30 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addfe32.dll
[2005/04/12 12:14:14 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javaks.dll
[2005/04/12 03:31:40 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntor32.dll
[2005/04/11 14:38:35 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javaeo.dll
[2005/04/11 11:25:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\mswk.dll
[2005/04/11 09:30:46 | 000,084,107 | ---- | C] () -- C:\WINDOWS\iewz32.dll
[2005/04/10 11:33:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addga32.dll
[2005/04/09 16:06:51 | 000,084,107 | ---- | C] () -- C:\WINDOWS\syshu.dll
[2005/04/09 09:40:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addcd.dll
[2005/04/09 04:18:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcdf32.dll
[2005/04/09 02:59:26 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appba.dll
[2005/04/08 18:24:03 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netvb.dll
[2005/04/08 15:25:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apinq32.dll
[2005/04/08 13:37:43 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipvs32.dll
[2005/04/08 12:11:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crby32.dll
[2005/04/08 12:04:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3wl32.dll
[2005/04/07 18:46:42 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntlc32.dll
[2005/04/06 18:47:53 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcst32.dll
[2005/04/06 07:42:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netha.dll
[2005/04/06 07:42:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipwc.dll
[2005/04/06 05:33:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crrc32.dll
[2005/04/05 22:38:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javaiu32.dll
[2005/04/05 08:26:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3te.dll
[2005/04/05 04:01:27 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javahh32.dll
[2005/04/05 01:09:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkcl.dll
[2005/04/04 18:57:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\syspm.dll
[2005/04/04 13:49:37 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javaqi.dll
[2005/04/04 02:00:57 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntpl.dll
[2005/04/03 23:16:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipkh.dll
[2005/04/03 20:03:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\iege32.dll
[2005/04/03 18:29:58 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crde32.dll
[2005/04/03 16:06:48 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\mfcym32.dll
[2005/04/03 03:56:40 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkpq32.dll
[2005/04/03 03:20:52 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\crjs32.dll
[2005/04/02 22:56:01 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcsd.dll
[2005/04/02 15:53:41 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javahv.dll
[2005/04/02 15:53:41 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addgz32.dll
[2005/04/02 15:46:31 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\d3cy32.dll
[2005/04/02 13:16:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlxw.dll
[2005/04/02 08:15:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msin.dll
[2005/04/02 06:49:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appvw32.dll
[2005/04/02 06:42:29 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appgw32.dll
[2005/04/02 05:38:04 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\d3gb.dll
[2005/04/01 20:41:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlwr.dll
[2005/04/01 18:46:40 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winva32.dll
[2005/04/01 16:16:20 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\nettd32.dll
[2005/04/01 09:06:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msfx.dll
[2005/04/01 05:10:37 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appvp32.dll
[2005/03/31 23:34:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkai.dll
[2005/03/31 23:34:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appwi.dll
[2005/03/31 23:05:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlks.dll
[2005/03/19 00:45:20 | 000,000,436 | ---- | C] () -- C:\WINDOWS\Win95dll.ini
[2005/03/19 00:14:46 | 000,001,036 | ---- | C] () -- C:\WINDOWS\Wgid.ini
[2005/03/19 00:11:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Botz.ini
[2005/03/15 22:44:22 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/03/15 22:44:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/03/15 18:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Solcon.INI
[2005/02/28 21:50:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/28 09:18:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/02/26 01:52:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/26 01:29:11 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2005/02/26 01:29:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2005/02/26 01:28:07 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/02/26 01:28:07 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/02/26 00:54:47 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/02/22 11:46:38 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSON 1260_1660 Installer.ini
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/09/28 00:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2010/05/26 17:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/11 23:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2005/08/03 18:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2009/07/19 11:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2005/04/23 20:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/28 18:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/08/26 12:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\settingsloadownstest
[2010/07/21 23:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/15 23:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/13 23:27:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/07/09 15:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Windows Search
[2010/07/11 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2005/03/05 16:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2010/02/15 17:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2006/05/14 11:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Eltima Software
[2005/03/02 00:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2010/05/26 17:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2006/01/25 17:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FantasyIM
[2008/08/26 12:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HOLD REF DUMB
[2005/12/29 17:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2006/04/23 12:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc
[2005/04/07 15:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/03/16 15:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lionhead Studios
[2008/09/30 17:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2006/04/27 16:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2009/07/19 11:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/07/20 03:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic
[2008/04/29 19:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Screaming Bee
[2009/07/03 23:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2006/12/14 16:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2010/05/13 23:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/05/09 21:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/05/25 19:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2007/01/03 19:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2010/05/26 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/06/14 13:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2008/12/05 18:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X-Chat 2
[2010/07/31 01:00:00 | 000,000,266 | -H-- | M] () -- C:\WINDOWS\Tasks\A8686C269187E10E.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/13 20:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/13 20:11:59 | 002,843,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2009/03/08 05:22:38 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/13 14:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 20:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/13 20:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/13 20:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/13 20:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/13 20:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/13 20:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/13 13:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/02/25 16:07:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/02/25 16:07:59 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/02/25 16:07:59 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/07/23 04:04:00 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/02/26 00:18:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/24 16:02:20 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt
[2008/02/01 12:03:51 | 037,914,096 | ---- | M] () -- C:\halflife.wad
[2005/02/26 00:18:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/15 23:08:29 | 000,001,046 | -H-- | M] () -- C:\IPH.PH
[2005/02/26 00:18:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/07/10 01:17:10 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2007/05/12 19:54:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/30 18:41:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/31 00:22:11 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/07/05 22:46:02 | 000,001,386 | ---- | M] () -- C:\plaxo.log
[2008/06/25 12:53:08 | 000,011,736 | ---- | M] () -- C:\pldecal.wad
[2010/07/16 15:46:48 | 000,000,372 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2007/05/12 19:48:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/30 18:35:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/05/12 19:48:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/30 18:35:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/05/12 19:48:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/30 18:35:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/05/12 19:48:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/30 18:35:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 16:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2004/12/28 21:31:44 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=0706E1CD6B89800781DB038F4B3F5654 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 11:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2004/08/04 03:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2003/07/16 16:49:22 | 000,560,128 | ---- | M] (Microsoft Corporation) MD5=DD9269230C21EE8FB7FD3FCCC3B1CFCB -- C:\WINDOWS\$NtUninstallKB891711$\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004/08/04 03:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2006/05/19 08:15:33 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=3748E0FC8C1B6ADA49F98C8E69A4228C -- C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
[2003/07/16 16:53:07 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=8529C295DF59B564D37A73B5629162B1 -- C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Greenstone.bmp:gtalga
@Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Coffee Bean.bmp:qpnkor
@Alternate Data Stream - 7423 bytes -> C:\WINDOWS\EPSON 1260_1660 Installer.ini:evijhm
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Gone Fishing.bmp:wvaobx
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\control.ini:iqgpqb
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\setupapi.log.1.old:lkoraj
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\govdo.dat:hporzv
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\explorer.scf:nthyey
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\control.ini:lyalnf
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\Blue Lace 16.bmp:baahmk
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351
< End of report >

Extra File


OTL Extras logfile created on: 7/31/2010 12:33:14 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 26.00 Mb Available Physical Memory | 5.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.20 Gb Free Space | 51.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Brandon
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN\MSNCoreFiles\msn.exe" = C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Enabled:msn -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\davidleblanc911\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\davidleblanc911\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\harryburns226\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\harryburns226\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\AIM\AIM Pro\aimpro.exe" = C:\Program Files\AIM\AIM Pro\aimpro.exe:*:Enabled:AIM Pro -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1133833456\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1133833456\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Steam\steamapps\schaelde\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\schaelde\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\schaelde\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\schaelde\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\davidleblanc911\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\davidleblanc911\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}" = Comcast Universal Caller ID
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78B55A60-5E51-11D4-A766-00C00C02EDEF}" = Nancy Drew: Message in a Haunted Mansion
"{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: Treasure in the Royal Tower
"{93C3B6D2-8FB0-400F-A763-1B64F7C62B5B}" = Nancy Drew: Danger on Deception Island
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E38979C-FA65-476D-80C7-72F4EADE726C}" = Nancy Drew: The Curse of Blackmoor Manor
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CABAEEF9-DB89-9ACB-97E0-44D156FAC6AD}" = Diner Dash
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC255660-F987-41C8-8416-7376305A3FE5}" = Restaurant Empire
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"546AD70ECFACF0F2701DB2569EA9CBA07EFEA05B" = Windows Driver Package - mikroElektronika (USB18PRG) ClassName (05/15/2007 6.0.6000.16386)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Anfy" = Anfy
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Cake Mania 2_is1" = Cake Mania 2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Universal Caller ID
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Diner Dash" = Diner Dash (remove only)
"EPSON Photo Print" = EPSON Photo Print
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"iVocalize Web Conference 4" = iVocalize Web Conference 4
"LiveReg" = LiveReg (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NodEnabler" = NodEnabler 3.4
"Pet Vet" = Pet Vet (remove only)
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"Plaxo" = Plaxo Toolbar for Windows
"Q903235" = Internet Explorer Q903235
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"rd50oamq" = Select CashBack
"RealPlayer 12.0" = RealPlayer
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON Scanner Reference Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SysInfo" = Creative System Information
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZBB" = Verizon Broadband Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.8.9 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Steam App 240" = Counter-Strike: Source
"Steam App 80" = Condition Zero

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2010 4:35:19 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/24/2010 4:35:19 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 1:47:16 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 1:47:16 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 11:53:50 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 11:53:51 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/26/2010 3:26:02 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/26/2010 3:26:02 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/27/2010 5:16:44 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/27/2010 5:16:45 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

[ System Events ]
Error - 7/29/2010 1:31:59 PM | Computer Name = Brandon | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 7/30/2010 12:42:56 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {F0CF7D37-4806-4F17-BE08-51C14F9C7DC5} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:43:30 PM | Computer Name = Brandon | Source = Service Control Manager | ID = 7022
Description = The WebClient service hung on starting.

Error - 7/30/2010 12:44:56 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {F01CC27F-3376-4FEB-86FE-D71301FFE242} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:45:53 PM | Computer Name = Brandon | Source = Service Control Manager | ID = 7038
Description = The ALG service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%5 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 7/30/2010 12:45:53 PM | Computer Name = Brandon | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1069

Error - 7/30/2010 12:48:37 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:50:37 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:52:39 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/31/2010 12:27:14 AM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >


Gmer Log


OTL Extras logfile created on: 7/31/2010 12:33:14 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 26.00 Mb Available Physical Memory | 5.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.20 Gb Free Space | 51.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Brandon
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN\MSNCoreFiles\msn.exe" = C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Enabled:msn -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\davidleblanc911\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\davidleblanc911\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\harryburns226\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\harryburns226\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\AIM\AIM Pro\aimpro.exe" = C:\Program Files\AIM\AIM Pro\aimpro.exe:*:Enabled:AIM Pro -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1133833456\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1133833456\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Steam\steamapps\schaelde\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\schaelde\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\schaelde\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\schaelde\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\davidleblanc911\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\davidleblanc911\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}" = Comcast Universal Caller ID
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78B55A60-5E51-11D4-A766-00C00C02EDEF}" = Nancy Drew: Message in a Haunted Mansion
"{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: Treasure in the Royal Tower
"{93C3B6D2-8FB0-400F-A763-1B64F7C62B5B}" = Nancy Drew: Danger on Deception Island
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E38979C-FA65-476D-80C7-72F4EADE726C}" = Nancy Drew: The Curse of Blackmoor Manor
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CABAEEF9-DB89-9ACB-97E0-44D156FAC6AD}" = Diner Dash
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC255660-F987-41C8-8416-7376305A3FE5}" = Restaurant Empire
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"546AD70ECFACF0F2701DB2569EA9CBA07EFEA05B" = Windows Driver Package - mikroElektronika (USB18PRG) ClassName (05/15/2007 6.0.6000.16386)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Anfy" = Anfy
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Cake Mania 2_is1" = Cake Mania 2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Universal Caller ID
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Diner Dash" = Diner Dash (remove only)
"EPSON Photo Print" = EPSON Photo Print
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"iVocalize Web Conference 4" = iVocalize Web Conference 4
"LiveReg" = LiveReg (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NodEnabler" = NodEnabler 3.4
"Pet Vet" = Pet Vet (remove only)
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"Plaxo" = Plaxo Toolbar for Windows
"Q903235" = Internet Explorer Q903235
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"rd50oamq" = Select CashBack
"RealPlayer 12.0" = RealPlayer
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON Scanner Reference Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SysInfo" = Creative System Information
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZBB" = Verizon Broadband Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.8.9 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Steam App 240" = Counter-Strike: Source
"Steam App 80" = Condition Zero

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2010 4:35:19 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/24/2010 4:35:19 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 1:47:16 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 1:47:16 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 11:53:50 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/25/2010 11:53:51 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/26/2010 3:26:02 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/26/2010 3:26:02 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/27/2010 5:16:44 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

Error - 7/27/2010 5:16:45 PM | Computer Name = Brandon | Source = WinDefendRtp | ID = 3003
Description =

[ System Events ]
Error - 7/29/2010 1:31:59 PM | Computer Name = 412-481-8114DIT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 7/30/2010 12:42:56 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {F0CF7D37-4806-4F17-BE08-51C14F9C7DC5} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:43:30 PM | Computer Name = Brandon | Source = Service Control Manager | ID = 7022
Description = The WebClient service hung on starting.

Error - 7/30/2010 12:44:56 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {F01CC27F-3376-4FEB-86FE-D71301FFE242} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:45:53 PM | Computer Name = Brandon | Source = Service Control Manager | ID = 7038
Description = The ALG service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%5 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 7/30/2010 12:45:53 PM | Computer Name = Brandon | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1069

Error - 7/30/2010 12:48:37 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:50:37 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/30/2010 12:52:39 PM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/31/2010 12:27:14 AM | Computer Name = Brandon | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

Edited by Brrrandon, 31 July 2010 - 07:30 PM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 01 August 2010 - 05:56 AM

Hello, Brrrandon.

Ok, first if you still have your copy of Combofix from a week or two ago, please delete it and download a new copy.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.




Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case UniBlue Registry Booster 2009). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578

Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578


Viewpoint (foistware) Warning"

I see Viewpoint is installed on your machine. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to the Control Panel, then Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.







Step 2
  1. Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  2. Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    CODE
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  3. Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  4. Open your c:\folder and double-click on fixme.bat. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.



Step 3

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 01 August 2010 - 03:11 PM

Ok ive done everything u asked, i still hear clicking in the background like other iexplore.exe's are up im still getting blocked pages on my Anti-Virus so im thinking its still there but here are the logs u asked for.

ComboFix

ComboFix 10-07-31.04 - Owner 08/01/2010 15:14:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.179 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\etavaresCF.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\mfCGe32.dll
c:\windows\system32\mfCYm32.dll
c:\windows\system32\windg.exe
c:\windows\winec32.exe

.
MBR is infected with the Whistler Bootkit !!

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-20 07:08 . 2010-07-20 07:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Mechanic
2010-07-13 20:16 . 2010-07-13 20:16 -------- d-----w- c:\program files\Microsoft.NET
2010-07-13 19:23 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 00:44 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-12 00:40 . 2010-07-12 00:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-12 00:25 . 2010-07-12 00:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-07-12 00:25 . 2010-07-12 00:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-07-12 00:25 . 2010-07-12 00:25 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-11 21:09 . 2010-07-11 21:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-09 19:16 . 2010-07-09 19:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search
2010-07-09 19:15 . 2010-07-09 19:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-07-09 16:06 . 2010-07-09 16:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-08 18:17 . 2010-07-08 18:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-08 18:13 . 2010-07-08 18:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Search
2010-07-08 18:13 . 2010-07-08 18:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-08 18:11 . 2010-07-08 18:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 18:47 . 2005-02-28 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-29 07:44 . 2010-07-11 09:01 0 ----a-w- c:\documents and settings\Owner\ntuser.tmp
2010-07-28 18:37 . 2010-05-26 21:22 -------- d-----w- c:\program files\ESET
2010-07-28 05:28 . 2008-12-05 21:51 -------- d-----w- c:\program files\xchat
2010-07-25 07:31 . 2007-06-09 02:37 -------- d-----w- c:\program files\Steam
2010-07-22 03:16 . 2007-02-27 20:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-07 19:15 . 2010-05-14 03:39 -------- d-----w- c:\program files\CCleaner
2010-06-29 07:06 . 2005-08-03 23:47 -------- d-----w- c:\program files\Google
2010-06-14 17:20 . 2010-06-14 17:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2010-06-04 22:49 . 2010-02-21 22:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-06 10:41 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll
2005-08-03 23:48 . 2005-08-03 23:48 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-05-30 04:13 . 2005-05-30 04:13 1603 --sha-w- c:\windows\system32\rerolpxe.dat
2005-05-29 22:04 . 2005-04-16 21:34 1154 --sha-w- c:\windows\system32\rerolpxei.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-19 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-25 2145000]
"NodEnabler"="c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe" [2009-11-15 394281]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Comcast Universal Caller ID.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk
backup=c:\windows\pss\Comcast Universal Caller ID.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-16 03:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48 2019624 ----a-w- c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\harryburns226\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133833456\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Steam\\steamapps\\schaelde\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\davidleblanc911\\counter-strike\\hl.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/24/2010 8:31 PM 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/24/2010 8:31 PM 810120]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [9/8/2007 3:58 PM 2368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 2:35 PM 135664]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 skfilt;skfilt; [x]
S3 USB18PRG;mikroElektronika USB18F Device (x86 Platform);c:\windows\system32\drivers\USB18PRG.sys [2/8/2009 1:29 AM 39424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 18:35]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 18:35]

2010-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2049760794-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2049760794-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?796fd4cdd67b4710a5899b3e7a97f504
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?796fd4cdd67b4710a5899b3e7a97f504
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} - hxxp://wahu.mysynergyroom.com/iv4.cab
DPF: {FC686D83-E465-46AE-A315-7D1BD14F8163} - hxxp://www.groupboard.com/groupconf/groupconf.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 15:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\program files\Internet Explorer\iexplore.exe [1776] 0x8297A9F0
c:\program files\Internet Explorer\iexplore.exe [2568] 0x82DF9020
c:\program files\Internet Explorer\iexplore.exe [3084] 0x829D9470

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,1d,e0,f4,0c,ae,39,4a,a0,0a,05,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,1d,e0,f4,0c,ae,39,4a,a0,0a,05,\

[HKEY_USERS\S-1-5-21-1220945662-2049760794-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4f,50,7b,83,65,9a,09,e9,9c,17,47,cf,10,1e,0d,1d,b6,b6,a2,e7,f3,52,0b,
3b,48,8b,27,7e,a6,08,a4,d9,76,dd,1d,d5,38,61,ba,6d,53,58,19,43,d9,ce,99,05,\
"??"=hex:63,f1,c6,79,b6,2d,b2,1a,f0,73,48,5f,4b,21,40,b2
.
Completion time: 2010-08-01 15:57:35
ComboFix-quarantined-files.txt 2010-08-01 19:57

Pre-Run: 40,664,244,224 bytes free
Post-Run: 41,333,039,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DA78D76EDF6F8EB67DE26073FAF5E539

Mbr log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully


HAlog

C:\Documents and Settings\Owner\Desktop\HAMeb_check.exe
Sun 08/01/2010 at 16:07:09.71

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 01 August 2010 - 03:45 PM

Hello, Brrrandon.

You have the Whistler rootkit...that's the likely cause of the issues you're still experiencing.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.



Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 01 August 2010 - 03:56 PM

I guess i'll at least try to clean it, but do u know how u usually get these trojans? I have no clue how i got it. Here's the log u asked for.


MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 01 August 2010 - 04:44 PM


Hello, Brrrandon.

Usual vectors of infection are clicking bad links (even some ads you see on legit sites may have malware); downloading programs/videos/etc. from unknown sources (e.g. torrents), or opening a bad email attachment.

OK, this time, please run MBRCheck again..except we'll overwrite the infected MBR.

After it detects the unknown MBR;
Type Y and press Enter for more options.
Type 2 to restore the MBR and press Enter.
Type 0 for drive 0 and press Enter.
Type 1 for Windows XP and press Enter.
Types YES to confirm and press Enter.

Post the resulting log.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:
etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 01 August 2010 - 04:47 PM

Here's the log


MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.



Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel



Please select the MBR code to write to this drive:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.





Done! Press ENTER to exit...


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 01 August 2010 - 04:53 PM

do you still have those random iexplore processes and sound/popups?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 01 August 2010 - 05:02 PM

I rebooted my pc so far i dont hear any clicking and no ad's i checked my network connections and i dont see iexplore.exe.. so far so good but i'll let u know if i hear or see anything in the next few hours. is there anything else i need to do or is everything removed?

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 01 August 2010 - 05:12 PM

Hello, Brrrandon.
We still have some things to do. Please stick with me until I let you know your computer appears clean.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 2

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKU\.DEFAULT..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
    O4 - HKU\S-1-5-18..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
    @Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Greenstone.bmp:gtalga
    @Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Coffee Bean.bmp:qpnkor
    @Alternate Data Stream - 7423 bytes -> C:\WINDOWS\EPSON 1260_1660 Installer.ini:evijhm
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Gone Fishing.bmp:wvaobx
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\control.ini:iqgpqb
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 11736 bytes -> C:\WINDOWS\setupapi.log.1.old:lkoraj
    @Alternate Data Stream - 11736 bytes -> C:\WINDOWS\govdo.dat:hporzv
    @Alternate Data Stream - 11736 bytes -> C:\WINDOWS\explorer.scf:nthyey
    @Alternate Data Stream - 11736 bytes -> C:\WINDOWS\control.ini:lyalnf
    @Alternate Data Stream - 11736 bytes -> C:\WINDOWS\Blue Lace 16.bmp:baahmk
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351
    :Commands
    [ResetHosts]
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Brrrandon

Brrrandon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 01 August 2010 - 06:14 PM

I updated and removed all the Adobe reader's and the Java updates u told me to do.. So far i have these two logs i will run ESET online scanner awhile now and post it here later but for now i will post these two logs Thanks smile.gif.

Custom OTL log


All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [KernelFaultCheck] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [UserFaultCheck] File not found> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-18..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Greenstone.bmp:gtalga> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Coffee Bean.bmp:qpnkor> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 7423 bytes -> C:\WINDOWS\EPSON 1260_1660 Installer.ini:evijhm> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Gone Fishing.bmp:wvaobx> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\control.ini:iqgpqb> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\setupapi.log.1.old:lkoraj> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\govdo.dat:hporzv> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\explorer.scf:nthyey> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\control.ini:lyalnf> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\Blue Lace 16.bmp:baahmk> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 30923860 bytes
->Flash cache emptied: 9919 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 6253 bytes

User: Owner
->Temp folder emptied: 19930910 bytes
->Temporary Internet Files folder emptied: 4699596 bytes
->Java cache emptied: 10681033 bytes
->FireFox cache emptied: 970391 bytes
->Google Chrome cache emptied: 237565007 bytes
->Flash cache emptied: 57972 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 2530385 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144063 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 8716355 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 303.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08012010_185226

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat not found!

Registry entries deleted on Reboot...


OTL log


OTL logfile created on: 8/1/2010 7:00:39 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 9.00 Mb Available Physical Memory | 2.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.99 Gb Free Space | 52.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Brandon
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/31 00:29:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/22 18:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\verizon\McciTrayApp.exe
PRC - [2010/03/14 12:03:44 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/15 23:31:57 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 15:20:04 | 002,061,816 | ---- | M] (Verizon) -- C:\Program Files\verizon\VSP\VerizonServicepoint.exe
PRC - [2005/05/23 14:20:28 | 000,050,744 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe
PRC - [2005/05/20 11:11:52 | 000,357,944 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
PRC - [2005/05/11 13:05:10 | 000,108,088 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/31 00:29:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/05/26 00:01:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/09/08 15:58:15 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/07/16 18:32:00 | 000,039,424 | ---- | M] (mikroElektronika) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB18PRG.sys -- (USB18PRG) mikroElektronika USB18F Device (x86 Platform)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/26 01:39:43 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2005/02/26 01:39:43 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2005/02/26 01:39:43 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2005/02/26 01:39:43 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/08/28 19:58:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/06 05:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 05:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 05:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 05:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 05:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 05:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 05:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 05:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 05:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 07:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 15:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 15:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/07/02 11:26:20 | 000,202,368 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/07/02 11:25:24 | 000,631,680 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/02 11:24:16 | 001,063,936 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 22:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/06/20 06:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/12/17 16:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/14 12:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/05/26 17:23:00 | 000,000,000 | ---D | M]

[2008/07/17 16:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2bo0jq5w.default\extensions
[2008/07/17 16:58:04 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2bo0jq5w.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/08/01 18:52:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [A Verizon App] C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe (Verizon Internet Solutions)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/02/04 20:17:35 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-1220945662-2049760794-839522115-1003\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/3...980/wms9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} http://wahu.mysynergyroom.com/iv4.cab (iVocalize Web Conference 4 Setup)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1178932772375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://brookseckerd.pnimedia.com/upload/ac...tupv2.0.0.9.cab? (Photo Upload Plugin Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FC686D83-E465-46AE-A315-7D1BD14F8163} http://www.groupboard.com/groupconf/groupconf.cab (Cgroupconf_control Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 18:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/01 18:37:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/01 18:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/01 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/01 18:34:03 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/01 18:34:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/01 18:34:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/01 18:34:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/01 18:34:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/01 16:12:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/01 15:08:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/01 15:02:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/01 15:02:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/01 15:02:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/01 15:02:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/01 15:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/01 15:01:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/31 00:28:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/27 20:12:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/20 03:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic
[2010/07/13 16:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/13 15:23:16 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/11 20:44:08 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/11 20:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/11 20:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/11 20:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/11 20:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/11 20:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2010/07/11 20:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/07/11 20:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/07/11 17:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/07/09 22:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\NodEnabler 3.4
[2010/07/09 15:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Windows Search
[2010/07/09 15:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/07/09 15:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/07/09 12:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/07 03:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nade
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/01 19:06:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 18:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/01 18:55:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/01 18:55:10 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2049760794-839522115-1003.job
[2010/08/01 18:55:09 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/08/01 18:55:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 18:55:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/01 18:54:02 | 027,525,120 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/01 18:54:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/01 18:52:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/01 18:46:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/01 18:33:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/01 18:33:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/01 18:33:39 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/01 18:33:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/01 18:33:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/01 16:53:25 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/01 16:13:50 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2049760794-839522115-1003.job
[2010/08/01 16:06:56 | 000,485,896 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HAMeb_check.exe
[2010/08/01 16:05:36 | 000,000,041 | ---- | M] () -- C:\fixme.bat
[2010/08/01 16:04:02 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/08/01 15:42:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/01 15:08:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/01 14:59:34 | 003,748,898 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe
[2010/08/01 10:44:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/31 00:29:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/27 01:58:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/23 04:04:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/23 04:04:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/22 17:23:50 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/22 17:17:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/22 17:11:33 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/16 14:56:03 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WeddingReceptionChoices.xls
[2010/07/13 16:26:01 | 000,626,250 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/13 16:26:01 | 000,522,988 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/13 16:26:01 | 000,094,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/09 22:32:23 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NodEnabler 3.4.lnk
[2010/07/09 15:28:10 | 000,542,927 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fiveguys.JPG
[2010/07/08 02:36:22 | 002,110,160 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/07 15:15:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/07/07 08:20:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/04 13:53:31 | 000,003,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSN Games - Free Online Games.url
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/01 18:46:17 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/01 16:53:25 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/01 16:06:49 | 000,485,896 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HAMeb_check.exe
[2010/08/01 16:05:36 | 000,000,041 | ---- | C] () -- C:\fixme.bat
[2010/08/01 16:03:59 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/08/01 15:08:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/01 15:08:15 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/01 15:02:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/01 15:02:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/01 15:02:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/01 15:02:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/01 15:02:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/01 14:59:25 | 003,748,898 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe
[2010/07/22 17:25:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/07/22 17:23:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/22 17:17:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/22 17:11:33 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/14 00:35:49 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Owner\hershey.txt
[2010/07/09 22:32:23 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NodEnabler 3.4.lnk
[2010/07/09 15:28:10 | 000,542,927 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fiveguys.JPG
[2010/07/08 14:18:39 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/08 14:18:39 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/04 13:53:31 | 000,003,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSN Games - Free Online Games.url
[2009/01/23 19:47:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2008/09/28 00:38:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/12/29 02:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/30 11:56:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/10/30 11:56:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/09/13 22:02:18 | 001,200,128 | ---- | C] () -- C:\WINDOWS\System32\iv4.dll
[2006/08/03 19:29:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TotRecal.INI
[2006/08/03 19:28:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Arcade.ini
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/12/09 14:41:57 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/12/05 21:36:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/08/06 20:21:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GamChest.INI
[2005/08/06 20:13:14 | 000,000,840 | ---- | C] () -- C:\WINDOWS\Wgi.ini
[2005/08/06 20:13:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ProBack.INI
[2005/07/23 23:22:06 | 000,000,591 | ---- | C] () -- C:\WINDOWS\System32\daq2imvi.ini
[2005/07/03 14:18:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/07/02 12:26:51 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/23 04:25:05 | 000,000,340 | ---- | C] () -- C:\WINDOWS\mswgidll.ini
[2005/05/17 01:36:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nbara.dll
[2005/05/06 20:15:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\rlcos.dll
[2005/05/06 16:51:04 | 000,001,168 | ---- | C] () -- C:\WINDOWS\msvxdll.ini
[2005/05/06 16:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ADBack.INI
[2005/05/01 02:27:44 | 000,000,956 | ---- | C] () -- C:\WINDOWS\mswrddll.ini
[2005/04/30 12:07:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkxo32.dll
[2005/04/30 10:34:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3vl32.dll
[2005/04/30 10:19:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addye.dll
[2005/04/29 09:09:26 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crbg.dll
[2005/04/29 01:24:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\iezj32.dll
[2005/04/29 01:16:59 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crzn32.dll
[2005/04/29 01:09:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netkj32.dll
[2005/04/28 23:15:17 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3pd32.dll
[2005/04/28 21:56:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkkx32.dll
[2005/04/28 18:14:38 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkub32.dll
[2005/04/28 18:00:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appfm.dll
[2005/04/28 13:35:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlcw32.dll
[2005/04/28 13:06:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javadc32.dll
[2005/04/28 11:55:15 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipqe32.dll
[2005/04/28 10:07:53 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcwf.dll
[2005/04/28 09:03:27 | 000,084,107 | ---- | C] () -- C:\WINDOWS\atlst.dll
[2005/04/28 07:44:43 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addzm.dll
[2005/04/28 06:33:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javasp.dll
[2005/04/28 05:14:23 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winmi32.dll
[2005/04/28 01:46:48 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\iexd32.dll
[2005/04/27 14:26:46 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipmo.dll
[2005/04/27 10:44:51 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apidi.dll
[2005/04/27 07:02:57 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipjj.dll
[2005/04/27 00:36:24 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msxs.dll
[2005/04/26 22:49:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crem32.dll
[2005/04/26 22:06:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlfv32.dll
[2005/04/26 15:39:32 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntoc32.dll
[2005/04/26 13:30:41 | 000,084,107 | ---- | C] () -- C:\WINDOWS\cryx32.dll
[2005/04/26 09:05:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javafd32.dll
[2005/04/26 05:09:36 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipzr32.dll
[2005/04/26 00:37:35 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msyu32.dll
[2005/04/25 19:15:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msnp32.dll
[2005/04/25 18:11:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntjv.dll
[2005/04/25 17:13:46 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlec32.dll
[2005/04/25 13:24:43 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addiu.dll
[2005/04/25 09:35:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntvo32.dll
[2005/04/25 09:35:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javaym.dll
[2005/04/25 05:32:16 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkwq.dll
[2005/04/25 01:07:24 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msyd.dll
[2005/04/25 00:45:56 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javapy32.dll
[2005/04/24 21:32:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crrr32.dll
[2005/04/24 10:48:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netgg32.dll
[2005/04/24 06:09:14 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msgt32.dll
[2005/04/24 01:15:45 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3id32.dll
[2005/04/24 00:39:58 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipak32.dll
[2005/04/24 00:04:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlzb.dll
[2005/04/23 21:48:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkwv.dll
[2005/04/23 15:50:15 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\crvf.dll
[2005/04/23 05:13:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msrn32.dll
[2005/04/22 17:10:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apint.dll
[2005/04/22 14:54:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winsj32.dll
[2005/04/22 14:11:13 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javaon32.dll
[2005/04/22 13:35:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\netsk.dll
[2005/04/22 11:26:35 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javank32.dll
[2005/04/22 10:36:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apitx32.dll
[2005/04/22 08:20:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdksg32.dll
[2005/04/22 05:14:21 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipnp.dll
[2005/04/22 02:44:01 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netzl32.dll
[2005/04/22 01:18:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\crho32.dll
[2005/04/22 01:18:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\apinb.dll
[2005/04/21 21:21:54 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sysxc.dll
[2005/04/21 11:20:36 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msuh32.dll
[2005/04/21 03:28:09 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntmj.dll
[2005/04/21 02:23:44 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appsh32.dll
[2005/04/20 23:46:15 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winxk.dll
[2005/04/20 16:51:04 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkap32.dll
[2005/04/20 15:32:20 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appgi32.dll
[2005/04/20 13:16:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javanh32.dll
[2005/04/20 06:06:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\d3vg32.dll
[2005/04/20 05:23:53 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appgj.dll
[2005/04/19 18:39:38 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntbp.dll
[2005/04/19 13:03:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msnu32.dll
[2005/04/19 12:13:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winbc32.dll
[2005/04/19 09:06:58 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winhs.dll
[2005/04/18 22:58:31 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkqw.dll
[2005/04/18 21:54:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfczb32.dll
[2005/04/18 21:18:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlgq32.dll
[2005/04/18 20:56:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\mfcca32.dll
[2005/04/18 14:23:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msfr.dll
[2005/04/18 13:40:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcyx32.dll
[2005/04/18 13:33:01 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addnx32.dll
[2005/04/18 12:42:54 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\apivg32.dll
[2005/04/18 09:22:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlup32.dll
[2005/04/18 05:40:34 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appdf.dll
[2005/04/18 01:01:23 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netdt32.dll
[2005/04/18 00:11:17 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winiw32.dll
[2005/04/17 10:22:16 | 000,084,070 | ---- | C] () -- C:\WINDOWS\System32\mstq32.dll
[2005/04/17 07:57:45 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mspx.dll
[2005/04/17 03:25:45 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlgp32.dll
[2005/04/17 02:21:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipqw.dll
[2005/04/17 00:55:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ierm.dll
[2005/04/17 00:12:28 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addzz.dll
[2005/04/16 23:51:00 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appnk.dll
[2005/04/16 10:57:54 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appej.dll
[2005/04/16 06:40:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipis.dll
[2005/04/16 04:31:21 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcrt32.dll
[2005/04/16 01:39:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3ih.dll
[2005/04/15 23:09:14 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winqq.dll
[2005/04/15 22:54:55 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntko.dll
[2005/04/15 09:26:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntgr.dll
[2005/04/15 02:45:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\syssk.dll
[2005/04/14 12:52:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\wcfgdll.ini
[2005/04/14 07:54:09 | 000,084,107 | ---- | C] () -- C:\WINDOWS\winpz.dll
[2005/04/14 07:39:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addwh32.dll
[2005/04/14 05:30:59 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkdi32.dll
[2005/04/13 19:22:32 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msek.dll
[2005/04/13 18:18:07 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ntth32.dll
[2005/04/13 10:18:30 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addfe32.dll
[2005/04/12 12:14:14 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javaks.dll
[2005/04/12 03:31:40 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntor32.dll
[2005/04/11 14:38:35 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javaeo.dll
[2005/04/11 11:25:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\mswk.dll
[2005/04/11 09:30:46 | 000,084,107 | ---- | C] () -- C:\WINDOWS\iewz32.dll
[2005/04/10 11:33:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\addga32.dll
[2005/04/09 16:06:51 | 000,084,107 | ---- | C] () -- C:\WINDOWS\syshu.dll
[2005/04/09 09:40:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addcd.dll
[2005/04/09 04:18:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcdf32.dll
[2005/04/09 02:59:26 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appba.dll
[2005/04/08 18:24:03 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netvb.dll
[2005/04/08 15:25:05 | 000,084,107 | ---- | C] () -- C:\WINDOWS\apinq32.dll
[2005/04/08 13:37:43 | 000,084,107 | ---- | C] () -- C:\WINDOWS\ipvs32.dll
[2005/04/08 12:11:49 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crby32.dll
[2005/04/08 12:04:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3wl32.dll
[2005/04/07 18:46:42 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntlc32.dll
[2005/04/06 18:47:53 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcst32.dll
[2005/04/06 07:42:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\netha.dll
[2005/04/06 07:42:10 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipwc.dll
[2005/04/06 05:33:19 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crrc32.dll
[2005/04/05 22:38:08 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\javaiu32.dll
[2005/04/05 08:26:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\d3te.dll
[2005/04/05 04:01:27 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javahh32.dll
[2005/04/05 01:09:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkcl.dll
[2005/04/04 18:57:25 | 000,084,107 | ---- | C] () -- C:\WINDOWS\syspm.dll
[2005/04/04 13:49:37 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javaqi.dll
[2005/04/04 02:00:57 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ntpl.dll
[2005/04/03 23:16:18 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\ipkh.dll
[2005/04/03 20:03:02 | 000,084,107 | ---- | C] () -- C:\WINDOWS\iege32.dll
[2005/04/03 18:29:58 | 000,084,107 | ---- | C] () -- C:\WINDOWS\crde32.dll
[2005/04/03 03:56:40 | 000,084,107 | ---- | C] () -- C:\WINDOWS\sdkpq32.dll
[2005/04/03 03:20:52 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\crjs32.dll
[2005/04/02 22:56:01 | 000,084,107 | ---- | C] () -- C:\WINDOWS\mfcsd.dll
[2005/04/02 15:53:41 | 000,084,107 | ---- | C] () -- C:\WINDOWS\javahv.dll
[2005/04/02 15:53:41 | 000,084,107 | ---- | C] () -- C:\WINDOWS\addgz32.dll
[2005/04/02 15:46:31 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\d3cy32.dll
[2005/04/02 13:16:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlxw.dll
[2005/04/02 08:15:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\msin.dll
[2005/04/02 06:49:39 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appvw32.dll
[2005/04/02 06:42:29 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appgw32.dll
[2005/04/02 05:38:04 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\d3gb.dll
[2005/04/01 20:41:12 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlwr.dll
[2005/04/01 18:46:40 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\winva32.dll
[2005/04/01 16:16:20 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\nettd32.dll
[2005/04/01 09:06:50 | 000,084,107 | ---- | C] () -- C:\WINDOWS\msfx.dll
[2005/04/01 05:10:37 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\appvp32.dll
[2005/03/31 23:34:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\sdkai.dll
[2005/03/31 23:34:11 | 000,084,107 | ---- | C] () -- C:\WINDOWS\appwi.dll
[2005/03/31 23:05:33 | 000,084,107 | ---- | C] () -- C:\WINDOWS\System32\atlks.dll
[2005/03/19 00:45:20 | 000,000,436 | ---- | C] () -- C:\WINDOWS\Win95dll.ini
[2005/03/19 00:14:46 | 000,001,036 | ---- | C] () -- C:\WINDOWS\Wgid.ini
[2005/03/19 00:11:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Botz.ini
[2005/03/15 22:44:22 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/03/15 22:44:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/03/15 18:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Solcon.INI
[2005/02/28 21:50:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/28 09:18:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/02/26 01:52:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/26 01:29:11 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2005/02/26 01:29:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2005/02/26 01:28:07 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/02/26 01:28:07 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/02/26 00:54:47 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/02/22 11:46:38 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSON 1260_1660 Installer.ini
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Greenstone.bmp:gtalga
@Alternate Data Stream - 7473 bytes -> C:\WINDOWS\Coffee Bean.bmp:qpnkor
@Alternate Data Stream - 7423 bytes -> C:\WINDOWS\EPSON 1260_1660 Installer.ini:evijhm
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Gone Fishing.bmp:wvaobx
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\control.ini:iqgpqb
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\setupapi.log.1.old:lkoraj
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\govdo.dat:hporzv
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\explorer.scf:nthyey
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\control.ini:lyalnf
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\Blue Lace 16.bmp:baahmk
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users