Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Broswer redirects & IE Script Error Windows


  • This topic is locked This topic is locked
20 replies to this topic

#1 krash1975

krash1975

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 26 April 2011 - 05:43 AM

IE script error windows pop-up even tho IE is not running. Also Mozilla & IE re-directs from search page results.
Here is the DDS.txt log and the GMER & Attatch.txt files are attached. Thanks.

Sorry, ark.txt is so large (1.4M) that I can't upload entire file and it won't accept a zip version so I'll send in 3 parts in a following post.


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ray at 19:16:35.82 on Mon 04/25/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1869 [GMT -4:00]
.
AV: Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
svchost.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\AOL\1139689552\ee\AOLSoftware.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\KEIV48TP\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yapta BHO: {2020dfef-8c87-4229-aa41-549d82210355} - c:\program files\yapta\YaptaOverlay.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Free Ride Games Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\free_ride_games\prxtbFre2.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Free Ride Games Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\free_ride_games\prxtbFre2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: &Yapta: {c3c07ad6-ace9-43ee-a2af-45bc13f6275f} - c:\program files\yapta\YaptaSidebar.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [American Airlines DealFinder] null
mRun: [HostManager] c:\program files\common files\aol\1139689552\ee\AOLSoftware.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Yapta Tracker] c:\program files\yapta\YaptaClient.exe /onstartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nektra OEAPI] c:\program files\common files\pc tools\outlook express api\Launcher.exe
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\ray\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\yapta\YaptaSettings.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: malwarebytes.org\www
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://aolsvc.aol.com/onlinegames/free-trial-nightshift-legacy-the-jaguars-eye/Nightshift2Web.1.0.0.9.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader_5_5.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles-2/dream2web.1.0.0.13.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ray\applic~1\mozilla\firefox\profiles\hv5xpfad.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-01-2010&tb_mrud=29-03-2010
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\hv5xpfad.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\hv5xpfad.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\hv5xpfad.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npcpbrk7.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-15 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-25 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-3 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-3 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-4-3 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-4-3 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-7-25 251560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-7-25 160448]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-4-9 632792]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-7-25 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-7-25 1156568]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-12-24 56352]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-4-3 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-4-3 56536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-4-3 125248]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-7-25 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-4-3 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S2 gupdate1ca3de5d19620c4;Google Update Service (gupdate1ca3de5d19620c4);c:\program files\google\update\GoogleUpdate.exe [2009-9-25 133104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-5 17920]
S3 Dice1394;Multimix Driver;c:\windows\system32\drivers\Dice1394.sys [2008-2-4 69504]
S3 DiceAudioStrm;MultiMix Stream MiniDriver;c:\windows\system32\drivers\DiceAudioStrm.sys [2008-2-4 16608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-25 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-4-3 56536]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [2006-8-25 40672]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2008-3-6 15740]
S3 USBKS1X1;Midiman USB Keystation USB Driver;c:\windows\system32\drivers\usbks1x1.sys [2008-3-6 23392]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;c:\windows\system32\drivers\usbmidim.sys [2008-3-6 5664]
.
=============== Created Last 30 ================
.
2011-04-24 18:49:16 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-24 18:30:34 388096 ----a-r- c:\docume~1\ray\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-24 18:30:33 -------- d-----w- c:\program files\Trend Micro
2011-04-23 02:36:57 -------- d-----w- c:\program files\McAfee Security Scan
2011-04-23 02:35:24 -------- d-----w- c:\windows\Downloaded Program Files
2011-04-12 00:48:57 -------- d-sh--w- c:\documents and settings\ray\IECompatCache
2011-04-10 21:28:14 -------- d-sh--w- c:\documents and settings\ray\PrivacIE
2011-04-10 21:13:47 -------- d-sh--w- c:\documents and settings\ray\IETldCache
2011-04-10 21:08:12 -------- d-----w- c:\windows\ie8updates
2011-04-10 21:03:41 -------- dc-h--w- c:\windows\ie8
2011-04-10 20:50:28 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-04-10 20:50:23 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-10 20:50:22 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-10 20:50:22 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-10 02:05:21 -------- d-----w- c:\docume~1\ray\applic~1\Registry Mechanic
2011-04-10 01:54:54 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-04-10 01:54:54 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-10 01:54:54 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-04-10 01:54:54 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-04-10 01:54:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-04-08 19:47:52 0 ----a-w- c:\windows\system32\REN68.tmp
2011-04-06 21:02:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-06 21:02:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-06 07:44:25 -------- d-----w- c:\docume~1\ray\applic~1\PCTools
2011-04-03 18:09:22 -------- d-----w- c:\docume~1\ray\applic~1\Spam Monitor
2011-04-03 18:09:22 -------- d-----w- c:\docume~1\ray\applic~1\PCToolsFirewallPlus
2011-04-03 17:22:28 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-03 17:22:28 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-03 17:22:11 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-04-03 17:22:11 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-04-03 17:22:11 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-04-03 17:22:03 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-04-03 17:22:03 56536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-04-03 17:22:03 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-04-03 17:22:03 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 12:32:25 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2010-08-19 01:13:57 458 ----a-w- c:\program files\0818201021135737.bat
2007-01-25 07:52:26 65536 ----a-w- c:\program files\common files\NMSAccessU.exe
2007-01-20 18:26:01 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-06-19 17:03:04 29 ----a-w- c:\program files\doomargs.tmp
.
============= FINISH: 19:24:08.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 03 May 2011 - 07:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 krash1975

krash1975
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 May 2011 - 09:38 PM

IE script error windows, redirects in Mozilla & IE, content being loaded on PC from internet.
I've run about 8 different scanners.
I cannot attch anything since my previous attachments use up all my allocation. How do I delete previous attachments in previous posts?
Thanks for your help.

attach.txt shown first, then DDS.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/9/2004 6:12:41 PM
System Uptime: 5/1/2011 8:40:46 PM (50 hours ago)
.
Motherboard: Dell Inc. | | 0J3492
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 25.297 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 256.057 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2366: 2/2/2011 8:36:50 AM - System Checkpoint
RP2367: 2/3/2011 3:22:33 PM - System Checkpoint
RP2368: 2/5/2011 3:22:32 AM - System Checkpoint
RP2369: 2/5/2011 12:48:42 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2370: 2/6/2011 2:13:29 PM - System Checkpoint
RP2371: 2/6/2011 9:14:53 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2372: 2/6/2011 10:02:15 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2373: 2/7/2011 10:45:10 PM - System Checkpoint
RP2374: 2/8/2011 10:57:17 PM - System Checkpoint
RP2375: 2/10/2011 12:20:07 AM - System Checkpoint
RP2376: 2/10/2011 3:00:17 AM - Software Distribution Service 3.0
RP2377: 2/11/2011 8:14:57 AM - System Checkpoint
RP2378: 2/12/2011 11:22:24 AM - PC Tools AntiVirus Free: Cleaning Threats
RP2379: 2/13/2011 2:55:37 PM - System Checkpoint
RP2380: 2/13/2011 6:47:12 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2381: 2/14/2011 7:23:43 PM - System Checkpoint
RP2382: 2/15/2011 8:24:04 PM - System Checkpoint
RP2383: 2/16/2011 11:03:09 PM - System Checkpoint
RP2384: 2/18/2011 1:27:26 AM - System Checkpoint
RP2385: 2/19/2011 1:44:27 AM - System Checkpoint
RP2386: 2/19/2011 9:13:23 AM - PC Tools AntiVirus Free: Cleaning Threats
RP2387: 2/19/2011 5:43:17 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2388: 2/19/2011 7:05:15 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2389: 2/20/2011 6:03:42 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2390: 2/21/2011 11:24:30 PM - System Checkpoint
RP2391: 2/23/2011 8:20:22 AM - System Checkpoint
RP2392: 2/24/2011 4:06:57 PM - System Checkpoint
RP2393: 2/25/2011 6:07:44 PM - System Checkpoint
RP2394: 2/26/2011 9:01:10 AM - PC Tools AntiVirus Free: Cleaning Threats
RP2395: 2/27/2011 11:35:06 AM - System Checkpoint
RP2396: 2/27/2011 6:20:31 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2397: 2/28/2011 7:36:25 PM - System Checkpoint
RP2398: 3/1/2011 9:03:50 PM - System Checkpoint
RP2399: 3/2/2011 10:08:57 PM - System Checkpoint
RP2400: 3/3/2011 11:24:26 PM - System Checkpoint
RP2401: 3/5/2011 6:08:44 AM - System Checkpoint
RP2402: 3/5/2011 7:22:53 AM - PC Tools AntiVirus Free: Cleaning Threats
RP2403: 3/6/2011 9:34:47 AM - System Checkpoint
RP2404: 3/6/2011 6:09:04 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2405: 3/7/2011 8:30:02 PM - System Checkpoint
RP2406: 3/16/2011 12:55:10 AM - Software Distribution Service 3.0
RP2407: 3/17/2011 7:57:19 AM - System Checkpoint
RP2408: 3/18/2011 8:14:23 AM - System Checkpoint
RP2409: 3/19/2011 8:38:22 AM - PC Tools AntiVirus Free: Cleaning Threats
RP2410: 3/19/2011 4:02:02 PM - Unsigned driver install
RP2411: 3/20/2011 6:02:33 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2412: 3/21/2011 6:46:56 PM - System Checkpoint
RP2413: 3/22/2011 7:19:25 PM - System Checkpoint
RP2414: 3/23/2011 8:16:22 PM - System Checkpoint
RP2415: 3/24/2011 8:53:41 PM - Software Distribution Service 3.0
RP2416: 3/25/2011 9:08:48 PM - System Checkpoint
RP2417: 3/26/2011 8:28:59 AM - PC Tools AntiVirus Free: Cleaning Threats
RP2418: 3/27/2011 1:19:07 PM - System Checkpoint
RP2419: 3/27/2011 6:24:47 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2420: 3/28/2011 6:47:04 PM - System Checkpoint
RP2421: 3/29/2011 9:17:03 PM - System Checkpoint
RP2422: 3/30/2011 9:39:56 PM - System Checkpoint
RP2423: 3/31/2011 10:28:14 PM - System Checkpoint
RP2424: 4/1/2011 11:22:00 PM - System Checkpoint
RP2425: 4/2/2011 7:35:16 AM - PC Tools AntiVirus Free: Cleaning Threats
RP2426: 4/2/2011 4:13:15 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2427: 4/2/2011 10:19:25 PM - PC Tools AntiVirus Free: Cleaning Threats
RP2428: 4/3/2011 2:06:45 PM - Internet Security: Cleaning Threats
RP2429: 4/4/2011 7:11:40 PM - System Checkpoint
RP2430: 4/5/2011 7:57:51 PM - System Checkpoint
RP2431: 4/6/2011 4:35:53 PM - Internet Security: Cleaning Threats
RP2432: 4/7/2011 6:23:18 PM - System Checkpoint
RP2433: 4/8/2011 3:46:55 PM - Installed Java™ 6 Update 24
RP2434: 4/8/2011 5:50:23 PM - Internet Security: Cleaning Threats
RP2435: 4/9/2011 6:40:21 PM - System Checkpoint
RP2436: 4/9/2011 9:43:39 PM - Internet Security: Cleaning Threats
RP2437: 4/10/2011 5:05:36 PM - Installed Windows Internet Explorer 8.
RP2438: 4/10/2011 5:07:13 PM - Software Distribution Service 3.0
RP2439: 4/10/2011 5:30:17 PM - Software Distribution Service 3.0
RP2440: 4/11/2011 5:38:20 PM - System Checkpoint
RP2441: 4/11/2011 9:47:29 PM - Internet Security: Cleaning Threats
RP2442: 4/12/2011 10:22:31 PM - System Checkpoint
RP2443: 4/13/2011 7:49:35 AM - Internet Security: Cleaning Threats
RP2444: 4/14/2011 8:10:01 AM - System Checkpoint
RP2445: 4/14/2011 10:52:53 PM - Internet Security: Cleaning Threats
RP2446: 4/15/2011 3:00:22 AM - Software Distribution Service 3.0
RP2447: 4/16/2011 10:36:21 AM - Internet Security: Cleaning Threats
RP2448: 4/16/2011 5:51:22 PM - Made by Registry Mechanic
RP2449: 4/16/2011 6:15:08 PM - Made by Registry Mechanic
RP2450: 4/17/2011 6:19:16 PM - System Checkpoint
RP2451: 4/17/2011 10:19:48 PM - Made by Registry Mechanic
RP2452: 4/18/2011 11:15:32 PM - System Checkpoint
RP2453: 4/19/2011 7:49:20 PM - Internet Security: Cleaning Threats
RP2454: 4/20/2011 9:22:32 PM - Made by Registry Mechanic
RP2455: 4/21/2011 11:11:37 PM - System Checkpoint
RP2456: 4/22/2011 2:26:54 PM - Made by Registry Mechanic
RP2457: 4/23/2011 6:19:06 PM - Internet Security: Cleaning Threats
RP2458: 4/23/2011 10:45:02 PM - Installed Microsoft Fix it 50267
RP2459: 4/24/2011 2:30:32 PM - Installed HiJackThis
RP2460: 4/24/2011 4:17:43 PM - Removed Adobe Reader 7.1.0
RP2461: 4/24/2011 4:33:31 PM - Installed Adobe Reader X (10.0.1).
RP2462: 4/25/2011 8:14:58 PM - System Checkpoint
RP2463: 4/26/2011 9:32:31 PM - System Checkpoint
RP2464: 4/27/2011 9:57:17 PM - Made by Registry Mechanic
RP2465: 4/28/2011 10:47:20 PM - System Checkpoint
RP2466: 4/29/2011 11:30:23 PM - System Checkpoint
RP2467: 5/1/2011 10:04:27 AM - System Checkpoint
RP2468: 5/2/2011 10:51:51 PM - System Checkpoint
RP2469: 5/3/2011 8:41:51 PM - Removed Skype Toolbars
.
==== Installed Programs ======================
.
.
7-Zip 9.22beta
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Adventure Chronicles: The Search for Lost Treasure
AIM 6
Amazing Adventures Special Edition (remove only)
Amazing Adventures: Around the World
Amazing Adventures: The Caribbean Secret
American Airlines DealFinder (remove only)
AnswerWorks 4.0 Runtime - English
AOL Coach Version 1.0(Build:20030807.3)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Atlantis Quest
AutoUpdate
Banctec Service Agreement
Bejeweled 3
Big Fish Games: Game Manager
Bonjour
Broadcom Advanced Control Suite 2
BroadJump Client Foundation
Business Contact Manager for Outlook 2003
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cate West: The Vanishing Files
CDK Players
Compatibility Pack for the 2007 Office system
Creative MediaSource
Creative Vienna SoundFont Studio
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Dell Digital Jukebox Driver
Dell GPS Navigation System Europe
Dell Media Experience
Dell Networking Guide
Dell Photo AIO Printer 922
Digidesign Pro Tools FREE
Digimax Master
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom Builder
Download Updater (AOL LLC)
Dream Chronicles
Dream Chronicles 2 The Eternal Maze
Enchanted Cavern
FLV Player 2.0 (build 25)
Free Ride Games Player
GamesBar 2.0.1.59
Google Chrome
Google Earth
Google SketchUp
Google Toolbar for Firefox
Google Update Helper
Great Escapes Solitaire Collection
Help and Support Customization
Hidden Expedition - Titanic (remove only)
Hidden Expedition ® - Devil's Triangle
Hidden Expedition ® : Devil's Triangle Strategy Guide
HiJackThis
Holly 2: Magic Land
Holly: a Christmas Tale
Holly: A Christmas Tale Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD/DVD2 for OLYMPUS
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
InterActual Player
Internet Explorer Default Page
InterVideo WinDVD Creator 2
Invention Studio
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 24
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Jewel Quest 3
Kazoo Player
Learn2 Player (Uninstall Only)
Lost Treasures of El Dorado
Magic Encyclopedia
Mahjong Towers Eternity
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MIDI-OX
MIDI Yoke
MINITAB 13
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox 4.0.1 (x86 en-US)
MP3 Download Manager
MS Access 97 SP2
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiMix
MUSICMATCH Jukebox
MyDSC2
Myst for Windows 95
Mystery of Unicorn Castle
NoteWorthy Composer
NoteWorthy Composer 2
Numedia CD-DVD writing as non-admin user
OpenOffice.org Installer 1.0
Paint.NET v3.5.3
PC Tools Anti-Spam Toolbar
PC Tools Internet Security 8.0
Photo Story 3 for Windows
PIXMA Extended Survey Program
Plextor ConvertX AV100U A/V Capture Device Driver
Power Tab Editor 1.7
PowerDVD 5.1
Presto! PageManager 7.15.16
QuickTime
RealArcade
RealPlayer
RealUpgrade 1.0
Registry Mechanic 10.0
rgc:audio sfz VSTi v1.96
Rock
Rosetta Stone Ltd Services
S500/S600 USB Driver
Safari
Savings Bond Wizard
ScanSoft OmniPage SE 4
Secrets of the Seas
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
sfArk
Shutter Island
SimCity 3000 Unlimited
Skype 4.2
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
Spybot - Search & Destroy
SUPERAntiSpyware
Syncrosoft's License Control
TablEdit 2.65
TEFView 2.64
The Heritage
The Sims 2
The Sims Deluxe Edition
The Sims Menu Editor
The Treasures of Montezuma
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Download Manager 2.2.7-SNAPSHOT-r10935
Virtual Villagers 2: The Lost Children
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets
Yapta
Yoono Desktop 1.7.2
.
==== Event Viewer Messages From Past Week ========
.
5/3/2011 8:41:57 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/1/2011 8:44:00 PM, error: Service Control Manager [7034] - The RosettaStoneDaemon service terminated unexpectedly. It has done this 1 time(s).
5/1/2011 8:43:11 PM, error: Service Control Manager [7022] - The MSSQL$MICROSOFTBCM service hung on starting.
4/30/2011 9:39:48 PM, error: Service Control Manager [7000] - The ATWPKT2 service failed to start due to the following error: Access is denied.
4/30/2011 8:18:17 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
4/30/2011 8:13:09 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
4/30/2011 7:28:26 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
4/30/2011 7:11:54 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'EnglishUK.lng' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/30/2011 6:49:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1ca3de5d19620c4) service to connect.
4/30/2011 6:49:42 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1ca3de5d19620c4) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/30/2011 6:49:39 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate1ca3de5d19620c4 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
4/30/2011 4:51:50 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
4/30/2011 2:46:18 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
4/30/2011 2:46:18 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\ieframe.dll. Reference error message: The operation completed successfully. .
4/30/2011 1:41:50 PM, error: Service Control Manager [7034] - The Google Update Service (gupdate1ca3de5d19620c4) service terminated unexpectedly. It has done this 1 time(s).
4/30/2011 1:41:50 PM, error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
4/30/2011 1:39:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
4/30/2011 1:39:33 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
4/30/2011 1:39:33 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
4/30/2011 1:39:33 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/30/2011 1:30:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================


Here is DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ray at 22:12:34.17 on Tue 05/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2162 [GMT -4:00]
.
AV: Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\AOL\1139689552\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\tmp\BleepingComputer\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yapta BHO: {2020dfef-8c87-4229-aa41-549d82210355} - c:\program files\yapta\YaptaOverlay.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: &Yapta: {c3c07ad6-ace9-43ee-a2af-45bc13f6275f} - c:\program files\yapta\YaptaSidebar.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [American Airlines DealFinder] null
mRun: [HostManager] c:\program files\common files\aol\1139689552\ee\AOLSoftware.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Yapta Tracker] c:\program files\yapta\YaptaClient.exe /onstartup
mRun: [Nektra OEAPI] c:\program files\common files\pc tools\outlook express api\Launcher.exe
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\ray\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\yapta\YaptaSettings.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: malwarebytes.org\www
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://aolsvc.aol.com/onlinegames/free-trial-nightshift-legacy-the-jaguars-eye/Nightshift2Web.1.0.0.9.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader_5_5.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles-2/dream2web.1.0.0.13.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ray\applic~1\mozilla\firefox\profiles\hv5xpfad.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-01-2010&tb_mrud=29-03-2010
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\hv5xpfad.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\hv5xpfad.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\hv5xpfad.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npcpbrk7.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-15 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-25 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-3 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-3 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-4-3 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-4-3 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-7-25 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-7-25 160448]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-4-9 632792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-7-25 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-7-25 1156568]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-12-24 56352]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-4-3 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-4-3 56536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-4-3 125248]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-7-25 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-4-3 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S2 gupdate1ca3de5d19620c4;Google Update Service (gupdate1ca3de5d19620c4);c:\program files\google\update\GoogleUpdate.exe [2009-9-25 133104]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-5 17920]
S3 Dice1394;Multimix Driver;c:\windows\system32\drivers\Dice1394.sys [2008-2-4 69504]
S3 DiceAudioStrm;MultiMix Stream MiniDriver;c:\windows\system32\drivers\DiceAudioStrm.sys [2008-2-4 16608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-25 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-4-3 56536]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [2006-8-25 40672]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2008-3-6 15740]
S3 USBKS1X1;Midiman USB Keystation USB Driver;c:\windows\system32\drivers\usbks1x1.sys [2008-3-6 23392]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;c:\windows\system32\drivers\usbmidim.sys [2008-3-6 5664]
.
=============== Created Last 30 ================
.
2011-05-04 01:08:45 -------- d-----w- c:\program files\MetaStream
2011-05-03 02:36:45 -------- d-----w- c:\program files\iPod
2011-05-03 02:36:39 -------- d-----w- c:\program files\iTunes
2011-05-03 01:56:18 -------- d-----w- c:\program files\Bonjour
2011-05-01 22:05:46 -------- d-----w- c:\docume~1\ray\applic~1\SUPERAntiSpyware.com
2011-05-01 22:05:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-01 22:04:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-24 18:49:16 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-24 18:30:34 388096 ----a-r- c:\docume~1\ray\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-24 18:30:33 -------- d-----w- c:\program files\Trend Micro
2011-04-23 02:36:57 -------- d-----w- c:\program files\McAfee Security Scan
2011-04-23 02:35:24 -------- d-----w- c:\windows\Downloaded Program Files
2011-04-12 00:48:57 -------- d-sh--w- c:\documents and settings\ray\IECompatCache
2011-04-10 21:28:14 -------- d-sh--w- c:\documents and settings\ray\PrivacIE
2011-04-10 21:13:47 -------- d-sh--w- c:\documents and settings\ray\IETldCache
2011-04-10 21:08:12 -------- d-----w- c:\windows\ie8updates
2011-04-10 21:03:41 -------- dc-h--w- c:\windows\ie8
2011-04-10 20:50:28 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-04-10 20:50:23 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-10 20:50:22 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-10 20:50:22 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-10 02:05:21 -------- d-----w- c:\docume~1\ray\applic~1\Registry Mechanic
2011-04-10 01:54:54 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-04-10 01:54:54 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-10 01:54:54 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-04-10 01:54:54 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-04-10 01:54:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-04-08 19:47:52 0 ----a-w- c:\windows\system32\REN68.tmp
2011-04-06 21:02:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-06 21:02:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 07:44:25 -------- d-----w- c:\docume~1\ray\applic~1\PCTools
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 12:32:25 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-08-19 01:13:57 458 ----a-w- c:\program files\0818201021135737.bat
2007-01-25 07:52:26 65536 ----a-w- c:\program files\common files\NMSAccessU.exe
2007-01-20 18:26:01 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-06-19 17:03:04 29 ----a-w- c:\program files\doomargs.tmp
.
============= FINISH: 22:19:12.07 ===============

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:36 PM

Posted 04 May 2011 - 11:31 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

When asked to copy logs or reports into your reply, please copy them directly into your reply. Do not include them in quotes. Do not attach them unless asked to do so. In Notepad, please turn off Word Wrap under the Format menu.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Please give me some time to look over your log. I will post the reply as soon as possible.
Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:36 PM

Posted 04 May 2011 - 08:15 PM

Hi-

Thank you for the logs. They did show some problems and one was a backdoor trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

First, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.5.0_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, copy in the contents of the TDSSKiller report and the ComboFix report. How is your computer running now?
Shannon

#6 krash1975

krash1975
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2011 - 09:48 PM

Hello,
I downloaded tdsskiller.exe to my desktop but it will not run. I tried renaming it as specified but still won't run. Sorry, any help? Thank you.

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:36 PM

Posted 05 May 2011 - 01:04 PM

Hi-

For the type of infection that you have, not being able to run TDSSKiller is not unusual. Go ahead and run ComboFix.
Shannon

#8 krash1975

krash1975
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 07 May 2011 - 09:43 AM

I ran Combofix, what a hoot of a program!

It only seemed to work if I was disconnected from the internet. I finally got it to work properly.
Here is the log file. It did find some things and after it was done and I re-enabled my PcTools AV & firewall, PC tools found some new trojans. I let PCTools clean them out since they had medium security ratings.

Thank you for your assistance. I'll reply later on how things are running. Not convinced yet everything is okay.

Here is the catchme.log file results:
File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File list cleared


Here is the ComboFix log:

ComboFix 11-05-06.03 - Ray 05/07/2011 9:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2644 [GMT -4:00]
Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ray\Desktop\Internet Explorer.lnk
c:\documents and settings\Ray\WINDOWS
c:\documents and settings\Sean\WINDOWS
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-06 18:23 . 2011-05-06 18:23 -------- d-----w- c:\documents and settings\Ray\Application Data\BigFishv1005
2011-05-06 02:34 . 2011-05-06 02:34 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\BVRP Software
2011-05-05 09:54 . 2011-05-05 09:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-04 01:08 . 2011-05-04 01:08 -------- d-----w- c:\program files\MetaStream
2011-05-03 02:36 . 2011-05-03 02:36 -------- d-----w- c:\program files\iPod
2011-05-03 02:36 . 2011-05-03 02:38 -------- d-----w- c:\program files\iTunes
2011-05-03 01:56 . 2011-05-03 01:56 -------- d-----w- c:\program files\Bonjour
2011-05-01 22:05 . 2011-05-01 22:05 -------- d-----w- c:\documents and settings\Ray\Application Data\SUPERAntiSpyware.com
2011-05-01 22:05 . 2011-05-01 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-01 22:04 . 2011-05-01 22:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-28 01:29 . 2011-04-28 01:29 -------- d-----w- c:\documents and settings\Sean\Application Data\Registry Mechanic
2011-04-28 01:26 . 2011-04-28 01:26 -------- d-----w- c:\documents and settings\Sean\Application Data\PCToolsFirewallPlus
2011-04-28 01:26 . 2011-04-28 01:26 -------- d-----w- c:\documents and settings\Sean\Application Data\Spam Monitor
2011-04-28 01:24 . 2011-04-28 01:24 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2011-04-28 00:56 . 2011-04-28 01:03 -------- d-----w- c:\documents and settings\Kara\Application Data\Registry Mechanic
2011-04-28 00:45 . 2011-04-28 00:45 -------- d-----w- c:\documents and settings\Kara\Application Data\PCToolsFirewallPlus
2011-04-28 00:45 . 2011-04-28 00:45 -------- d-----w- c:\documents and settings\Kara\Application Data\Spam Monitor
2011-04-28 00:45 . 2011-04-28 00:45 -------- d-sh--w- c:\documents and settings\Kara\IETldCache
2011-04-25 23:35 . 2011-04-25 23:35 -------- d-----w- c:\program files\7-Zip
2011-04-24 18:49 . 2011-04-24 18:49 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-24 18:30 . 2011-04-24 18:30 388096 ----a-r- c:\documents and settings\Ray\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-24 18:30 . 2011-04-24 18:30 -------- d-----w- c:\program files\Trend Micro
2011-04-24 02:12 . 2011-04-24 02:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-04-24 02:12 . 2011-04-24 02:12 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-04-24 02:11 . 2011-04-24 02:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Free_Ride_Games
2011-04-24 02:11 . 2011-04-24 02:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ConduitEngine
2011-04-24 02:10 . 2011-04-24 02:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-04-23 02:37 . 2011-04-23 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-04-23 02:36 . 2011-05-01 02:40 -------- d-----w- c:\program files\McAfee Security Scan
2011-04-23 02:35 . 2011-04-28 00:56 -------- d-----w- c:\windows\Downloaded Program Files
2011-04-12 00:48 . 2011-04-12 00:48 -------- d-sh--w- c:\documents and settings\Ray\IECompatCache
2011-04-11 10:28 . 2011-04-11 10:28 -------- d-sh--w- c:\documents and settings\Pam\IETldCache
2011-04-10 21:28 . 2011-04-10 21:28 -------- d-sh--w- c:\documents and settings\Ray\PrivacIE
2011-04-10 21:15 . 2011-04-10 21:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-10 21:13 . 2011-04-10 21:13 -------- d-sh--w- c:\documents and settings\Ray\IETldCache
2011-04-10 21:03 . 2011-04-10 21:06 -------- dc-h--w- c:\windows\ie8
2011-04-10 20:50 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-04-10 20:50 . 2011-02-22 23:06 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-10 20:50 . 2011-02-22 23:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-10 20:50 . 2011-02-22 23:06 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-10 02:05 . 2011-04-16 21:55 -------- d-----w- c:\documents and settings\Ray\Application Data\Registry Mechanic
2011-04-10 01:54 . 2010-09-16 15:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-04-10 01:54 . 2008-09-18 01:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-10 01:54 . 2008-04-02 19:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-04-10 01:54 . 2008-04-02 19:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-04-10 01:54 . 2008-04-02 19:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-04-08 19:47 . 2011-04-08 19:47 0 ----a-w- c:\windows\system32\REN68.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-31 14:18 . 2011-04-03 17:22 56536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-03-31 14:18 . 2011-04-03 17:22 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-03-07 05:33 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-08-29 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2003-07-15 21:01 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 12:32 . 2010-12-26 01:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-22 23:06 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-03-19 14:32 385024 ------w- c:\windows\system32\html.iec
2011-02-18 20:36 . 2009-09-25 14:03 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 20:36 . 2008-06-18 13:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-17 13:18 . 2002-08-29 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-18 21:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2011-02-09 13:53 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2002-08-29 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2002-08-29 10:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2002-08-29 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-08-19 01:13 . 2010-08-19 01:13 458 ----a-w- c:\program files\0818201021135737.bat
2007-01-25 07:52 . 2007-01-25 07:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2007-01-20 18:26 . 2007-01-20 18:26 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-06-19 17:03 . 2006-06-19 17:03 29 ----a-w- c:\program files\doomargs.tmp
2011-05-03 11:01 . 2011-03-24 10:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"American Airlines DealFinder"="null" [X]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"HostManager"="c:\program files\Common Files\AOL\1139689552\ee\AOLSoftware.exe" [2010-03-08 41800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Yapta Tracker"="c:\program files\Yapta\YaptaClient.exe" [2011-03-15 354176]
"Nektra OEAPI"="c:\program files\Common Files\PC Tools\Outlook Express API\Launcher.exe" [2008-07-21 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
.
c:\documents and settings\Ray\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139689552\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139689552\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe"= c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe
"c:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\FRGN.ico"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 gupdate1ca3de5d19620c4;Google Update Service (gupdate1ca3de5d19620c4);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
R3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\Drivers\CEUSBAUD.sys [2003-11-05 17920]
R3 Dice1394;Multimix Driver;c:\windows\system32\Drivers\Dice1394.sys [2005-08-12 69504]
R3 DiceAudioStrm;MultiMix Stream MiniDriver;c:\windows\system32\drivers\DiceAudioStrm.sys [2005-08-12 16608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-01-12 89472]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [2011-03-31 56536]
R3 pctplfw;pctplfw;c:\windows\SYSTEM32\DRIVERS\pctplfw.sys [2011-01-17 125248]
R3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [2010-12-16 70536]
R3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [2002-06-13 40672]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-31 33552]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service [x]
R3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2002-09-25 15740]
R3 USBKS1X1;Midiman USB Keystation USB Driver;c:\windows\system32\drivers\usbks1x1.sys [2002-09-25 23392]
R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;c:\windows\system32\drivers\usbmidim.sys [2002-09-25 5664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-31 51984]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-31 69392]
S1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [2011-01-17 251560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-12-10 160448]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.Sys [2010-03-11 56352]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2011-03-31 56536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 13:40]
.
2011-05-06 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-04-16 17:11]
.
2011-05-07 c:\windows\Tasks\User_Feed_Synchronization-{455FED44-D221-444E-835D-B5ABA627F8E4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe
IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: malwarebytes.org\www
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://aolsvc.aol.com/onlinegames/free-trial-nightshift-legacy-the-jaguars-eye/Nightshift2Web.1.0.0.9.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles-2/dream2web.1.0.0.13.cab
FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\hv5xpfad.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-01-2010&tb_mrud=29-03-2010
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - prefs.js: network.proxy.type - 4
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
SafeBoot-MCODS
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-exent_342850 - g:\remote programs\Holly A Christmas Tale\GPlrLanc.exe
AddRemove-exent_452750 - g:\remote programs\Atlantis Quest\GPlrLanc.exe
AddRemove-exent_466550 - g:\remote programs\Treasures of Montezuma\GPlrLanc.exe
AddRemove-exent_515450 - g:\remote programs\Dream Chronicals\GPlrLanc.exe
AddRemove-exent_524350 - g:\remote programs\Secrets of the Seas\GPlrLanc.exe
AddRemove-exent_555050 - g:\remote programs\Lost Treasures of El Dorado\GPlrLanc.exe
AddRemove-exent_574250 - g:\remote programs\Dream Chronicles 2 The Eternal Maze\GPlrLanc.exe
AddRemove-exent_605350 - g:\remote programs\Magic Encyclopedia\GPlrLanc.exe
AddRemove-exent_616750 - g:\remote programs\Holly_ A Christmas Story Deluxe\GPlrLanc.exe
AddRemove-exent_619450 - g:\remote programs\Enchanted Cavern\GPlrLanc.exe
AddRemove-exent_629350 - g:\remote programs\Virtual Villagers 2\GPlrLanc.exe
AddRemove-exent_630750 - g:\remote programs\Cate West\GPlrLanc.exe
AddRemove-exent_635550 - g:\remote programs\Mystery of Unicorn Castle\GPlrLanc.exe
AddRemove-exent_641550 - g:\remote programs\Holly 2_ Magic Land\GPlrLanc.exe
AddRemove-exent_642550 - g:\remote programs\Jewel Quest 3_00642550\GPlrLanc.exe
AddRemove-exent_669950 - g:\remote programs\Shutter Island\GPlrLanc.exe
AddRemove-Myst for Windows 95 - c:\program files\Myst\DeIsL1.isu
AddRemove-NoteWorthy Composer - c:\progra~1\NOTEWO~2\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 09:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2488962300-500217135-1614769870-1009\Software\Microsoft\Multimedia\UE;E **MM QURMEEEPMQMEUUREPM$EE]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2488962300-500217135-1614769870-1009\Software\Microsoft\Multimedia\*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2488962300-500217135-1614769870-1009\Software\Microsoft\Multimedia\k CNjKS0K**C(*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2488962300-500217135-1614769870-1009\Software\Microsoft\Multimedia\F(S E*UEE`@9*j*j*F(13ZYYdhP@9*E8^[]*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\myokent.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\myokent.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-05-07 09:32:06
ComboFix-quarantined-files.txt 2011-05-07 13:31
.
Pre-Run: 27,485,884,416 bytes free
Post-Run: 27,548,651,520 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2AF007ECAF283CED9205222FD72EBB30

#9 krash1975

krash1975
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 07 May 2011 - 09:49 AM

Hello,
I should mention that it has been more than 30 days since my initial infection. It occured in late March, I think on 3/30 or so.
The log file mentioned programs added in the last 30.

Ray

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:36 PM

Posted 07 May 2011 - 10:33 AM

Go ahead and run TDSSKiller now and copy the log into your reply.
Shannon

#11 krash1975

krash1975
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 08 May 2011 - 09:13 PM

Seems that all the redirects & the IE script error windows are gone. I deleted a lot of Local-Settings web content from the Temporary History subdir, so I'll track a couple more days and report. Otherwise everything seems much better. ComboFix really did the job.
Here is the tddskiller log as requested. No issues found.
Thanks a bunch! Saved me a lot of trouble and money.

krash75

2011/05/08 21:50:54.0086 5844 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/08 21:50:56.0086 5844 ================================================================================
2011/05/08 21:50:56.0086 5844 SystemInfo:
2011/05/08 21:50:56.0086 5844
2011/05/08 21:50:56.0086 5844 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/08 21:50:56.0086 5844 Product type: Workstation
2011/05/08 21:50:56.0086 5844 ComputerName: DJLMCF51
2011/05/08 21:50:56.0102 5844 UserName: Ray
2011/05/08 21:50:56.0102 5844 Windows directory: C:\WINDOWS
2011/05/08 21:50:56.0102 5844 System windows directory: C:\WINDOWS
2011/05/08 21:50:56.0102 5844 Processor architecture: Intel x86
2011/05/08 21:50:56.0102 5844 Number of processors: 1
2011/05/08 21:50:56.0102 5844 Page size: 0x1000
2011/05/08 21:50:56.0102 5844 Boot type: Normal boot
2011/05/08 21:50:56.0102 5844 ================================================================================
2011/05/08 21:50:57.0742 5844 Initialize success
2011/05/08 21:51:04.0227 4316 ================================================================================
2011/05/08 21:51:04.0227 4316 Scan started
2011/05/08 21:51:04.0227 4316 Mode: Manual;
2011/05/08 21:51:04.0227 4316 ================================================================================
2011/05/08 21:51:04.0867 4316 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/05/08 21:51:05.0086 4316 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/08 21:51:05.0211 4316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/08 21:51:05.0305 4316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/08 21:51:05.0383 4316 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/08 21:51:05.0477 4316 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/08 21:51:05.0602 4316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/08 21:51:05.0695 4316 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/08 21:51:05.0805 4316 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/05/08 21:51:05.0898 4316 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/08 21:51:06.0008 4316 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/08 21:51:06.0102 4316 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/08 21:51:06.0195 4316 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/08 21:51:06.0305 4316 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/08 21:51:06.0383 4316 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/08 21:51:06.0461 4316 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/08 21:51:06.0555 4316 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/08 21:51:06.0664 4316 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/08 21:51:06.0727 4316 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/08 21:51:06.0820 4316 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/08 21:51:06.0914 4316 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/08 21:51:07.0023 4316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/08 21:51:07.0102 4316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/08 21:51:07.0273 4316 ati2mtag (c82240ce60a9326e52282f62ba923f27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/08 21:51:07.0367 4316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/08 21:51:07.0461 4316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/08 21:51:07.0539 4316 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/05/08 21:51:07.0617 4316 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/08 21:51:07.0711 4316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/08 21:51:07.0820 4316 BUFADPT (ea6e259775163b7f2174dc7794abe241) C:\WINDOWS\system32\BUFADPT.SYS
2011/05/08 21:51:07.0961 4316 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/08 21:51:08.0039 4316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/08 21:51:08.0148 4316 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/08 21:51:08.0242 4316 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/08 21:51:08.0305 4316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/08 21:51:08.0367 4316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/08 21:51:08.0461 4316 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/05/08 21:51:08.0539 4316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/08 21:51:08.0617 4316 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys
2011/05/08 21:51:08.0773 4316 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/08 21:51:08.0867 4316 COMMONFX.DLL (ffa7915d9f157b1176717057957779d6) C:\WINDOWS\system32\COMMONFX.DLL
2011/05/08 21:51:08.0977 4316 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/08 21:51:09.0070 4316 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2011/05/08 21:51:09.0164 4316 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/05/08 21:51:09.0273 4316 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/05/08 21:51:09.0336 4316 CTAUDFX.DLL (998fface7dfb702db57d490d61eb6273) C:\WINDOWS\system32\CTAUDFX.DLL
2011/05/08 21:51:09.0414 4316 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/05/08 21:51:09.0492 4316 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/05/08 21:51:09.0602 4316 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2011/05/08 21:51:09.0680 4316 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2011/05/08 21:51:09.0758 4316 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2011/05/08 21:51:09.0836 4316 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
2011/05/08 21:51:09.0977 4316 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/05/08 21:51:10.0055 4316 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2011/05/08 21:51:10.0133 4316 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/05/08 21:51:10.0227 4316 CTSBLFX.DLL (d77b981ec2f619d622c8573fe44dfa70) C:\WINDOWS\system32\CTSBLFX.DLL
2011/05/08 21:51:10.0336 4316 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/05/08 21:51:10.0430 4316 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/08 21:51:10.0523 4316 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/08 21:51:10.0617 4316 DCamUSBEMPIA (f7d785ba9d167bdb0b9b19f79b220aca) C:\WINDOWS\system32\DRIVERS\emDevice.sys
2011/05/08 21:51:10.0727 4316 Dice1394 (2ef3b16e828fd78b6aeb39ab6156607d) C:\WINDOWS\system32\Drivers\Dice1394.sys
2011/05/08 21:51:10.0820 4316 DiceAudioStrm (aaf880a7fd8b322533f03fed6cc370b7) C:\WINDOWS\system32\drivers\DiceAudioStrm.sys
2011/05/08 21:51:10.0914 4316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/08 21:51:11.0023 4316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/08 21:51:11.0117 4316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/08 21:51:11.0195 4316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/08 21:51:11.0289 4316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/08 21:51:11.0367 4316 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/08 21:51:11.0445 4316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/08 21:51:11.0523 4316 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/08 21:51:11.0586 4316 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/08 21:51:11.0680 4316 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/08 21:51:11.0773 4316 emAudio (e63252dc23558bacadcd2d1767bd8c47) C:\WINDOWS\system32\drivers\emAudio.sys
2011/05/08 21:51:11.0867 4316 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/05/08 21:51:11.0945 4316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/08 21:51:12.0039 4316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/08 21:51:12.0133 4316 FiltUSBEMPIA (a752bd7638457a53c9dcd5be1598b3b2) C:\WINDOWS\system32\DRIVERS\emFilter.sys
2011/05/08 21:51:12.0211 4316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/08 21:51:12.0258 4316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/08 21:51:12.0336 4316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/08 21:51:12.0430 4316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/08 21:51:12.0492 4316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/08 21:51:12.0586 4316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/08 21:51:12.0680 4316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/08 21:51:12.0820 4316 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/05/08 21:51:12.0898 4316 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/05/08 21:51:13.0008 4316 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/05/08 21:51:13.0086 4316 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/08 21:51:13.0180 4316 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/08 21:51:13.0273 4316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/08 21:51:13.0352 4316 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/08 21:51:13.0430 4316 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/08 21:51:13.0508 4316 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/08 21:51:13.0664 4316 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/08 21:51:13.0742 4316 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/08 21:51:13.0852 4316 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/08 21:51:13.0945 4316 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/08 21:51:14.0039 4316 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/08 21:51:14.0148 4316 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/08 21:51:14.0242 4316 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/08 21:51:14.0336 4316 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/08 21:51:14.0477 4316 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/08 21:51:14.0555 4316 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/08 21:51:14.0680 4316 iaStor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/08 21:51:14.0805 4316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/08 21:51:14.0914 4316 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/08 21:51:15.0039 4316 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/05/08 21:51:15.0133 4316 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/05/08 21:51:15.0195 4316 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/05/08 21:51:15.0273 4316 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/08 21:51:15.0367 4316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/08 21:51:15.0445 4316 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/08 21:51:15.0523 4316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/08 21:51:15.0633 4316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/08 21:51:15.0711 4316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/08 21:51:15.0836 4316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/08 21:51:15.0945 4316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/08 21:51:16.0055 4316 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
2011/05/08 21:51:16.0148 4316 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
2011/05/08 21:51:16.0227 4316 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
2011/05/08 21:51:16.0320 4316 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
2011/05/08 21:51:16.0430 4316 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
2011/05/08 21:51:16.0523 4316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/08 21:51:16.0633 4316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/08 21:51:16.0727 4316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/08 21:51:16.0820 4316 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/05/08 21:51:17.0086 4316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/08 21:51:17.0164 4316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/08 21:51:17.0227 4316 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/08 21:51:17.0289 4316 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/05/08 21:51:17.0336 4316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/08 21:51:17.0430 4316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/08 21:51:17.0492 4316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/08 21:51:17.0570 4316 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/08 21:51:17.0648 4316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/08 21:51:17.0758 4316 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/08 21:51:17.0898 4316 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/05/08 21:51:17.0992 4316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/08 21:51:18.0070 4316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/08 21:51:18.0164 4316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/08 21:51:18.0258 4316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/08 21:51:18.0352 4316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/08 21:51:18.0445 4316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/08 21:51:18.0523 4316 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/08 21:51:18.0617 4316 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/05/08 21:51:18.0711 4316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/08 21:51:18.0836 4316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/08 21:51:18.0930 4316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/08 21:51:19.0023 4316 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/08 21:51:19.0117 4316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/08 21:51:19.0227 4316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/08 21:51:19.0336 4316 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/08 21:51:19.0398 4316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/08 21:51:19.0477 4316 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/08 21:51:19.0602 4316 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/08 21:51:19.0711 4316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/08 21:51:19.0789 4316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/08 21:51:19.0914 4316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/08 21:51:20.0070 4316 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/08 21:51:20.0195 4316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/08 21:51:20.0273 4316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/08 21:51:20.0336 4316 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/08 21:51:20.0414 4316 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/08 21:51:20.0508 4316 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/05/08 21:51:20.0617 4316 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/08 21:51:20.0727 4316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/08 21:51:20.0836 4316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/08 21:51:20.0930 4316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/08 21:51:20.0992 4316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/08 21:51:21.0102 4316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/08 21:51:21.0180 4316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/08 21:51:21.0289 4316 PCTAppEvent (238d3211ecf5ec32a2d78dbada197dfe) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/05/08 21:51:21.0383 4316 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/05/08 21:51:21.0477 4316 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/05/08 21:51:21.0570 4316 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2011/05/08 21:51:21.0680 4316 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2011/05/08 21:51:21.0773 4316 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2011/05/08 21:51:21.0883 4316 pctNdis (34656ed19d41bfeaf1bfef735a9ad695) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/05/08 21:51:21.0898 4316 pctNdisMP (34656ed19d41bfeaf1bfef735a9ad695) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/05/08 21:51:22.0008 4316 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\WINDOWS\SYSTEM32\DRIVERS\pctplfw.sys
2011/05/08 21:51:22.0117 4316 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2011/05/08 21:51:22.0492 4316 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/08 21:51:22.0570 4316 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/08 21:51:22.0695 4316 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/08 21:51:22.0805 4316 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
2011/05/08 21:51:22.0930 4316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/08 21:51:23.0023 4316 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/08 21:51:23.0086 4316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/08 21:51:23.0180 4316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/08 21:51:23.0305 4316 PVUSB (5039a4f67f781e03b79a4fd0cae27fc8) C:\WINDOWS\system32\DRIVERS\CESG502.sys
2011/05/08 21:51:23.0414 4316 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/08 21:51:23.0477 4316 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/08 21:51:23.0602 4316 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/08 21:51:23.0695 4316 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/08 21:51:23.0789 4316 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/08 21:51:23.0883 4316 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/08 21:51:23.0961 4316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/08 21:51:24.0055 4316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/08 21:51:24.0133 4316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/08 21:51:24.0211 4316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/08 21:51:24.0320 4316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/08 21:51:24.0383 4316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/08 21:51:24.0461 4316 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/08 21:51:24.0555 4316 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/08 21:51:24.0633 4316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/08 21:51:24.0805 4316 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/08 21:51:24.0836 4316 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/08 21:51:24.0930 4316 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/05/08 21:51:25.0039 4316 ScanUSBEMPIA (7bfa395a95e5d714d222e35f041c46e8) C:\WINDOWS\system32\DRIVERS\emScan.sys
2011/05/08 21:51:25.0180 4316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/08 21:51:25.0289 4316 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/08 21:51:25.0398 4316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/08 21:51:25.0492 4316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/08 21:51:25.0680 4316 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/08 21:51:25.0773 4316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/08 21:51:25.0883 4316 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/08 21:51:26.0008 4316 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/08 21:51:26.0086 4316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/08 21:51:26.0180 4316 SQTECH905C (80bba4f191ad76ef2d31dab9162d3fae) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/05/08 21:51:26.0289 4316 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/08 21:51:26.0414 4316 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/08 21:51:26.0492 4316 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/08 21:51:26.0602 4316 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/08 21:51:26.0711 4316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/08 21:51:26.0773 4316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/08 21:51:26.0852 4316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/08 21:51:26.0945 4316 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/08 21:51:27.0070 4316 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/08 21:51:27.0148 4316 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/08 21:51:27.0242 4316 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/08 21:51:27.0320 4316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/08 21:51:27.0430 4316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/08 21:51:27.0539 4316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/08 21:51:27.0633 4316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/08 21:51:27.0711 4316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/08 21:51:27.0820 4316 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/05/08 21:51:27.0930 4316 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/05/08 21:51:28.0039 4316 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/08 21:51:28.0133 4316 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/08 21:51:28.0242 4316 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/08 21:51:28.0336 4316 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/08 21:51:28.0414 4316 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/08 21:51:28.0461 4316 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/08 21:51:28.0508 4316 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/08 21:51:28.0570 4316 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/08 21:51:28.0633 4316 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/08 21:51:28.0727 4316 TFSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/05/08 21:51:28.0805 4316 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/08 21:51:28.0930 4316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/08 21:51:29.0023 4316 UKS11LDR (c4b89bdc1faf0d889248fc01c4bf8610) C:\WINDOWS\system32\drivers\uks11ldr.sys
2011/05/08 21:51:29.0133 4316 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/08 21:51:29.0227 4316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/08 21:51:29.0352 4316 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/08 21:51:29.0445 4316 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/08 21:51:29.0508 4316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/08 21:51:29.0602 4316 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/08 21:51:29.0680 4316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/08 21:51:29.0789 4316 USBKS1X1 (608b6e68f277f4b41c0065fbbc99022e) C:\WINDOWS\system32\drivers\usbks1x1.sys
2011/05/08 21:51:29.0898 4316 USBMIDIM (e8c4e6c347285924a95579565ef03e6c) C:\WINDOWS\system32\drivers\usbmidim.sys
2011/05/08 21:51:29.0992 4316 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/08 21:51:30.0102 4316 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/08 21:51:30.0164 4316 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/08 21:51:30.0289 4316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/08 21:51:30.0398 4316 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/08 21:51:30.0477 4316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/08 21:51:30.0555 4316 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/08 21:51:30.0664 4316 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/08 21:51:30.0789 4316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/08 21:51:30.0945 4316 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\WINDOWS\system32\DRIVERS\VX3000.sys
2011/05/08 21:51:31.0102 4316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/08 21:51:31.0211 4316 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/08 21:51:31.0336 4316 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/05/08 21:51:31.0477 4316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/08 21:51:31.0664 4316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/08 21:51:31.0758 4316 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/08 21:51:31.0883 4316 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/08 21:51:31.0992 4316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/08 21:51:32.0086 4316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/08 21:51:32.0211 4316 X4HSEx (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Free Ride Games\X4HSEx.Sys
2011/05/08 21:51:32.0289 4316 ================================================================================
2011/05/08 21:51:32.0289 4316 Scan finished
2011/05/08 21:51:32.0289 4316 ================================================================================

#12 krash1975

krash1975
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 May 2011 - 05:34 AM

In addition, I after the above scan, I ran SuperAntiSpyware and cleansed 7 tracking cookies. I then ran MBAM and it found and quaritined what looks like the remnants of a rootkit restore point(?). Here is the log file. Thanks.
krash75

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6534

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/9/2011 6:20:19 AM
mbam-log-2011-05-09 (06-20-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 439909
Time elapsed: 2 hour(s), 48 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP2473\A0621579.sys (Rootkit.Patch) -> No action taken.

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:36 PM

Posted 09 May 2011 - 09:23 AM

Hi-

Things are looking good.

We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Please copy the two OTL reports into your reply.
Shannon

#14 krash1975

krash1975
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 May 2011 - 07:50 PM

OTL logfile created on: 5/9/2011 8:28:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ray\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.99 Gb Total Space | 25.78 Gb Free Space | 17.66% Space Free | Partition Type: NTFS

Computer Name: DJLMCF51 | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 19:04:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
PRC - [2011/05/09 06:36:19 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/03/31 10:19:02 | 001,156,568 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2011/03/31 10:19:00 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/22 18:19:45 | 002,201,936 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2010/10/18 15:08:40 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/03/16 07:04:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2010/03/12 18:41:18 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1139689552\ee\aolsoftware.exe
PRC - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/21 12:37:06 | 000,086,016 | ---- | M] (Nektra S.A.) -- C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/04/13 12:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/03 21:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/25 03:52:26 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/03/23 13:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 13:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/02/20 18:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 19:04:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
MOD - [2011/01/13 07:19:51 | 000,007,168 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\idleproc.dll
MOD - [2010/12/31 09:36:32 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll
MOD - [2010/03/16 07:07:21 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/05/13 13:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
MOD - [2003/02/20 18:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/31 10:19:02 | 001,156,568 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/07/13 17:34:23 | 000,042,312 | R--- | M] (AOL Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/12 18:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/13 12:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/25 03:52:26 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU)
SRV - [2004/03/23 13:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 10:18:52 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctNdis.sys -- (pctNdisMP)
DRV - [2011/03/31 10:18:52 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctNdis.sys -- (pctNdis)
DRV - [2011/01/17 09:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplfw.sys -- (pctplfw)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/12 11:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/12/31 09:36:40 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 16:57:26 | 000,160,448 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/12 18:41:18 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2010/03/10 22:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP17v2k.sys -- (hap17v2k)
DRV - [2006/12/07 02:21:04 | 000,011,008 | R--- | M] (BUFFALO INC.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\BUFADPT.SYS -- (BUFADPT)
DRV - [2005/08/12 11:50:07 | 000,016,608 | R--- | M] (TC Tech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DiceAudioStrm.sys -- (DiceAudioStrm)
DRV - [2005/08/12 11:50:06 | 000,069,504 | R--- | M] (TC Tech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dice1394.sys -- (Dice1394)
DRV - [2005/07/13 12:08:20 | 000,033,890 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt905c.sys -- (SQTECH905C)
DRV - [2005/02/11 11:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750obex.sys -- (k750obex)
DRV - [2005/02/11 11:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 11:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mdm.sys -- (k750mdm)
DRV - [2005/02/11 11:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mdfl.sys -- (k750mdfl)
DRV - [2005/02/11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004/08/03 23:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 23:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 00:20:10 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/05/29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/05/26 00:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/05 16:24:58 | 000,004,522 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/05/05 16:24:46 | 000,005,246 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/05/05 16:24:36 | 000,104,270 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/05/04 22:10:32 | 000,020,224 | ---- | M] (eMPIA Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/11/05 14:11:14 | 000,017,920 | ---- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ceusbaud.sys -- (CEUSBAUD)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc)
DRV - [2003/03/27 12:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 17:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 17:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 17:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 17:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 11:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 18:26:42 | 000,655,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ctsblfx.dll -- (CTSBLFX.DLL)
DRV - [2003/02/20 18:25:32 | 000,495,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ctaudfx.dll -- (CTAUDFX.DLL)
DRV - [2003/02/20 18:25:02 | 000,126,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\commonfx.dll -- (COMMONFX.DLL)
DRV - [2003/02/20 18:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2003/02/20 18:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 18:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 18:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/25 13:02:28 | 000,023,392 | R--- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbks1x1.sys -- (USBKS1X1)
DRV - [2002/09/25 13:02:28 | 000,015,740 | R--- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\uks11ldr.sys -- (UKS11LDR)
DRV - [2002/09/25 13:02:28 | 000,005,664 | R--- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbmidim.sys -- (USBMIDIM)
DRV - [2002/06/12 22:50:00 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CESG502.sys -- (PVUSB)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-01-2010&tb_mrud=29-03-2010"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6518
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/16 07:07:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 07:01:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 17:17:52 | 000,000,000 | ---D | M]

[2008/09/08 20:46:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions
[2011/04/24 09:49:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\hv5xpfad.default\extensions
[2011/01/22 17:30:38 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\hv5xpfad.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/16 22:02:40 | 000,000,000 | -H-D | M] (Fire.fm) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\hv5xpfad.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/04/24 09:46:03 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\hv5xpfad.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/03/29 18:47:14 | 000,002,343 | -H-- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\hv5xpfad.default\searchplugins\aol-search.xml
[2010/05/23 16:30:32 | 000,001,832 | -H-- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\hv5xpfad.default\searchplugins\bing.xml
[2011/04/08 15:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 19:33:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 22:53:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 17:55:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 21:34:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/08 15:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HV5XPFAD.DEFAULT\EXTENSIONS\{ADA4B710-8346-4B82-8199-5DE2B400A6AE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HV5XPFAD.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2008/12/02 18:17:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/03 07:01:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/20 14:34:43 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2006/01/18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/08/18 21:11:43 | 000,001,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober257557093.xml

O1 HOSTS File: ([2011/05/07 09:21:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [American Airlines DealFinder] File not found
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139689552\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe (Nektra S.A.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Pam\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Ray\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\..Trusted Domains: malwarebytes.org ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://aolsvc.aol.com/onlinegames/free-trial-nightshift-legacy-the-jaguars-eye/Nightshift2Web.1.0.0.9.cab (CPlayFirstNightshiftControl Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.geni.com/ImageUploader_5_5.cab (Image Uploader Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles-2/dream2web.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/05/09 19:04:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
[2011/05/08 21:59:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/08 21:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\IRS
[2011/05/08 21:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\Money
[2011/05/08 21:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\N&P
[2011/05/08 21:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\GM Ray
[2011/05/07 08:52:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/07 08:39:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/07 08:39:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/07 08:39:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/07 08:39:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/06 20:10:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/06 20:03:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/06 14:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\BigFishv1005
[2011/05/04 22:32:16 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ray\Desktop\TDDSKiller.exe
[2011/05/03 21:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream
[2011/05/02 22:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/02 22:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/02 21:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/01 18:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\SUPERAntiSpyware.com
[2011/05/01 18:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/01 18:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/01 18:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/25 19:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/04/25 19:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/24 14:49:16 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/24 14:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/24 14:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Start Menu\Programs\HiJackThis
[2011/04/23 22:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Free_Ride_Games
[2011/04/23 22:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ConduitEngine
[2011/04/23 22:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/04/22 22:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/04/22 22:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/04/22 22:35:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2011/04/11 20:48:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ray\IECompatCache
[2011/04/10 17:28:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ray\PrivacIE
[2011/04/10 17:13:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ray\IETldCache
[2011/04/10 17:08:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/04/10 17:03:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/04/10 16:50:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/04/09 22:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Registry Mechanic
[2011/04/09 21:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Mechanic
[2011/04/09 21:54:54 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2011/04/09 21:54:54 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2011/04/09 21:54:54 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2011/04/09 21:54:54 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2011/04/09 21:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/04/08 15:47:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/08 15:47:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/06 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/06 17:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/06 17:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 03:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\PCTools
[2011/04/03 14:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\Travel
[2011/04/03 14:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Spam Monitor
[2011/04/03 14:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\PCToolsFirewallPlus
[2011/04/03 13:22:28 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/04/03 13:22:28 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/04/03 13:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/04/03 13:22:11 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/04/03 13:22:11 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/04/03 13:22:11 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/04/03 13:22:03 | 000,125,248 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2011/04/03 13:22:03 | 000,089,472 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2011/04/03 13:22:03 | 000,056,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2011/04/03 13:22:03 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2011/04/02 15:12:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ray\Recent
[2011/03/22 21:18:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hidden Expedition - Devil's Triangle Strategy Guide
[2011/03/22 21:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Expedition - Devil's Triangle Strategy Guide
[2011/03/19 15:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\MP3DownloadManager
[2011/03/19 15:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/19 15:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2011/03/19 15:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2009/02/16 21:26:43 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtusb1.dll
[2009/02/16 21:26:42 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtserv.dll
[2009/02/16 21:26:42 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtpmui.dll
[2009/02/16 21:26:42 | 000,386,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtih.exe
[2009/02/16 21:26:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtprox.dll
[2009/02/16 21:26:42 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtpplc.dll
[2009/02/16 21:26:41 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtcomc.dll
[2009/02/16 21:26:41 | 000,538,096 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtcoms.exe
[2009/02/16 21:26:41 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtcomm.dll
[2009/02/16 21:26:41 | 000,382,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtcfg.exe
[2009/02/16 21:26:40 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtlmpm.dll
[2007/09/27 20:57:18 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtiesc.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtinpa.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbthbn3.dll
[2007/01/20 14:26:16 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/07/30 23:23:23 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2011/05/09 20:35:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{455FED44-D221-444E-835D-B5ABA627F8E4}.job
[2011/05/09 19:04:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
[2011/05/09 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/05/09 06:26:26 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/09 06:25:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 06:25:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/09 06:24:27 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/09 06:24:27 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/09 06:24:27 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/09 06:24:27 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/09 06:24:27 | 000,001,236 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/05/09 06:24:27 | 000,001,236 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/05/09 06:24:23 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/05/09 06:24:23 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/05/07 09:21:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/07 08:52:48 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/05/06 22:39:37 | 004,342,980 | R--- | M] () -- C:\Documents and Settings\Ray\Desktop\ComboFix.exe
[2011/05/05 22:17:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 22:03:47 | 000,031,625 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2011/05/04 22:32:27 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ray\Desktop\TDDSKiller.exe
[2011/05/04 22:29:19 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\tdsskiller.zip
[2011/05/04 19:55:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/05/04 19:55:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/05/04 18:00:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/05/04 18:00:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/05/02 22:38:10 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/02 21:40:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/02 21:14:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/05/02 21:14:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/05/01 21:29:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/05/01 21:29:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/05/01 18:05:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/30 13:46:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ray\defogger_reenable
[2011/04/28 07:23:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/04/28 07:23:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/04/28 06:20:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/04/28 06:20:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/04/27 21:22:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/04/27 21:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/04/27 19:32:53 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 16:34:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/24 14:49:16 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/24 14:30:33 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\HiJackThis.lnk
[2011/04/16 17:10:27 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/04/16 13:55:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/04/16 13:55:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/04/15 23:45:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/04/15 23:45:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/04/15 03:39:34 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:19:07 | 000,873,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/15 03:18:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 03:15:59 | 000,541,374 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/15 03:15:59 | 000,102,712 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/13 14:25:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2011/04/13 14:25:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2011/04/11 22:14:32 | 000,017,115 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\resolution-business.pdf
[2011/04/11 07:11:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2011/04/11 07:11:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2011/04/09 19:58:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2011/04/09 19:58:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/04/06 17:02:30 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/06 17:02:30 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Spybot - Search & Destroy.lnk
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/05 22:08:56 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/04 18:14:50 | 000,000,511 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/04/03 17:18:04 | 000,000,337 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\My Documents.lnk
[2011/04/03 16:13:08 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Excel.lnk
[2011/04/03 13:25:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SM.lock
[2011/04/03 13:22:14 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
[2011/04/03 09:00:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/31 10:18:52 | 000,056,536 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2011/03/31 10:18:52 | 000,031,960 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2011/03/24 06:42:30 | 000,000,742 | -H-- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/22 21:18:55 | 000,002,035 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Hidden Expedition - Devil's Triangle Strategy Guide.lnk
[2011/03/22 21:18:55 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/03/22 21:13:40 | 000,001,399 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 08:52:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/07 08:52:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/07 08:39:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/07 08:39:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/07 08:39:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/07 08:39:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/07 08:39:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/06 22:39:37 | 004,342,980 | R--- | C] () -- C:\Documents and Settings\Ray\Desktop\ComboFix.exe
[2011/05/04 22:29:05 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\tdsskiller.zip
[2011/05/04 19:55:36 | 000,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
[2011/05/04 19:55:36 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2011/05/04 18:00:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata10.sqm
[2011/05/04 18:00:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2011/05/02 22:38:10 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/02 21:40:24 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/02 21:14:08 | 000,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2011/05/02 21:14:08 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2011/05/01 21:29:27 | 000,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2011/05/01 21:29:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2011/05/01 18:05:02 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/30 13:46:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ray\defogger_reenable
[2011/04/28 07:23:24 | 000,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2011/04/28 07:23:24 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2011/04/28 06:20:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2011/04/28 06:20:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2011/04/27 21:22:31 | 000,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2011/04/27 21:22:31 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2011/04/27 20:56:12 | 000,000,252 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/04/24 16:34:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/24 16:34:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/24 14:30:33 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\HiJackThis.lnk
[2011/04/23 03:28:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/16 13:55:39 | 000,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2011/04/16 13:55:39 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2011/04/15 23:45:14 | 000,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2011/04/15 23:45:14 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2011/04/13 14:25:38 | 000,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2011/04/13 14:25:38 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2011/04/11 22:14:31 | 000,017,115 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\resolution-business.pdf
[2011/04/11 07:11:05 | 000,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2011/04/11 07:11:05 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2011/04/09 21:54:56 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/04/09 21:54:54 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/04/09 19:58:36 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2011/04/09 19:58:36 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2011/04/06 17:02:30 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/06 17:02:30 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Spybot - Search & Destroy.lnk
[2011/04/05 22:08:56 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/05 22:08:56 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Ray\Start Menu\Programs\Windows Media Player.lnk
[2011/04/03 17:18:04 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\My Documents.lnk
[2011/04/03 16:13:08 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Excel.lnk
[2011/04/03 13:25:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SM.lock
[2011/04/03 13:22:29 | 000,873,206 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/03 13:22:14 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
[2011/04/03 09:00:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 06:42:30 | 000,000,730 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/22 21:18:55 | 000,002,035 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Hidden Expedition - Devil's Triangle Strategy Guide.lnk
[2011/02/24 22:37:49 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/12/02 18:02:12 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\mcs.rma
[2010/12/02 18:02:12 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\24D9BF
[2010/09/25 20:05:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/08/18 21:13:57 | 000,000,458 | ---- | C] () -- C:\Program Files\0818201021135737.bat
[2010/04/23 22:02:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/23 21:33:10 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/10/31 09:49:23 | 000,070,176 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 21:55:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/07/29 13:32:03 | 000,000,079 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/05/12 18:25:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTB13GE.INI
[2009/03/08 15:44:23 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/03/08 15:43:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/02/16 21:27:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcfg.dll
[2009/02/16 21:26:44 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/02/16 21:26:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2009/02/16 21:26:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2009/02/16 21:26:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2009/02/16 21:26:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2008/10/28 20:27:05 | 000,000,406 | ---- | C] () -- C:\WINDOWS\ereg077.dat
[2008/09/13 23:17:38 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini
[2008/06/10 16:21:44 | 000,000,819 | ---- | C] () -- C:\WINDOWS\MTB13.INI
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/10 20:44:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\$_hpcst$.hpc
[2008/02/24 16:15:48 | 000,000,656 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2007/11/25 22:41:55 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/07 16:15:21 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/10/02 06:50:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2007/10/02 06:50:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2007/10/01 07:37:50 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2007/10/01 07:37:50 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2007/09/27 20:58:24 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/09/27 20:58:22 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2007/09/27 20:57:38 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2007/09/27 20:57:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/27 20:57:31 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/09/27 20:57:30 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/09/27 20:57:30 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/09/27 20:57:30 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/09/27 20:57:30 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/09/27 20:57:26 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2007/09/27 20:57:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2007/09/27 20:57:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2007/09/27 20:57:26 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2007/09/27 20:57:26 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007/09/27 20:57:17 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000002.dat
[2007/09/27 20:56:59 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/12 13:22:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/06/12 11:45:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/04/12 19:42:52 | 000,000,204 | ---- | C] () -- C:\WINDOWS\freeload.ini
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/03/31 16:24:16 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/03/31 16:24:15 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/03/31 16:24:15 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/03/31 16:24:15 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/19 08:20:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2007/02/19 08:17:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2007/02/19 08:17:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2007/02/19 08:16:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2007/01/25 03:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe
[2007/01/11 09:20:28 | 000,026,097 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2006/12/28 22:23:39 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/29 17:24:42 | 000,195,224 | ---- | C] () -- C:\WINDOWS\TSCC.exe
[2006/11/06 01:14:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/09/24 15:13:32 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/09/24 15:13:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/08/30 15:41:11 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/08/30 15:40:51 | 000,004,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/23 21:51:31 | 000,000,108 | ---- | C] () -- C:\WINDOWS\multifxVST.INI
[2006/07/23 20:55:37 | 000,447,777 | ---- | C] () -- C:\WINDOWS\System32\DAE.dll.rsr
[2006/07/17 20:09:30 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/07/17 20:09:30 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/07/17 20:09:30 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/07/17 20:09:30 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/07/17 20:09:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/17 20:09:23 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/07/15 19:40:29 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/27 14:15:16 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2006/05/25 22:22:50 | 000,002,917 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2006/03/06 03:08:00 | 000,008,946 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmimo3.bin
[2006/01/23 20:52:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/11 18:56:42 | 000,207,360 | ---- | C] () -- C:\WINDOWS\BlueRem.exe
[2005/09/25 16:18:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/25 16:18:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/25 16:18:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/25 16:18:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/25 16:18:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/25 16:18:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/28 23:05:28 | 000,000,058 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2005/08/26 00:11:46 | 000,000,404 | ---- | C] () -- C:\WINDOWS\Sniffy.ini
[2005/07/30 23:23:23 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/06/08 23:18:00 | 000,145,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2005/05/25 14:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtcnv4.dll
[2005/05/06 20:04:51 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/03/21 17:34:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\MixBUda.INI
[2005/01/26 05:23:00 | 000,005,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNI6000.BIN
[2005/01/13 17:55:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/12/25 13:23:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/22 21:11:41 | 000,001,765 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2004/08/17 20:44:47 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/16 23:14:49 | 000,000,252 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2004/08/16 11:22:01 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/08/12 08:41:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\dm.ini
[2004/08/10 19:35:17 | 000,008,521 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/08/09 20:44:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\fusioncache.dat
[2004/08/09 18:47:34 | 000,001,284 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/08/09 18:23:56 | 000,000,950 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/08/03 00:22:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/03 00:19:34 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/03 00:13:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/03 00:07:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/03 00:06:29 | 000,000,292 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/03 00:04:10 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2004/08/03 00:03:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/02 23:55:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/02 23:54:20 | 000,541,374 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/02 23:54:20 | 000,102,712 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/02 23:38:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/13 00:49:02 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\BFAIFILT.SYS
[2004/05/27 22:43:42 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\AIFILT.SYS
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/11 11:03:20 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 11:02:24 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/04/04 17:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/04 00:07:00 | 000,084,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2004/04/04 00:07:00 | 000,083,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1995/03/22 03:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980/01/01 01:00:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 01:00:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(3).exe
[1980/01/01 01:00:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(2).exe
[1980/01/01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\Ray\Desktop\Sean's Expenses.xls:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\SUITE FOR VIOLONOCELLO SOLO.pdf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\Lint.pdf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\A Short Collection of Phrases of Various Lengths.pdf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\12 18 10 PDF.pdf:AFP_AfpInfo
@Alternate Data Stream - 50 bytes -> C:\Documents and Settings\All Users\Documents\Christmas Gig:com.apple.quarantine
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54CB420C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BB26BE9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7183FA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78AFAE94
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD37E8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B27D3A9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3325D6E9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D853F961
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFA5D33

< End of report >


-------------------------


OTL Extras logfile created on: 5/9/2011 8:28:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ray\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.99 Gb Total Space | 25.78 Gb Free Space | 17.66% Space Free | Partition Type: NTFS

Computer Name: DJLMCF51 | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2488962300-500217135-1614769870-1009\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL 9.1
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL 9.5 -- (AOL, LLC.)
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL Desktop 9.6 -- (AOL Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE" = C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC -- ()
"C:\Program Files\Savings Bond Wizard\SBWizard.exe" = C:\Program Files\Savings Bond Wizard\SBWizard.exe:*:Enabled:Savings Bond Wizard -- (U.S. Department of the Treasury)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1139689552\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1139689552\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1139689552\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1139689552\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"C:\WINDOWS\SYSTEM32\USMT\migwiz.exe" = C:\WINDOWS\SYSTEM32\USMT\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL 9.5 -- (AOL, LLC.)
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
"C:\WINDOWS\FRGN.ico" = C:\WINDOWS\FRGN.ico:*:Enabled:FRGN -- ()
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL Desktop 9.6 -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D2FE34-8DF7-4504-8C80-5633527FA52F}" = MultiMix
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{21289AE2-24FE-11D5-8F73-0050DA0F6297}" = The Sims Menu Editor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 24
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = Plextor ConvertX AV100U A/V Capture Device Driver
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EA5DA63-77E4-C955-BABC-440D7F391ECD}" = MP3 Download Manager
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA0EA26-CA46-11D4-B1B3-0050DAB93BD0}" = Digidesign Pro Tools FREE
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
"{47A3FE80-528F-482B-8143-B3A4645557FC}" = Microsoft LifeCam
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{514DF7BB-D192-417C-BB60-58BF1FD34253}" = S500/S600 USB Driver
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61781604-466B-43EA-A62D-930DBB21FDAF}" = MIDI Yoke
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6527051E-8939-4639-9690-800B3442E610}" = PC Tools Anti-Spam Toolbar
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A4C9B4B2-4227-4EAB-885A-6E358F01E47D}" = Dell GPS Navigation System Europe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"4249-7808-9389-3199" = Verizon Wireless Download Manager 2.2.7-SNAPSHOT-r10935
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Amazing Adventures Special Edition" = Amazing Adventures Special Edition (remove only)
"American Airlines DealFinder" = American Airlines DealFinder (remove only)
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"ATI Display Driver" = ATI Display Driver
"Bejeweled 3" = Bejeweled 3
"BFG-Adventure Chronicles - The Search for Lost Treasure" = Adventure Chronicles: The Search for Lost Treasure
"BFG-Amazing Adventures - Around the World" = Amazing Adventures: Around the World
"BFG-Amazing Adventures - The Caribbean Secret" = Amazing Adventures: The Caribbean Secret
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition &reg; - Devil's Triangle
"BFG-Hidden Expedition - Devil's Triangle Strategy Guide" = Hidden Expedition &reg; : Devil's Triangle Strategy Guide
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"BFG-The Heritage" = The Heritage
"BroadJump Client Foundation" = BroadJump Client Foundation
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDKNet" = CDK Players
"com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1" = MP3 Download Manager
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DivX Content Uploader" = DivX Content Uploader
"Doom Builder_is1" = Doom Builder
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"GamesBar" = GamesBar 2.0.1.59
"Google Chrome" = Google Chrome
"Great Escapes Solitaire Collection" = Great Escapes Solitaire Collection
"Hidden Expedition - Titanic" = Hidden Expedition - Titanic (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"InterActual Player" = InterActual Player
"Invention" = Invention Studio
"Kazoo Player" = Kazoo Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MINITAB" = MINITAB 13
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteWorthy Composer 2" = NoteWorthy Composer 2
"RealArcade 1.2" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"rgc:audio sfz VSTi_is1" = rgc:audio sfz VSTi v1.96
"Rock V1.06_is1" = Rock
"Savings Bond Wizard" = Savings Bond Wizard
"sfArk" = sfArk
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = PC Tools Internet Security 8.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"TablEdit_is1" = TablEdit 2.65
"TEFView_is1" = TEFView 2.64
"Vienna SoundFont Studio" = Creative Vienna SoundFont Studio
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
"Yapta" = Yapta
"Yoono Desktop_is1" = Yoono Desktop 1.7.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2488962300-500217135-1614769870-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2011 7:12:16 PM | Computer Name = DJLMCF51 | Source = Windows Search Service | ID = 3079
Description = Notifications for the volume c:\ are not active.

Error - 4/30/2011 9:20:23 PM | Computer Name = DJLMCF51 | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (6)

Error - 5/4/2011 8:00:13 PM | Computer Name = DJLMCF51 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 5/4/2011 8:44:27 PM | Computer Name = DJLMCF51 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 5/5/2011 5:43:30 AM | Computer Name = DJLMCF51 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 5/5/2011 10:05:54 PM | Computer Name = DJLMCF51 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 5/7/2011 8:39:00 AM | Computer Name = DJLMCF51 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 5/9/2011 4:37:30 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 5:18:12 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 5:59:24 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 6:20:25 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 6:41:26 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 6:48:20 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 7:01:21 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 7:15:22 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 7:36:23 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 8:18:15 PM | Computer Name = DJLMCF51 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:36 PM

Posted 10 May 2011 - 02:23 PM

Hi-

Let's clean up a few things.

We need to run an OTL Fix.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-2488962300-500217135-1614769870-1009\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [American Airlines DealFinder] File not found
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
FF - prefs.js..network.proxy.type: 4
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.

    Next, I'd like for you to scan your machine with ESET OnlineScan
    • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
    • ESET OnlineScan
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.
In your reply, please copy in the OTL report and the ESET OnlineScan report (if it gives you one). How is your computer doing now - ok?
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users