Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef is in my PC


  • This topic is locked This topic is locked
77 replies to this topic

#1 stratol

stratol

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 10 April 2012 - 01:54 PM

I'm on Dial-Up..... it's been hard to get this stuff because I'm also having trouble staying connected to the internet.
I've been trying to get the logs and I think I have what was asked.
There has been some redirecting to some odd places, one happened as I clicked to write this-it was skimlinks and some other stuff.....don't know what that is and it started doing this in the last couple days.
While getting logs last night I had a 'blue sceen' error twice and had to do a system restore using 'safe mode'- using the f8 key...not sure what happened.
Here are the logs...................
Thanks, Matt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by L.M.King at 21:31:31 on 2012-04-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.504 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [AT&T Yahoo! Dial Connection Manager] c:\program files\sbc yahoo!\connection manager\ConnectionManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: link = 00000000
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241718275406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{160585D7-FA6E-44EC-83B3-8493DCE4E1DF} : NameServer = 209.244.0.3 209.244.0.4
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl5a91bcaf;MpKsl5a91bcaf;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d530a3c-67b1-469b-b05a-b73d646fb76b}\MpKsl5a91bcaf.sys [2012-4-9 29904]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-26 30192]
.
=============== Created Last 30 ================
.
2012-04-10 01:32:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d530a3c-67b1-469b-b05a-b73d646fb76b}\offreg.dll
2012-04-10 01:32:55 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d530a3c-67b1-469b-b05a-b73d646fb76b}\MpKsl5a91bcaf.sys
2012-04-10 01:30:00 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d530a3c-67b1-469b-b05a-b73d646fb76b}\mpengine.dll
2012-04-10 01:26:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-10 01:26:39 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-03-14 13:21:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 21:32:15.98 ===============












Thank you again....I hope I did that right!!
Matt

Attached Files


Edited by stratol, 10 April 2012 - 02:02 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:45 AM

Posted 13 April 2012 - 12:45 AM

Hello Matt!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 stratol

stratol
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 April 2012 - 09:27 AM

Hello ST and thank you for helping
I'm on Dial-Up and not sure if this is the problem but the TDSS tool will not down load.
It hangs up at a point after only running for a few mins and then it will show 2% downloaded for 30 mins (so far that's as far as it's gone), should I continue? My PC has slowed down and continues to. I have to watch it cos the VP (MS Security Essentials) keeps asking me to 'clean my computer' when it catches more virus's (?)
Thank you
Matt

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:45 AM

Posted 13 April 2012 - 09:39 AM

Hi Matt!

Sorry to hear you're experiencing issues with it.

Lets skip the steps for download and running TDSSKiller for now. Please proceed with the rest of the instructions in my previous post.

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 stratol

stratol
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 April 2012 - 03:05 PM

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
could not download file





3. Farbar Service Scanner log.

Farbar Service Scanner Version: 01-03-2012
Ran by L.M.King (administrator) on 13-04-2012 at 12:06:41
Running from "C:\Documents and Settings\L.M.King\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
WAN connected
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(80)
0x500000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000100000001100000012000000130000001400000015000000160000001700000018000000190000001A0000001B0000001C0000001D0000001E0000001F000000200000002100000022000000230000002400000025000000260000002700000028000000290000002A0000002B0000002C0000002D0000002E0000002F000000300000003100000032000000330000003400000035000000360000003700000038000000390000003A0000003B0000003C0000003D0000003E0000003F000000400000004100000042000000430000004400000045000000460000004700000048000000490000004A0000004B0000004C0000004D0000004E0000004F00000050000000
IpSec Tag value is correct.

**** End of log ****






4. OTL.txt & Extras.txt logs.
Could not download file

5. An update on how your computer is currently running.
PC is running slower and slower. Makes a 'clinking' noise in the back ground now and then for no reason. Blue screen error while trying to do these logs and had to sus restore to last known config....one of the viruses is in my System Volume Information\_restore...did a manual scan after sys restore and it found that. JS/IframeRef has been popping up as well as the Sirefef.


I don't know if this is gonna help.....
Thank you
Matt

Edited by stratol, 13 April 2012 - 03:30 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:45 AM

Posted 14 April 2012 - 08:48 AM

Hi Matt!

So sorry to hear you're experiencing issues with downloading those tools.

Could you do me a favor and run a new scan with DDS and provide me with that log file to review?

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 stratol

stratol
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 14 April 2012 - 10:14 AM

Hey ST, good morning

Here are the logs



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by L.M.King at 9:58:46 on 2012-04-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.438 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [AT&T Yahoo! Dial Connection Manager] c:\program files\sbc yahoo!\connection manager\ConnectionManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: link = 00000000
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241718275406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{160585D7-FA6E-44EC-83B3-8493DCE4E1DF} : NameServer = 209.244.0.3 209.244.0.4
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pctoolsfirewallplus;Se2Bnd5;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-26 30192]
.
=============== Created Last 30 ================
.
2012-04-14 12:52:46 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5bbcc83-034e-4868-a927-af5ce913b1ec}\offreg.dll
2012-04-14 02:31:32 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5bbcc83-034e-4868-a927-af5ce913b1ec}\mpengine.dll
2012-04-13 15:17:48 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-13 15:13:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-13 15:13:02 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-03-14 13:21:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:59:43.26 ===============

Attached Files



#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:45 AM

Posted 14 April 2012 - 10:51 AM

Hi Matt!

Thanks for that log file!

Can you see if you can download and run this tool?


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 stratol

stratol
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 15 April 2012 - 02:33 PM

Hey ST,
While running the Combofix my pc went to a 'blue sceen' error and I had to f8 and last known config to get back. When I started the scan w/ combofix it asked me to connect to the internet so it could install a windows restore that wasn't there that it needed and I did that. I don't know what happened. Having th VP turned off is a little scarry as I am constantly cleaning when pop ups from MS Security Ess tells me to.

Please advise.

Thank you!

Matt

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:45 AM

Posted 17 April 2012 - 12:38 AM

Hi Matt!

While running the Combofix my pc went to a 'blue sceen' error and I had to f8 and last known config to get back. When I started the scan w/ combofix it asked me to connect to the internet so it could install a windows restore that wasn't there that it needed and I did that. I don't know what happened. Having th VP turned off is a little scarry as I am constantly cleaning when pop ups from MS Security Ess tells me to.

Sorry to hear that you encountered an issue when running ComboFix. Did you attempt to boot up into Safe Mode once you got the Blue Screen of Death?

When you first ran ComboFix it should have prompted you to install the Windows Recovery Console, this is installed as a precautionary measure, so that in the event something goes unexpected with running ComboFix we have a method for getting back into Windows.

I completely understand your concern about having your Anti-Virus program disabled while we're cleaning this malware up.

When I am not having you run fixes, you can go ahead and re-enable your Anti-Virus program.

Do you recall exactly how far ComboFix was able to scan before it restarted on you?

~ST.

Edited by SweetTech, 17 April 2012 - 12:45 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 stratol

stratol
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 17 April 2012 - 07:31 AM

Hey ST,
Good morning
I dont recall what had as I had to get up and go into the other room. It starteed the Windows Recovery Console down load I know that but when I got back there was a BSoD on and I did recover in safe mode.

I've since downed loaded mbam and have some logs from that if you want them....sorry I was as patient as I could be, just read up some and it seems like something I could use...tho I think I down loaded the wrong one , it says it's a '14 day trial'??

Also, I reran ComboFix....last night...forgot to turn off the MSE and it made some noise tell I got it turned off. I forgot to disable mbam, didnt know it ran continuously and I stayed and watched this time (as much as I could). It (ComboFix) spent a long time downloading the recovery thing....I could not stay up so I had to stop it.

I really dont know what I'm doing......sorry for the stupidity...

Thank you again,
Matt

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:45 AM

Posted 17 April 2012 - 08:25 AM

Hi Matt!

See the following snippet from my colleague Quietman7 in regards to the trial version of MBAM:


A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support using the instructions in the link provided by Animal. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.


Can you post the MBAM logs that you have?

You can access the logs using these instructions below:

Grab Malwarebytes' Anti-Malware Log-File

  • Open Malwarebytes' Anti-Malware
  • Select the Logs tab
  • Click on the latest log. The bottom most log is the latest
  • Click Open
  • Notepad will open. Please post this log in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 stratol

stratol
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 17 April 2012 - 10:09 AM

Good morning, ST

Thank you for clearing that up about the mbam. I'm having trouble updating mbam, it's say it's out of date by 12 days and won't stay connected or it's a connection issue...
Program_Error_Updating (0,0,Incomplete Transfer)....what ever that means...I keep trying to update tho.

I've run a few scans and while ComboFix was running windows kept popping up asking me to diable.....ignore or quarantine...I hit quarantine not knowing what to do. I guess I should have not done it on my on as was I told in the top of the post here....I'm sorry.
-------



1st log....

..........................................

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
L.M.King :: LMK [administrator]

Protection: Enabled

4/16/2012 5:36:01 PM
mbam-log-2012-04-16 (17-36-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262922
Time elapsed: 58 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\usbnaw32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\L.M.King\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\L.M.King\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

Files Detected: 4
C:\WINDOWS\system32\usbnaw32.dll (Trojan.Dropper) -> Delete on reboot.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP61\A0014104.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Q5YT1H8v.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008\Viruses.bdt (Rogue.VirusRemove) -> Quarantined and deleted successfully.

(end)

-----------------
while running ComboFix that I didnt finish





2012/04/16 17:34:39 -0500 LMK L.M.King MESSAGE Starting protection
2012/04/16 17:34:45 -0500 LMK L.M.King MESSAGE Protection started successfully
2012/04/16 17:34:48 -0500 LMK L.M.King MESSAGE Starting IP protection
2012/04/16 17:34:59 -0500 LMK L.M.King MESSAGE IP Protection started successfully
2012/04/16 17:35:07 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:35:07 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:35:10 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:35:16 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:02 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:05 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:11 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:34 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:37 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:41 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:43 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:44 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:36:50 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:29 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:29 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:50 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:53 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:37:59 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:38:28 -0500 LMK L.M.King IP-BLOCK 60.173.10.185 (Type: incoming)
2012/04/16 17:38:42 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:38:45 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:38:51 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:39:06 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:39:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:39:15 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:39:39 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:39:42 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:39:46 -0500 LMK L.M.King IP-BLOCK 60.173.10.185 (Type: incoming)
2012/04/16 17:39:48 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:40:18 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:40:21 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:40:27 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:40:46 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:40:49 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:40:55 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:41:18 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:41:21 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:41:27 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:41:37 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:41:40 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:41:45 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:41:46 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:41:48 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:41:50 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:41:53 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:41:54 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:41:59 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:42:07 -0500 LMK L.M.King IP-BLOCK 95.215.2.8 (Type: outgoing)
2012/04/16 17:42:10 -0500 LMK L.M.King IP-BLOCK 95.215.2.8 (Type: outgoing)
2012/04/16 17:42:16 -0500 LMK L.M.King IP-BLOCK 95.215.2.8 (Type: outgoing)
2012/04/16 17:42:18 -0500 LMK L.M.King IP-BLOCK 125.45.109.166 (Type: incoming)
2012/04/16 17:42:18 -0500 LMK L.M.King IP-BLOCK 125.45.109.166 (Type: incoming)
2012/04/16 17:42:18 -0500 LMK L.M.King IP-BLOCK 125.45.109.166 (Type: incoming)
2012/04/16 17:42:28 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:42:30 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:42:31 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:42:33 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:42:37 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:42:39 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:43:24 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:43:27 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:43:30 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:43:32 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:43:33 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:43:39 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:44:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:44:12 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:44:17 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:44:18 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:44:20 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:44:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:44:38 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:44:41 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:44:47 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:45:19 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:45:22 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:45:28 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:45:30 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:45:33 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:45:39 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:45:42 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:45:45 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:45:52 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:45:58 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:46:00 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:46:06 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:46:10 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:46:13 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:46:19 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 17:46:37 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:46:40 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:46:46 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:47:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:47:12 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:47:18 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:47:47 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:47:49 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:47:55 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:48:24 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:48:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:48:33 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:50:01 -0500 LMK L.M.King MESSAGE Executing scheduled update: Daily
2012/04/16 17:50:33 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:50:36 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:50:42 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:51:06 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:51:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:51:15 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:51:41 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:51:44 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:51:50 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:52:18 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:52:21 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:52:27 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:52:49 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:52:52 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:52:59 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:53:29 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:53:32 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:53:32 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:53:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:53:38 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 17:53:41 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:59:06 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:59:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:59:15 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:59:42 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:59:45 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 17:59:51 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:00:43 -0500 LMK L.M.King IP-BLOCK 89.28.4.121 (Type: outgoing)
2012/04/16 18:00:46 -0500 LMK L.M.King IP-BLOCK 89.28.4.121 (Type: outgoing)
2012/04/16 18:00:52 -0500 LMK L.M.King IP-BLOCK 89.28.4.121 (Type: outgoing)
2012/04/16 18:00:59 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:01:02 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:01:08 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:01:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:01:29 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:01:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:01:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:01:38 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:01:44 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:02:06 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:02:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:02:15 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:02:16 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:02:19 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:02:25 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:02:39 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:02:42 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:02:48 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:02:55 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:02:58 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:03:04 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:03:15 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:03:18 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:03:24 -0500 LMK L.M.King IP-BLOCK 83.133.124.190 (Type: outgoing)
2012/04/16 18:03:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:03:29 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:03:30 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:03:33 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:03:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:03:39 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:03:54 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:03:57 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:04:03 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:09:41 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:09:44 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:09:50 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:14:17 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:14:20 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:14:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:15:28 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:15:31 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:15:37 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:19:24 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:19:27 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:19:33 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:20:21 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:20:24 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:20:30 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:21:36 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:21:39 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:21:45 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:25:20 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:25:23 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:25:29 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:25:32 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:25:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:25:41 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:26:31 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:26:34 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:26:40 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:27:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:27:12 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:27:18 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:27:43 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:27:46 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:27:52 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:28:22 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:28:25 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:28:31 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:28:55 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:28:58 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:29:04 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:29:26 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:29:29 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:29:35 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:29:54 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:29:57 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:30:03 -0500 LMK L.M.King IP-BLOCK 83.133.124.95 (Type: outgoing)
2012/04/16 18:30:31 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:30:34 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:30:40 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:31:14 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:31:17 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:31:23 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:31:49 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:31:52 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:31:58 -0500 LMK L.M.King IP-BLOCK 91.212.226.123 (Type: outgoing)
2012/04/16 18:33:00 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:33:03 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:33:09 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:35:22 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:35:25 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:35:32 -0500 LMK L.M.King IP-BLOCK 83.133.124.191 (Type: outgoing)
2012/04/16 18:37:53 -0500 LMK L.M.King ERROR Scheduled update failed: Incomplete transfer failed with error code 10054
2012/04/16 18:39:32 -0500 LMK L.M.King MESSAGE Starting protection
2012/04/16 18:39:41 -0500 LMK L.M.King MESSAGE Protection started successfully
2012/04/16 18:39:44 -0500 LMK L.M.King MESSAGE Starting IP protection
2012/04/16 18:39:49 -0500 LMK L.M.King MESSAGE IP Protection started successfully
2012/04/16 20:26:17 -0500 LMK L.M.King MESSAGE Starting protection
2012/04/16 20:26:30 -0500 LMK L.M.King MESSAGE Protection started successfully
2012/04/16 20:26:33 -0500 LMK L.M.King MESSAGE Starting IP protection
2012/04/16 20:26:37 -0500 LMK L.M.King MESSAGE IP Protection started successfully
2012/04/16 22:35:53 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\PDExchange.dll RootKit.0Access.H QUARANTINE
2012/04/16 22:35:53 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\PDExchange.dll RootKit.0Access.H DENY
2012/04/16 22:54:37 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\ATKFUSService.dll RootKit.0Access.H QUARANTINE
2012/04/16 22:54:37 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\ATKFUSService.dll RootKit.0Access.H DENY
2012/04/16 23:09:35 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\se2Eunic.dll RootKit.0Access.H QUARANTINE
2012/04/16 23:09:35 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\se2Eunic.dll RootKit.0Access.H DENY
2012/04/16 23:25:47 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\iPassP.dll RootKit.0Access.H QUARANTINE
2012/04/16 23:25:47 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\iPassP.dll RootKit.0Access.H DENY
2012/04/16 23:42:36 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\kl1.dll RootKit.0Access.H QUARANTINE
2012/04/16 23:42:36 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\kl1.dll RootKit.0Access.H DENY
2012/04/16 23:58:35 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\ksecdd.dll RootKit.0Access.H QUARANTINE
2012/04/16 23:58:35 -0500 LMK L.M.King DETECTION C:\WINDOWS\system32\ksecdd.dll RootKit.0Access.H DENY

-----------------------------------

next, today



2012/04/17 06:40:02 -0500 LMK L.M.King MESSAGE Executing scheduled update: Daily
2012/04/17 06:40:03 -0500 LMK L.M.King ERROR Scheduled update failed: Host not found failed with error code 0
2012/04/17 06:40:34 -0500 LMK L.M.King MESSAGE Starting protection
2012/04/17 06:40:47 -0500 LMK L.M.King MESSAGE Protection started successfully
2012/04/17 06:40:50 -0500 LMK L.M.King MESSAGE Starting IP protection
2012/04/17 06:40:53 -0500 LMK L.M.King MESSAGE IP Protection started successfully
------------------------


Thank you for your help and I'll be more patient and wait for your instuctions.

Matt

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:45 AM

Posted 18 April 2012 - 01:20 AM

Hi Matt!

Thank you for clearing that up about the mbam. I'm having trouble updating mbam, it's say it's out of date by 12 days and won't stay connected or it's a connection issue...
Program_Error_Updating (0,0,Incomplete Transfer)....what ever that means...I keep trying to update tho.

Lets hold up on doing anything with this for right now.

Thank you for your help and I'll be more patient and wait for your instuctions.

Not a problem! If you could hold off on running anymore scans on your own, it'd be appreciated.

One of the main reasons I ask this is so that I know what changes are being made to your computer, and so that I can see these changes being made in the logs I ask you to produce.

Can you try and see if you're now able to download OTL to your Desktop?

You can use one of links below to download it to your computer:

Note: Please right click on one of the two links below and select Save as (may also be worded as: Save Target As or Save Link as) be sure to save it to your Desktop.

HERE or HERE

If you're able to download it to your computer, please run the custom scan below:

  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized


If you're still not able to download/run OTL, let me know. In the meantime, I'm going to work on alternative instructions, for you in the event you still can't get OTL to download/run.

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 stratol

stratol
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 18 April 2012 - 09:41 AM

Mornin ST
It worked...I think


1st..........




OTL logfile created on: 4/18/2012 9:19:55 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\L.M.King\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 377.47 Mb Available Physical Memory | 37.26% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 173.08 Gb Free Space | 75.43% Space Free | Partition Type: NTFS

Computer Name: LMK | User Name: L.M.King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/18 09:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L.M.King\Desktop\OTL.scr
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 14:07:42 | 001,158,248 | ---- | M] (AT&T Yahoo!) -- C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
PRC - [2007/02/08 17:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2006/07/21 17:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2006/03/03 14:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/14 10:03:20 | 000,038,400 | ---- | M] () -- C:\WINDOWS\system32\usbniw32.dll
MOD - [2012/01/31 21:08:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2a9813c8\mscorlib.dll
MOD - [2012/01/31 21:07:54 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cb311716\system.xml.dll
MOD - [2012/01/31 19:46:46 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3d2a78d6\system.dll
MOD - [2012/01/31 19:46:37 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 17:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/11 14:02:40 | 000,057,344 | ---- | M] () -- C:\Program Files\SBC Yahoo!\Connection Manager\SBCHook.dll
MOD - [2007/05/11 14:01:24 | 000,057,344 | ---- | M] () -- C:\Program Files\SBC Yahoo!\Connection Manager\english.dll
MOD - [2006/11/22 09:05:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
MOD - [2006/11/22 08:51:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2006/11/22 08:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/02/23 17:13:02 | 000,038,912 | ---- | M] () -- C:\Program Files\Yahoo!\browser\YCommonPS.dll
MOD - [2004/08/10 14:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spbbcsvc.dll -- (zunenetworksvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsdatant.dll -- (zpjobq)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oraclewebassistant.dll -- (zebrsce)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsmon.dll -- (Wpsnuio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acnusvc.dll -- (WNCPKT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750mgmt.dll -- (WmFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nbf.dll -- (websenseusagemonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cobbmservice.dll -- (websensecpmcommunicationagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NIPALK.dll -- (wandrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctxcpuusync.dll -- (W700mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tnbrlds.dll -- (VSP1284D)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll -- (vpn5000service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117bus.dll -- (vpcbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aec.dll -- (vncmirror)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (vaiomediaplatform-videoserver-appserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vwlogger.dll -- (vaiomediaplatform-mobile-gateway)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bcserver.dll -- (UVCFTR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxliveshare.dll -- (usnjsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tnidriver.dll -- (useraccess7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PD0620VID.dll -- (usbvideo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IFPUSB.dll -- (usbohci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASFWHide.dll -- (Uim_IM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epstnt01.dll -- (U81xobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRENDIS5.dll -- (U81xbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smwdm.dll -- (TPwSav)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HpqRemHid.dll -- (tos_sps32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (tnbrlds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\redbook.dll -- (tmesrv3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mxnic.dll -- (TMBMServer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mup.dll -- (TIEHDUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviaspi.dll -- (TBPanel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swenum.dll -- (taphss)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KMWDFilter.dll -- (symfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rksample.dll -- (sweepsrv.sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cusb.dll -- (SSHDRV61)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EPSON_EB_RPCV4_01.dll -- (SrvcEKIOMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mmc_2K.dll -- (sqlagent$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JiaoIO.dll -- (spcsutilityservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\jaguar.dll -- (sp_clamsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tm_cfw.dll -- (smartscaps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsunidrv.dll -- (slip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCHALA.dll -- (SiSGbeXP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zendcoreapache.dll -- (SI3112)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RT25USBAP.dll -- (sfng32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uploadmgr.dll -- (servidor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iksysflt.dll -- (se45mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvlddmkm.dll -- (se44mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwlnkfwd.dll -- (SE2Emgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\teefer.dll -- (se2Dunic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (SE2Cmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\protexislicensing.dll -- (SE27mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EMCFILT.dll -- (SE27mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvdcodec.dll -- (SDdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpipBM.dll -- (s616mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FET5X86V.dll -- (s3savagenb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RSAFAL.dll -- (s217unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_ip_f.dll -- (s116nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s7oppitx.dll -- (rvsinst)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll -- (rtl8023)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mxserver.dll -- (roxmediadb9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NuidFltr.dll -- (rnadiagreceiver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snapman.dll -- (qkbfiltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (qhwscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pid_0928.dll -- (qcmerced)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaopiom.dll -- (Ptserlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp4.dll -- (pserve)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avcgbfl.dll -- (prohlp02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccflic0.dll -- (PQNTDrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200obex.dll -- (pptchpad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rnadirectory.dll -- (PolarUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atierecord.dll -- (PGPwded)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wstcodec.dll -- (PGPdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (pgfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aic78xx.dll -- (pdiddcci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ndisipo.dll -- (pdfcreatormessages)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PDExchange.dll -- (pcx1nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symdns.dll -- (pctoolsfirewallplus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ktp.dll -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AmdIde.dll -- (padfsvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59obex.dll -- (omniusbl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TPwSav.dll -- (ohci1394)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sndsrvc.dll -- (NWUSBPort)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ss_bus.dll -- (NWSIPX32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ati2mpaa.dll -- (nwrdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dbus.dll -- (NVNET)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SSFS0BB9.dll -- (nvedavt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMNDIS5.dll -- (nsausvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Bnd5.dll -- (nmraapache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$MICROSOFTBCM.dll -- (nisvcloc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zfdwm.dll -- (nipxirmu)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvusbsta.dll -- (NetTcpActivator)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\usbnaw32.dll -- (NEC Usb3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\olregcap.dll -- (MxlW2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btaudio.dll -- (mwsejcap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kl1.dll -- (MTDVC2_ENUM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ossrv.dll -- (MSTAPE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agentsrv.dll -- (mssql$soshome22)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Airgo.dll -- (mssql$microsoftbcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ONSIO.dll -- (MSIRCOMM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwrdr.dll -- (mrpostman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xfilt.dll -- (mqdmmdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ErrDev.dll -- (mpservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FontCache3.0.0.0..dll -- (mksupdateint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmindexingservice.dll -- (milshieldcleaner)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Defrag32.dll -- (matlabserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxdmCATSCustConnectService.dll -- (lxrsii1s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GTSCSER.dll -- (lxbx_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slimsvc.dll -- (lxbt_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ncrc710.dll -- (logmein)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSW_USB.dll -- (kpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTLE8023xp.dll -- (k750mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxmediadb9.dll -- (k750mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uphclean.dll -- (ISAMSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vc8secs.dll -- (ipassconnectengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217mdm.dll -- (infrastructure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\richvideo.dll -- (iksysflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caili.dll -- (ibmasrex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032C.dll -- (iaimtv1)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\googledesktopmanager.dll -- (hdthermal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\plsremotesvc.dll -- (gv3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssscsisv.dll -- (FlexBios)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fgdxbus.dll -- (fax)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MtxDma0.dll -- (F700ius)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regdefend.dll -- (F700iob)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sdcoreservice.dll -- (Exportit)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gdihook5.dll -- (EU3_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FGDSCSI.dll -- (Epiusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wencrservice.dll -- (Epfwndis)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDPSp50.dll -- (emitray)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DLARTL_M.dll -- (elockservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200bus.dll -- (DXEC02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\alerter.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\inetaccs.dll -- (driverhardwarev2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\soma.dll -- (dlcq_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATKFUSService.dll -- (dlbu_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swupdtmr.dll -- (dcevt32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btwavdt.dll -- (dashsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dnwhodisp.dll -- (CYGF32X)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wacomkey.dll -- (ctmmfilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p1110vid.dll -- (CTAUDFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spmgr.dll -- (cportclm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ksecdd.dll -- (CoolerXPDriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aspnet_state.dll -- (CnxTrLan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LHidUsbK.dll -- (cmdmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\STEC3.dll -- (cidaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE26mgmt.dll -- (CdaD10BA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psasrv.dll -- (CamAv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USB28xxBGA.dll -- (btnhnd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ageresoftmodem.dll -- (BrPar)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (BlueSoleilCS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nic1394.dll -- (bcm43xx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DgiVecp.dll -- (bc_prt_f)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Amsmpu4p.dll -- (AX88772)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Eunic.dll -- (avgarcln)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GameConsoleService.dll -- (avcgbdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525mgmt.dll -- (ATSWPDRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRV6X32P.dll -- (atkdisplf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDISB.dll -- (atierecord)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\3comtftp.dll -- (aswtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eelogsvc.dll -- (asusgsb)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNIPROT5.dll -- (apphostsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asc3550.dll -- (amoagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcwPVRP2.dll -- (AlKernel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mdfl.dll -- (aksfridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassP.dll -- (adpu320)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\parallel.dll -- (admjoy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hnmsvc.dll -- (acsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epiusb.dll -- (aclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTL8023xp.dll -- (61883)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/02/08 17:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxczcoms.exe -- (lxcz_device)
SRV - [2003/05/19 17:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2001/08/17 14:55:58 | 000,096,128 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ati.dll -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE23DAB6-5172-47EC-BD5A-3D416760C55C}\MpKsl450f737f.sys -- (MpKsl450f737f)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/17 22:28:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/01/26 15:53:58 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/07/16 20:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\SearchScopes,DefaultScope = {F52197B7-2BD9-4681-9F10-FF99D95180DC}
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=mKuxJt1dJqBX4jJbRtSkZMtOZnA?q={searchTerms}
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\SearchScopes\{F52197B7-2BD9-4681-9F10-FF99D95180DC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found


[2010/08/09 02:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\L.M.King\Application Data\Mozilla\Extensions
[2010/08/09 02:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\L.M.King\Application Data\Mozilla\Extensions\mozswing@mozswing.org

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..\Toolbar\WebBrowser: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AT&T Yahoo! Dial Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe (AT&T Yahoo!)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data]
O7 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O15 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1148618105-1784962913-1217530912-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241718275406 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{160585D7-FA6E-44EC-83B3-8493DCE4E1DF}: NameServer = 209.244.0.3 209.244.0.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O20 - Winlogon\Notify\usbniw32: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\L.M.King\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\L.M.King\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {34C70B70-8FFF-4179-A2EB-0819FFA38126} - Reg Error: Value error.
ActiveX: {362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4a01a151-e350-4839-a2b8-03dc39d6c8e5} - Reg Error: Value error.
ActiveX: {4DAEE2D4-A471-42AC-97A2-4C2A79C77648} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D} - Reg Error: Value error.
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE734E0A-D6D3-4A92-AF9F-499BE87A025C} - Reg Error: Value error.
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F53CE5EC-1CD8-41EB-A220-F8EA247E3A06} - Reg Error: Value error.
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: ofcpfwsvc - File not found
NetSvcs: SaiNtSub - File not found
NetSvcs: acedrv05 - File not found
NetSvcs: {6080a529-897e-4629-a488-aba0c29b635e} - File not found
NetSvcs: MagicTune - File not found
NetSvcs: PGPwded - %systemroot%\system32\atierecord.dll File not found
NetSvcs: zpjobq - %systemroot%\system32\vsdatant.dll File not found
NetSvcs: tos_sps32 - %systemroot%\system32\HpqRemHid.dll File not found
NetSvcs: CYGF32X - %systemroot%\system32\dnwhodisp.dll File not found
NetSvcs: WmFilter - %systemroot%\system32\k750mgmt.dll File not found
NetSvcs: ibmasrex - %systemroot%\system32\caili.dll File not found
NetSvcs: 61883 - %systemroot%\system32\RTL8023xp.dll File not found
NetSvcs: iaimtv1 - %systemroot%\system32\MA8032C.dll File not found
NetSvcs: usbvideo - %systemroot%\system32\PD0620VID.dll File not found
NetSvcs: PGPdisk - %systemroot%\system32\wstcodec.dll File not found
NetSvcs: symfw - %systemroot%\system32\KMWDFilter.dll File not found
NetSvcs: mpservice - %systemroot%\system32\ErrDev.dll File not found
NetSvcs: TIEHDUSB - %systemroot%\system32\mup.dll File not found
NetSvcs: s616mdm - %systemroot%\system32\tcpipBM.dll File not found
NetSvcs: infrastructure - %systemroot%\system32\s217mdm.dll File not found
NetSvcs: aswtdi - %systemroot%\system32\3comtftp.dll File not found
NetSvcs: WNCPKT - %systemroot%\system32\acnusvc.dll File not found
NetSvcs: vpn5000service - %systemroot%\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll File not found
NetSvcs: NetTcpActivator - %systemroot%\system32\lvusbsta.dll File not found
NetSvcs: CTAUDFX.DLL - %systemroot%\system32\p1110vid.dll File not found
NetSvcs: cportclm - %systemroot%\system32\spmgr.dll File not found
NetSvcs: prohlp02 - %systemroot%\system32\avcgbfl.dll File not found
NetSvcs: logmein - %systemroot%\system32\Ncrc710.dll File not found
NetSvcs: pgfilter - %systemroot%\system32\CdaC15BA.dll File not found
NetSvcs: dlcq_device - %systemroot%\system32\soma.dll File not found
NetSvcs: mdc8021x - File not found
NetSvcs: VC4CB104 - File not found
NetSvcs: compaq_rba - File not found
NetSvcs: dlpwd - File not found
NetSvcs: MXOFX - File not found
NetSvcs: plsremotesvc - File not found
NetSvcs: qbreminderflash - File not found
NetSvcs: rt2500 - File not found
NetSvcs: flashcomadmin - File not found
NetSvcs: VrAcFil - File not found
NetSvcs: pnkbstra - File not found
NetSvcs: U81xobex - %systemroot%\system32\epstnt01.dll File not found
NetSvcs: StkASSrv - C:\WINDOWS\system32\ati.dll (Microsoft Corporation)
NetSvcs: atkdisplf - %systemroot%\system32\MRV6X32P.dll File not found
NetSvcs: ISAMSvc - %systemroot%\system32\uphclean.dll File not found
NetSvcs: AX88772 - %systemroot%\system32\Amsmpu4p.dll File not found
NetSvcs: SrvcEKIOMngr - %systemroot%\system32\EPSON_EB_RPCV4_01.dll File not found
NetSvcs: s3savagenb - %systemroot%\system32\FET5X86V.dll File not found
NetSvcs: dashsvc - %systemroot%\system32\btwavdt.dll File not found
NetSvcs: dcevt32 - %systemroot%\system32\swupdtmr.dll File not found
NetSvcs: nipxirmu - %systemroot%\system32\zfdwm.dll File not found
NetSvcs: ohci1394 - %systemroot%\system32\TPwSav.dll File not found
NetSvcs: ATSWPDRV - %systemroot%\system32\z525mgmt.dll File not found
NetSvcs: iksysflt - %systemroot%\system32\richvideo.dll File not found
NetSvcs: pdfcreatormessages - %systemroot%\system32\Ndisipo.dll File not found
NetSvcs: pavatscheduler - %systemroot%\system32\Ktp.dll File not found
NetSvcs: slip - %systemroot%\system32\dsunidrv.dll File not found
NetSvcs: amoagent - %systemroot%\system32\asc3550.dll File not found
NetSvcs: fax - %systemroot%\system32\fgdxbus.dll File not found
NetSvcs: Uim_IM - %systemroot%\system32\ASFWHide.dll File not found
NetSvcs: Epfwndis - %systemroot%\system32\wencrservice.dll File not found
NetSvcs: sfng32 - %systemroot%\system32\RT25USBAP.dll File not found
NetSvcs: gv3 - %systemroot%\system32\plsremotesvc.dll File not found
NetSvcs: se44mdm - %systemroot%\system32\nvlddmkm.dll File not found
NetSvcs: lxbx_device - %systemroot%\system32\GTSCSER.dll File not found
NetSvcs: NVNET - %systemroot%\system32\SE2Dbus.dll File not found
NetSvcs: usbohci - %systemroot%\system32\IFPUSB.dll File not found
NetSvcs: Epiusb - %systemroot%\system32\FGDSCSI.dll File not found
NetSvcs: mrpostman - %systemroot%\system32\nwrdr.dll File not found
NetSvcs: hdthermal - %systemroot%\system32\googledesktopmanager.dll File not found
NetSvcs: nmraapache - %systemroot%\system32\se2Bnd5.dll File not found
NetSvcs: MSIRCOMM - %systemroot%\system32\ONSIO.dll File not found
NetSvcs: MSTAPE - %systemroot%\system32\ossrv.dll File not found
NetSvcs: acsvc - %systemroot%\system32\hnmsvc.dll File not found
NetSvcs: FlexBios - %systemroot%\system32\ssscsisv.dll File not found
NetSvcs: elockservice - %systemroot%\system32\DLARTL_M.dll File not found
NetSvcs: dlbu_device - %systemroot%\system32\ATKFUSService.dll File not found
NetSvcs: adpu320 - %systemroot%\system32\iPassP.dll File not found
NetSvcs: CoolerXPDriver - %systemroot%\system32\ksecdd.dll File not found
NetSvcs: Exportit - %systemroot%\system32\sdcoreservice.dll File not found
NetSvcs: cidaemon - %systemroot%\system32\STEC3.dll File not found
NetSvcs: se45mdm - %systemroot%\system32\iksysflt.dll File not found
NetSvcs: omniusbl - %systemroot%\system32\se59obex.dll File not found
NetSvcs: websensecpmcommunicationagent - %systemroot%\system32\cobbmservice.dll File not found
NetSvcs: lxbt_device - %systemroot%\system32\slimsvc.dll File not found
NetSvcs: rnadiagreceiver - %systemroot%\system32\NuidFltr.dll File not found
NetSvcs: DXEC02 - %systemroot%\system32\w200bus.dll File not found
NetSvcs: bcm43xx - %systemroot%\system32\nic1394.dll File not found
NetSvcs: ipassconnectengine - %systemroot%\system32\vc8secs.dll File not found
NetSvcs: bc_prt_f - %systemroot%\system32\DgiVecp.dll File not found
NetSvcs: milshieldcleaner - %systemroot%\system32\nmindexingservice.dll File not found
NetSvcs: DSI_SiUSBXp_3_1 - %systemroot%\system32\alerter.dll File not found
NetSvcs: qcmerced - %systemroot%\system32\pid_0928.dll File not found
NetSvcs: SE27mgmt - %systemroot%\system32\protexislicensing.dll File not found
NetSvcs: vncmirror - %systemroot%\system32\aec.dll File not found
NetSvcs: aksfridge - %systemroot%\system32\s125mdfl.dll File not found
NetSvcs: mssql$microsoftbcm - %systemroot%\system32\Airgo.dll File not found
NetSvcs: NWUSBPort - %systemroot%\system32\sndsrvc.dll File not found
NetSvcs: SSHDRV61 - %systemroot%\system32\bt3cusb.dll File not found
NetSvcs: SE27mdm - %systemroot%\system32\EMCFILT.dll File not found
NetSvcs: VSP1284D - %systemroot%\system32\tnbrlds.dll File not found
NetSvcs: zebrsce - %systemroot%\system32\oraclewebassistant.dll File not found
NetSvcs: TBPanel - %systemroot%\system32\iviaspi.dll File not found
NetSvcs: tnbrlds - %systemroot%\system32\addfiltr.dll File not found
NetSvcs: SE2Emgmt - %systemroot%\system32\nwlnkfwd.dll File not found
NetSvcs: NWSIPX32 - %systemroot%\system32\ss_bus.dll File not found
NetSvcs: mqdmmdm - %systemroot%\system32\xfilt.dll File not found
NetSvcs: BlueSoleilCS - %systemroot%\system32\cdvp.dll File not found
NetSvcs: qkbfiltr - %systemroot%\system32\snapman.dll File not found
NetSvcs: wandrv - %systemroot%\system32\NIPALK.dll File not found
NetSvcs: sqlagent$sony_mediamgr - %systemroot%\system32\mmc_2K.dll File not found
NetSvcs: asusgsb - %systemroot%\system32\eelogsvc.dll File not found
NetSvcs: sp_clamsrv - %systemroot%\system32\jaguar.dll File not found
NetSvcs: TPwSav - %systemroot%\system32\smwdm.dll File not found
NetSvcs: atierecord - %systemroot%\system32\FETNDISB.dll File not found
NetSvcs: SDdriver - %systemroot%\system32\mvdcodec.dll File not found
NetSvcs: taphss - %systemroot%\system32\swenum.dll File not found
NetSvcs: aclient - %systemroot%\system32\Epiusb.dll File not found
NetSvcs: PQNTDrv - %systemroot%\system32\ccflic0.dll File not found
NetSvcs: SE2Cmgmt - %systemroot%\system32\pchost.dll File not found
NetSvcs: websenseusagemonitor - %systemroot%\system32\nbf.dll File not found
NetSvcs: avcgbdr - %systemroot%\system32\GameConsoleService.dll File not found
NetSvcs: pptchpad - %systemroot%\system32\w200obex.dll File not found
NetSvcs: MTDVC2_ENUM - %systemroot%\system32\kl1.dll File not found
NetSvcs: avgarcln - %systemroot%\system32\se2Eunic.dll File not found
NetSvcs: pcx1nd5 - %systemroot%\system32\PDExchange.dll File not found
NetSvcs: nsausvc - %systemroot%\system32\SMNDIS5.dll File not found
NetSvcs: pdiddcci - %systemroot%\system32\aic78xx.dll File not found
NetSvcs: s217unic - %systemroot%\system32\RSAFAL.dll File not found
NetSvcs: cmdmon - %systemroot%\system32\LHidUsbK.dll File not found
NetSvcs: vaiomediaplatform-mobile-gateway - %systemroot%\system32\vwlogger.dll File not found
NetSvcs: pserve - %systemroot%\system32\iaimfp4.dll File not found
NetSvcs: CdaD10BA - %systemroot%\system32\SE26mgmt.dll File not found
NetSvcs: s116nd5 - %systemroot%\system32\bc_ip_f.dll File not found
NetSvcs: qhwscsvc - %systemroot%\system32\qmofiltr.dll File not found
NetSvcs: EU3_USB - %systemroot%\system32\gdihook5.dll File not found
NetSvcs: nvedavt - %systemroot%\system32\SSFS0BB9.dll File not found
NetSvcs: SiSGbeXP - %systemroot%\system32\CAMCHALA.dll File not found
NetSvcs: apphostsvc - %systemroot%\system32\WNIPROT5.dll File not found
NetSvcs: kpfwsvc - %systemroot%\system32\MSW_USB.dll File not found
NetSvcs: se2Dunic - %systemroot%\system32\teefer.dll File not found
NetSvcs: spcsutilityservice - %systemroot%\system32\JiaoIO.dll File not found
NetSvcs: rvsinst - %systemroot%\system32\s7oppitx.dll File not found
NetSvcs: zunenetworksvc - %systemroot%\system32\spbbcsvc.dll File not found
NetSvcs: useraccess7 - %systemroot%\system32\tnidriver.dll File not found
NetSvcs: CnxTrLan - %systemroot%\system32\aspnet_state.dll File not found
NetSvcs: k750mgmt - %systemroot%\system32\RTLE8023xp.dll File not found
NetSvcs: smartscaps - %systemroot%\system32\tm_cfw.dll File not found
NetSvcs: ctmmfilt - %systemroot%\system32\wacomkey.dll File not found
NetSvcs: vaiomediaplatform-videoserver-appserver - %systemroot%\system32\OVT511Plus.dll File not found
NetSvcs: nisvcloc - %systemroot%\system32\SQLAgent$MICROSOFTBCM.dll File not found
NetSvcs: Wpsnuio - %systemroot%\system32\vsmon.dll File not found
NetSvcs: btnhnd - %systemroot%\system32\USB28xxBGA.dll File not found
NetSvcs: roxmediadb9 - %systemroot%\system32\mxserver.dll File not found
NetSvcs: CamAv - %systemroot%\system32\psasrv.dll File not found
NetSvcs: servidor - %systemroot%\system32\uploadmgr.dll File not found
NetSvcs: PolarUSB - %systemroot%\system32\rnadirectory.dll File not found
NetSvcs: W700mdm - %systemroot%\system32\ctxcpuusync.dll File not found
NetSvcs: k750mdfl - %systemroot%\system32\roxmediadb9.dll File not found
NetSvcs: MxlW2k - %systemroot%\system32\olregcap.dll File not found
NetSvcs: admjoy - %systemroot%\system32\parallel.dll File not found
NetSvcs: midisyn - File not found
NetSvcs: 3comtftp - File not found
NetSvcs: remoterecord - File not found
NetSvcs: noipducservice - File not found
NetSvcs: eloggersvc6 - File not found
NetSvcs: int15.sys - File not found
NetSvcs: msi_wlan_service - File not found
NetSvcs: ec2007service - File not found
NetSvcs: webrootenterpriseupdateservice - File not found
NetSvcs: SE2Bmdfl - File not found
NetSvcs: mksupdateint - %systemroot%\system32\FontCache3.0.0.0..dll File not found
NetSvcs: vpcbus - %systemroot%\system32\s117bus.dll File not found
NetSvcs: F700iob - %systemroot%\system32\regdefend.dll File not found
NetSvcs: Ptserlp - %systemroot%\system32\dlaopiom.dll File not found
NetSvcs: tmesrv3 - %systemroot%\system32\redbook.dll File not found
NetSvcs: nwrdr - %systemroot%\system32\ati2mpaa.dll File not found
NetSvcs: TMBMServer - %systemroot%\system32\mxnic.dll File not found
NetSvcs: UVCFTR - %systemroot%\system32\bcserver.dll File not found
NetSvcs: F700ius - %systemroot%\system32\MtxDma0.dll File not found
NetSvcs: driverhardwarev2 - %systemroot%\system32\inetaccs.dll File not found
NetSvcs: SI3112 - %systemroot%\system32\zendcoreapache.dll File not found
NetSvcs: emitray - %systemroot%\system32\ZDPSp50.dll File not found
NetSvcs: mssql$soshome22 - %systemroot%\system32\agentsrv.dll File not found
NetSvcs: matlabserver - %systemroot%\system32\Defrag32.dll File not found
NetSvcs: padfsvr - %systemroot%\system32\AmdIde.dll File not found
NetSvcs: BrPar - %systemroot%\system32\ageresoftmodem.dll File not found
NetSvcs: U81xbus - %systemroot%\system32\MRENDIS5.dll File not found
NetSvcs: pctoolsfirewallplus - %systemroot%\system32\symdns.dll File not found
NetSvcs: lxrsii1s - %systemroot%\system32\lxdmCATSCustConnectService.dll File not found
NetSvcs: sweepsrv.sys - %systemroot%\system32\rksample.dll File not found
NetSvcs: usnjsvc - %systemroot%\system32\roxliveshare.dll File not found
NetSvcs: rtl8023 - %systemroot%\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll File not found
NetSvcs: AlKernel - %systemroot%\system32\hcwPVRP2.dll File not found
NetSvcs: mwsejcap - %systemroot%\system32\btaudio.dll File not found
NetSvcs: eabusb - File not found
NetSvcs: portio - File not found
NetSvcs: retrolauncher - File not found
NetSvcs: PTDCBus - File not found
NetSvcs: mpfirewl - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 09:17:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\L.M.King\Desktop\OTL.scr
[2012/04/17 22:28:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/16 22:24:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/16 13:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\L.M.King\Application Data\Malwarebytes
[2012/04/16 13:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/16 13:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/16 13:33:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/16 13:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/16 12:54:02 | 010,063,024 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\L.M.King\Desktop\mbam-setup.exe
[2012/04/15 14:01:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/15 14:01:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/15 14:01:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/15 14:01:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/15 14:01:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/15 14:01:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/15 12:17:40 | 004,463,836 | R--- | C] (Swearware) -- C:\Documents and Settings\L.M.King\Desktop\ComboFix.exe
[2012/04/13 10:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/11 17:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/09 20:23:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 09:17:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L.M.King\Desktop\OTL.scr
[2012/04/18 09:01:22 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{298DE2F9-FC33-45D2-97F8-928F6CBE3690}.job
[2012/04/18 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/18 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/18 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/04/18 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/04/18 07:52:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/18 07:47:02 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/18 07:46:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/18 07:46:52 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 22:28:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/04/17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/04/17 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/17 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/17 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/04/17 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/04/17 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/04/17 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/04/17 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/17 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/17 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/04/17 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/04/17 11:48:40 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/04/17 11:12:46 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to Graf.lnk
[2012/04/17 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/17 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/17 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/04/17 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/04/17 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/17 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/16 21:02:54 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\rkill.com
[2012/04/16 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/16 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/16 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/04/16 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/04/16 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/16 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/16 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/04/16 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/04/16 15:57:08 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to UPS.lnk
[2012/04/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/16 13:33:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/16 13:09:56 | 010,063,024 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\L.M.King\Desktop\mbam-setup.exe
[2012/04/15 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/15 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/15 14:00:47 | 004,463,836 | R--- | M] (Swearware) -- C:\Documents and Settings\L.M.King\Desktop\ComboFix.exe
[2012/04/15 10:03:23 | 000,001,043 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 23'' TC - 40 NBT.lnk
[2012/04/15 09:52:29 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 597 stuff - stocks etc.lnk
[2012/04/14 10:07:44 | 000,005,542 | ---- | M] () -- C:\Documents and Settings\L.M.King\My Documents\attach.zip
[2012/04/14 10:03:20 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/14 08:15:50 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to Blank2.lnk
[2012/04/13 11:43:59 | 000,001,073 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 TC - 52 gr Berget HP FB.lnk
[2012/04/13 10:17:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/08 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/08 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/08 00:29:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/08 00:25:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/31 18:15:55 | 000,385,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/31 18:15:55 | 000,055,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/26 10:48:51 | 000,001,053 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 TC- 52 gr Horn BTHP.lnk
[2012/03/25 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/03/25 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/03/24 20:16:55 | 000,001,033 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 bbl round count.lnk
[2012/03/24 10:23:10 | 000,001,123 | ---- | M] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 233 23'' TC - 50 gr VARMINT NIGHTMARE.lnk
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 11:12:46 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to Graf.lnk
[2012/04/16 21:01:00 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\rkill.com
[2012/04/16 15:57:08 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to UPS.lnk
[2012/04/16 13:33:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/15 14:01:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/15 14:01:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/15 14:01:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/15 14:01:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/15 14:01:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/15 10:03:23 | 000,001,043 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 23'' TC - 40 NBT.lnk
[2012/04/15 09:52:29 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 597 stuff - stocks etc.lnk
[2012/04/14 10:07:44 | 000,005,542 | ---- | C] () -- C:\Documents and Settings\L.M.King\My Documents\attach.zip
[2012/04/14 10:03:20 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/14 08:15:50 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to Blank2.lnk
[2012/04/13 11:43:59 | 000,001,073 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 TC - 52 gr Berget HP FB.lnk
[2012/04/13 10:17:48 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/09 20:27:31 | 1062,387,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/26 10:48:51 | 000,001,053 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 TC- 52 gr Horn BTHP.lnk
[2012/03/24 20:16:55 | 000,001,033 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 223 bbl round count.lnk
[2012/03/24 10:23:10 | 000,001,123 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to 233 23'' TC - 50 gr VARMINT NIGHTMARE.lnk
[2012/03/22 11:30:29 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\L.M.King\Desktop\Shortcut to Midsouth.lnk
[2012/02/15 09:37:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/15 20:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\L.M.King\Application Data\wklnhst.dat
[2010/07/22 10:43:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2010/07/22 10:43:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2010/07/22 10:40:27 | 000,000,451 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2010/07/22 10:40:06 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2010/07/22 10:40:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010/07/22 10:39:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2010/07/22 10:39:18 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2010/07/22 10:39:17 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2010/07/22 10:39:17 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2010/07/22 10:39:16 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2010/07/22 10:39:16 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2010/07/22 10:39:16 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2010/07/22 10:39:15 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2010/07/22 10:39:15 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2010/07/22 10:39:15 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2010/07/22 10:39:15 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2010/07/22 10:39:13 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2010/07/22 10:39:13 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczih.exe
[2010/07/22 10:39:11 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2010/07/22 10:39:11 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcoms.exe
[2010/07/22 10:39:11 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[2010/07/22 10:39:10 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcfg.exe
[2010/07/22 10:32:57 | 000,039,899 | R--- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2010/05/25 03:50:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[20 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/04/17 22:28:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2002/10/08 09:18:37 | 000,195,696 | ---- | M] () -- C:\psbccm.exe

< MD5 for: AFD.SYS >
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 08:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 10:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 05:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004/08/04 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\i386\afd.sys
[2004/08/04 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/10/16 09:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 08:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 05:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/06/20 06:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 05:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 08:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/14 19:41:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/14 19:41:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 03:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 22:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 22:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 22:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETBT.SYS >
[2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\i386\netbt.sys
[2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command\\: "C:\PROGRA~1\Yahoo!\browser\ybrowser.exe" [2006/08/11 20:53:02 | 000,668,184 | ---- | M] (Yahoo!, Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command\\: "C:\PROGRA~1\Yahoo!\browser\ybrowser.exe" [2006/08/11 20:53:02 | 000,668,184 | ---- | M] (Yahoo!, Inc.)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB4543$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\things beer and stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\GUNS AND STUFF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\GoogleEarth_Image 2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\FAMILY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\Dr and medicare-ssdi-ect:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\Country Junktion.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\Copy of GUNS AND STUFF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\My Documents\Comp-stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\L.M.King\Desktop\Comp-stuff:Roxio EMC Stream

< End of report >



Extras............




OTL Extras logfile created on: 4/18/2012 9:19:55 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\L.M.King\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 377.47 Mb Available Physical Memory | 37.26% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 173.08 Gb Free Space | 75.43% Space Free | Partition Type: NTFS

Computer Name: LMK | User Name: L.M.King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\YBrowser.exe %1 (Yahoo!, Inc.)
http [open] -- C:\PROGRA~1\Yahoo!\browser\YBrowser.exe %1 (Yahoo!, Inc.)
https [open] -- C:\PROGRA~1\Yahoo!\browser\YBrowser.exe %1 (Yahoo!, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
"C:\Documents and Settings\L.M.King\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\L.M.King\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Documents and Settings\L.M.King\Local Settings\Temporary Internet Files\Content.IE5\ZPA978SH\Trend Micro Internet Security\TisEzIns.exe" = C:\Documents and Settings\L.M.King\Local Settings\Temporary Internet Files\Content.IE5\ZPA978SH\Trend Micro Internet Security\TisEzIns.exe:*:Enabled:Trend Micro Internet Security
"C:\Documents and Settings\L.M.King\Local Settings\Application Data\download.exe" = C:\Documents and Settings\L.M.King\Local Settings\Application Data\download.exe:*:Enabled:File Downloader (Demo Version)
"C:\WINDOWS\system32\lxczcoms.exe" = C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:1200 Series Server -- ( )
"C:\Documents and Settings\L.M.King\My Documents\LimeWire\LimeWire.exe" = C:\Documents and Settings\L.M.King\My Documents\LimeWire\LimeWire.exe:*:Disabled:LimeWire


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1D1977A9-2FDC-4E83-BE82-3478256342D4}" = AT&T Yahoo! Dial Connection Manager
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Desktop" = Google Desktop
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Registry Easy_is1" = Registry Easy v5.6
"SearchAssist" = SearchAssist
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1148618105-1784962913-1217530912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Client" = Abacast Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2012 2:56:16 AM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/8/2012 10:16:10 AM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 3/8/2012 6:12:32 PM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/8/2012 10:07:34 PM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/11/2012 9:19:44 AM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 3/11/2012 12:48:08 PM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 3/13/2012 8:58:24 AM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/16/2012 9:38:44 AM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/18/2012 12:11:11 PM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/18/2012 6:57:38 PM | Computer Name = LMK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 4/18/2012 10:30:28 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:30:38 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:30:48 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:30:58 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:31:08 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:31:18 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:31:28 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:31:38 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:31:48 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/18/2012 10:31:58 AM | Computer Name = LMK | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126


< End of report >







Yhank you....
Matt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users