Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP...Am I Hijacked?


  • This topic is locked This topic is locked
35 replies to this topic

#1 markeeone

markeeone

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 08 February 2013 - 05:34 PM

Mod Edit: Moved from Am I Infected~~boopme

 

I seem to be running at 100% cpu lately. I run approx 7 open processes and never a problem but now I seem to be running at 100% CPU when I do certain task specially when I go on the web or request a page. Here is my hijack this log. I do not see anything but your input will be appreciated.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:37 PM, on 2/8/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


 

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\WebChronoDesktop.exe
C:\TMW\TMW32.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Mark A\Desktop\S8onPC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn15\ytbb.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143842749140
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CD372BF2-87E4-4291-9F49-E0A09A9FDF11} (RamSoft PACS PowerReader Installer 4.1) - http://213.144.119.18/powerreader4/PRInstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe


 

--
End of file - 8807 bytes


Edited by boopme, 08 February 2013 - 05:42 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:58 PM

Posted 11 February 2013 - 11:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download ComboFix from one of these locations:
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

 

  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.

 

  • Do not install any other programs until this if fixed.[/b]

 

  • Double click on ComboFix.exe & follow the prompts.

 

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 

 

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

 
 
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===
 
Third party programs if not up to date can be the cause of infiltration an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.

  •  


  • Close all open programs and internet browsers.


  • Double click on AdwCleaner.exe to run the tool.


  • Click on Delete tab follow the prompts.


  • A log file will automatically open after the scan has finished.


  • Please post the content of that log file with your next answer.


  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

 
Please post the logs and let me know if the problem persists.


#3 markeeone

markeeone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 February 2013 - 12:53 PM

As requested, here are the files. The problem persists. sad.png

 

 

 Results of screen317's Security Check version 0.99.57  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d 
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 CA Yahoo! Anti-Spy (remove only) 
 Windows Defender    
 Windows Defender Signatures   
 CCleaner     
 Java™ SE Runtime Environment 6 Update 1 
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.1.5 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Windows Defender MSMpEng.exe 
 Norton AntiVirus Engine 20.2.1.22 ccSvcHst.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 5% 
````````````````````End of Log`````````````````````` 

Attached Files


Edited by nasdaq, 11 February 2013 - 01:58 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:58 PM

Posted 11 February 2013 - 02:03 PM



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
c:\documents and settings\Mark A\WINDOWS
 
Did you lose some important files in that Windows folder?
They can be restored. Please let me know.
 
===
 
Secure your system by updating 3rd party programs.
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
You can manually check your present version and update as recommended.
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
 
Old versions....
 
 
Java 7 update 10 introduced important new security controls
You can read about it here.
 
Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===
 
Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks... 
 
 
On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.
 
You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
 
For the users of Internet Explorer download version 11.
===
 
Get the latest version of the  Adobe Reader.
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
 
When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
 
===
 
Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop. 
 
 
Quit all running programs.
 
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
 
Click Scan to scan the system. 
When the scan completes > Close out the program > Don't Fix anything!
 
Don't run any other options, they're not all bad!!!!!!!
 
Post back the report which should be located on your desktop


#5 markeeone

markeeone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 February 2013 - 05:59 PM

Thank you. No lost files. Updated Java & Flash. Here is the RK file

 

 

 
RogueKiller V8.5.0 [Feb  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mark A [Admin rights]
Mode : Scan -- Date : 02/11/2013 14:56:57
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] S8onPC.exe -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x8062FF2C -> HOOKED (Unknown @ 0x8A337BB8)
SSDT[13] : NtAlertThread @ 0x80577278 -> HOOKED (Unknown @ 0x8A047510)
SSDT[17] : NtAllocateVirtualMemory @ 0x8056926A -> HOOKED (Unknown @ 0x8A4F5E18)
SSDT[19] : NtAssignProcessToJobObject @ 0x805A12EF -> HOOKED (Unknown @ 0x8A3A0230)
SSDT[31] : NtConnectPort @ 0x8058CA79 -> HOOKED (Unknown @ 0x8A1EACA0)
SSDT[43] : NtCreateMutant @ 0x80577648 -> HOOKED (Unknown @ 0x8A276A90)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x8059E6FE -> HOOKED (Unknown @ 0x8A4DDB98)
SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0x8A3CEB80)
SSDT[57] : NtDebugActiveProcess @ 0x8065C039 -> HOOKED (Unknown @ 0x8A32FDF0)
SSDT[68] : NtDuplicateObject @ 0x80574942 -> HOOKED (Unknown @ 0x8A4DC7B0)
SSDT[83] : NtFreeVirtualMemory @ 0x80569B95 -> HOOKED (Unknown @ 0x8A3B0DC0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC17E -> HOOKED (Unknown @ 0x8A331F30)
SSDT[91] : NtImpersonateThread @ 0x80581729 -> HOOKED (Unknown @ 0x8A336AD0)
SSDT[97] : NtLoadDriver @ 0x805A2925 -> HOOKED (Unknown @ 0x8A356458)
SSDT[108] : unknown @ 0x8057CA99 -> HOOKED (Unknown @ 0x8A3EB3E8)
SSDT[114] : NtOpenEvent @ 0x80581A98 -> HOOKED (Unknown @ 0x8A3315A0)
SSDT[122] : NtOpenProcess @ 0x80574B29 -> HOOKED (Unknown @ 0x8A4E74B8)
SSDT[123] : NtOpenProcessToken @ 0x80571089 -> HOOKED (Unknown @ 0x8A35D670)
SSDT[125] : NtOpenSection @ 0x8056E4E7 -> HOOKED (Unknown @ 0x8A3307F8)
SSDT[128] : NtOpenThread @ 0x80590C64 -> HOOKED (Unknown @ 0x8A1E0B50)
SSDT[137] : NtProtectVirtualMemory @ 0x80574ED8 -> HOOKED (Unknown @ 0x8A1E9998)
SSDT[206] : NtResumeThread @ 0x80578F00 -> HOOKED (Unknown @ 0x8A0511D0)
SSDT[213] : NtSetContextThread @ 0x8062E75B -> HOOKED (Unknown @ 0x8A35BA80)
SSDT[228] : NtSetInformationProcess @ 0x80570D95 -> HOOKED (Unknown @ 0x8A4D2A80)
SSDT[240] : NtSetSystemInformation @ 0x805A6A11 -> HOOKED (Unknown @ 0x8A330350)
SSDT[253] : NtSuspendProcess @ 0x8062FE71 -> HOOKED (Unknown @ 0x8A330A10)
SSDT[254] : NtSuspendThread @ 0x805E0535 -> HOOKED (Unknown @ 0x8A338A30)
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (Unknown @ 0x8A36A320)
SSDT[258] : unknown @ 0x80577F9F -> HOOKED (Unknown @ 0x8A356CD8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C61E -> HOOKED (Unknown @ 0x8A35BB58)
SSDT[277] : NtWriteVirtualMemory @ 0x80581512 -> HOOKED (Unknown @ 0x8A416C58)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A32DD48)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A32D520)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A32D388)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A32DB18)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A1E7538)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A31BEE8)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A59EA38)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A30B588)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A3306D8)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A3AB2F0)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.123topsearch.com
127.0.0.1    123topsearch.com
127.0.0.1    www.132.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD1600JB-00REA0 +++++
--- User ---
[MBR] a748ac0a515ec429f18f5400767349d4
[BSP] 46975b2a4df604957480e957e8e7a775 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: WDC WD800JB-00ETA0 +++++
--- User ---
[MBR] 9622c39c573924f4202179a049cdf1dc
[BSP] 9d10e5a8a909807f9b30ca469d2cec42 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_02112013_02d1456.txt >>
RKreport[1]_S_02112013_02d1456.txt

Attached Files


Edited by nasdaq, 12 February 2013 - 08:52 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:58 PM

Posted 12 February 2013 - 09:02 AM

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] S8onPC.exe -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe -> KILLED [TermProc]

 

 
If I'm correct this is to Play Storm8 games on your PC!
 
Could this be the culprit?
 
It was disable by the RogueKiller tool. Any improvement when disable?
===
 
Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these item below and uncheck the rest: (if found)
 
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
Now click Delete on the right hand column under Options
 
Post back the report which should be located on your desktop.
 
Keep me posted.


#7 markeeone

markeeone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 13 February 2013 - 01:24 PM

First of all. Thank you I really appreciate your help. S8 process running prior to the issue of 100% CPU so it was not a problem before. The problem persists. Here is the report:

 

RogueKiller V8.5.0 [Feb  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/


 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mark A [Admin rights]
Mode : Scan -- Date : 02/13/2013 10:22:37
| ARK || FAK || MBR |


 

¤¤¤ Bad processes : 0 ¤¤¤


 

¤¤¤ Registry Entries : 0 ¤¤¤


 

¤¤¤ Particular Files / Folders: ¤¤¤


 

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x8062FF34 -> HOOKED (Unknown @ 0x8A3703D0)
SSDT[13] : NtAlertThread @ 0x80577278 -> HOOKED (Unknown @ 0x8A370288)
SSDT[17] : NtAllocateVirtualMemory @ 0x8056926A -> HOOKED (Unknown @ 0x8A2CD2F8)
SSDT[19] : NtAssignProcessToJobObject @ 0x805A12DE -> HOOKED (Unknown @ 0x8A36D1A8)
SSDT[31] : NtConnectPort @ 0x8058CA79 -> HOOKED (Unknown @ 0x8A3D86F8)
SSDT[43] : NtCreateMutant @ 0x80577648 -> HOOKED (Unknown @ 0x8A286CF0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x8059E6FE -> HOOKED (Unknown @ 0x8A367358)
SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0x8A58E908)
SSDT[57] : NtDebugActiveProcess @ 0x8065C0BD -> HOOKED (Unknown @ 0x8A36D1E0)
SSDT[68] : NtDuplicateObject @ 0x80574942 -> HOOKED (Unknown @ 0x8A32B830)
SSDT[83] : NtFreeVirtualMemory @ 0x80569B95 -> HOOKED (Unknown @ 0x8A365278)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC16E -> HOOKED (Unknown @ 0x8A3731D8)
SSDT[91] : NtImpersonateThread @ 0x80581729 -> HOOKED (Unknown @ 0x8A375200)
SSDT[97] : NtLoadDriver @ 0x805A2915 -> HOOKED (Unknown @ 0x8A444488)
SSDT[108] : unknown @ 0x8057CA99 -> HOOKED (Unknown @ 0x8A58D138)
SSDT[114] : NtOpenEvent @ 0x80581A98 -> HOOKED (Unknown @ 0x8A35E008)
SSDT[122] : NtOpenProcess @ 0x80574B29 -> HOOKED (Unknown @ 0x8A315828)
SSDT[123] : NtOpenProcessToken @ 0x80571089 -> HOOKED (Unknown @ 0x8A33D6D0)
SSDT[125] : NtOpenSection @ 0x8056E4E7 -> HOOKED (Unknown @ 0x8A366250)
SSDT[128] : NtOpenThread @ 0x80590C64 -> HOOKED (Unknown @ 0x8A2A8CF0)
SSDT[137] : NtProtectVirtualMemory @ 0x80574ED8 -> HOOKED (Unknown @ 0x8A3620C8)
SSDT[206] : NtResumeThread @ 0x80578F00 -> HOOKED (Unknown @ 0x8A27D1E0)
SSDT[213] : NtSetContextThread @ 0x8062E763 -> HOOKED (Unknown @ 0x8A3376E8)
SSDT[228] : NtSetInformationProcess @ 0x80570D95 -> HOOKED (Unknown @ 0x8A365378)
SSDT[240] : NtSetSystemInformation @ 0x805A6A01 -> HOOKED (Unknown @ 0x8A366218)
SSDT[253] : NtSuspendProcess @ 0x8062FE79 -> HOOKED (Unknown @ 0x8A35E048)
SSDT[254] : NtSuspendThread @ 0x805E0525 -> HOOKED (Unknown @ 0x8A2DE468)
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (Unknown @ 0x8A354720)
SSDT[258] : unknown @ 0x80577F9F -> HOOKED (Unknown @ 0x8A2DBB80)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C61E -> HOOKED (Unknown @ 0x8A32E610)
SSDT[277] : NtWriteVirtualMemory @ 0x80581512 -> HOOKED (Unknown @ 0x8A362208)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A364C70)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A3522F0)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A4F9DC8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A356690)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A353D90)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A35A438)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A350DB8)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A35C6A0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A35A218)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A3533D8)


 

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts


 

127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]


 


¤¤¤ MBR Check: ¤¤¤


 

+++++ PhysicalDrive0: WDC WD1600JB-00REA0 +++++
--- User ---
[MBR] a748ac0a515ec429f18f5400767349d4
[BSP] 46975b2a4df604957480e957e8e7a775 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!


 

+++++ PhysicalDrive1: WDC WD800JB-00ETA0 +++++
--- User ---
[MBR] 9622c39c573924f4202179a049cdf1dc
[BSP] 9d10e5a8a909807f9b30ca469d2cec42 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!


 

Finished : << RKreport[6]_S_02132013_02d1022.txt >>
RKreport[1]_S_02112013_02d1456.txt ; RKreport[2]_S_02112013_02d1708.txt ; RKreport[3]_S_02132013_02d1000.txt ; RKreport[4]_D_02132013_02d1001.txt ; RKreport[5]_D_02132013_02d1016.txt ;
RKreport[6]_S_02132013_02d1022.txt


 

 


 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:58 PM

Posted 13 February 2013 - 02:20 PM

Lets check further.
 
  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check
  • Under the Custom Scan box paste this in 
  • netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop  
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. 
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


  • #9 markeeone

    markeeone
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:58 AM

    Posted 13 February 2013 - 03:42 PM

    I was looking at host files...could that be the culprit? See OTL output below.

     

    Here is OTL.txt:

    OTL logfile created on: 2/13/2013 12:28:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Mark A\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.48% Memory free
    3.84 Gb Paging File | 3.40 Gb Available in Paging File | 88.64% Paging File free
    Paging file location(s): c:\pagefile3\Pagefile.sys 4095 4095 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 114.94 Gb Free Space | 77.12% Space Free | Partition Type: NTFS
    Drive E: | 74.52 Gb Total Space | 8.38 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
     
    Computer Name: MARK | User Name: Mark A | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Documents and Settings\Mark A\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\WebChronoDesktop.exe (Gaia Dream Creation Inc.)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\XeroxFaxPort.dll ()
    MOD - C:\WINDOWS\system32\SaXPWIA.dll ()
    MOD - C:\WINDOWS\system32\SaXPSTI.dll ()
    MOD - C:\WINDOWS\system32\SaXPIPH.dll ()
    MOD - C:\WINDOWS\system32\SaXPEH.dll ()
    MOD - C:\WINDOWS\system32\ssh1ml3.dll ()
    MOD - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\DynCore.dll ()
    MOD - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\GUIExtension.dll ()
    MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()
    MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (xlptsu) --  File not found
    DRV - (WDICA) --  File not found
    DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
    DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (cpuz132) -- C:\DOCUME~1\MARKA~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
    DRV - (Changer) --  File not found
    DRV - (catchme) -- C:\DOCUME~1\MARKA~1\LOCALS~1\Temp\catchme.sys File not found
    DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130212.023\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130212.023\NAVENG.SYS (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130212.002\IDSXpx86.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\srtsp.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symefa.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symds.sys (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symtdi.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\ironx86.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\srtspx.sys (Symantec Corporation)
    DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\ccsetx86.sys (Symantec Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
    DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\FA311XP.SYS (Netgear Inc.                                                )
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (Nbf) -- C:\WINDOWS\system32\drivers\NBF.SYS (Microsoft Corporation)
    DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {632BCE2F-8426-434C-9F9F-B948686567A1}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{632BCE2F-8426-434C-9F9F-B948686567A1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Mark A\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012/11/13 15:28:16 | 000,000,000 | ---D | M]
     
    [2010/03/02 09:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark A\Application Data\Mozilla\Extensions
    [2010/03/02 09:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark A\Application Data\Mozilla\Extensions\mozswing@mozswing.org
     
    O1 HOSTS File: ([2013/02/08 17:28:58 | 000,447,228 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 15364 more lines...
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143842749140 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4795E8EC-194D-4F64-B8C7-440BF91AFA57}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60A74113-E0BC-4933-9FC0-ACB4BF9200DB}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mark A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/03/29 10:35:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias -  File not found
    NetSvcs: Iprip -  File not found
    NetSvcs: Irmon -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: WmdmPmSp -  File not found
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/02/13 12:24:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark A\Desktop\OTL.exe
    [2013/02/13 09:30:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/02/11 14:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Desktop\RK_Quarantine
    [2013/02/11 14:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Local Settings\Application Data\Sun
    [2013/02/11 14:42:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/11 14:42:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/11 14:42:43 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/11 14:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2013/02/11 14:39:40 | 000,477,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2013/02/11 14:39:40 | 000,473,520 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/02/11 14:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2013/02/11 09:00:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/02/11 08:53:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/02/11 08:53:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/02/11 08:53:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/02/11 08:53:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/02/11 08:53:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/11 08:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/02/11 08:48:48 | 005,030,592 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark A\Desktop\ComboFix.exe
    [2013/02/08 17:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013/02/08 17:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2013/02/08 13:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Desktop\Start Menu\Programs\HiJackThis
    [2013/01/27 19:01:08 | 000,704,512 | ---- | C] (S8onPC.com) -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/02/13 12:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{135698D9-6968-4FF3-98CE-E1F9EF4CB990}.job
    [2013/02/13 12:25:53 | 000,000,833 | ---- | M] () -- C:\WINDOWS\TMW20.INI
    [2013/02/13 12:24:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark A\Desktop\OTL.exe
    [2013/02/13 11:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/13 11:36:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/13 09:30:02 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Mark A\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/02/13 07:46:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/13 03:35:34 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2013/02/13 03:32:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/13 03:31:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2013/02/13 03:31:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/13 03:31:39 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 03:09:35 | 000,739,492 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1402010.016\Cat.DB
    [2013/02/13 03:09:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 03:03:55 | 000,436,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 03:03:55 | 000,069,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/11 14:48:27 | 000,782,848 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\RogueKiller.exe
    [2013/02/11 14:42:28 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/11 14:42:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/11 14:42:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/11 14:39:23 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2013/02/11 14:39:23 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/02/11 14:39:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/02/11 09:30:00 | 000,587,659 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\adwcleaner.exe
    [2013/02/11 09:27:40 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\SecurityCheck.exe
    [2013/02/11 09:00:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/02/11 08:48:56 | 005,030,592 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark A\Desktop\ComboFix.exe
    [2013/02/08 16:40:52 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\HiJackThis.lnk
    [2013/02/08 10:08:08 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/08 10:08:08 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/07 08:39:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/01/27 19:01:08 | 000,704,512 | ---- | M] (S8onPC.com) -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe
    [2013/01/25 19:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
    [2013/01/25 13:35:58 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
    [2013/01/25 13:34:38 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1402010.016\VT20130115.021
    [2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/02/11 14:48:23 | 000,782,848 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\RogueKiller.exe
    [2013/02/11 09:29:58 | 000,587,659 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\adwcleaner.exe
    [2013/02/11 09:27:38 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\SecurityCheck.exe
    [2013/02/11 09:00:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/02/11 09:00:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/02/11 08:53:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/02/11 08:53:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/02/11 08:53:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/02/11 08:53:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/02/11 08:53:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/02/08 13:46:29 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\HiJackThis.lnk
    [2012/10/19 14:23:59 | 000,067,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/02/15 21:50:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/09 16:06:32 | 000,007,642 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\XeroxFaxOptions.xml
    [2011/12/09 16:05:56 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
    [2011/12/09 16:05:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\XeroxFaxPort.dll
    [2011/12/09 16:04:26 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
    [2011/12/09 16:00:10 | 000,110,592 | R--- | C] () -- C:\WINDOWS\Wiainst.exe
    [2011/12/09 15:58:18 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
    [2011/12/09 15:58:18 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
    [2011/12/09 15:58:18 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
    [2011/12/09 15:58:18 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
    [2011/12/09 15:58:18 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
    [2011/12/09 15:58:07 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssh1ml3.dll
    [2011/09/06 15:41:12 | 000,094,123 | ---- | C] () -- C:\WINDOWS\hppins05.dat
    [2011/09/06 15:41:12 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
    [2011/08/10 12:28:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
    [2011/05/15 14:50:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2010/12/30 12:49:36 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\default.rss
    [2010/12/30 12:49:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\downloads.m3u
    [2010/10/05 14:46:54 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009/05/29 07:32:15 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Mark A\presets.ini
    [2009/02/13 13:07:38 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\rx_audio.Cache
    [2009/02/13 13:07:38 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\rx_image.Cache
    [2009/02/13 11:55:40 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Mark A\pool.bin
    [2006/04/14 15:10:10 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== ZeroAccess Check ==========
     
    [2010/01/25 17:00:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2012/12/28 08:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2007/09/20 07:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2010/11/02 08:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/03/26 09:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2009/02/02 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2006/03/29 11:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2009/05/27 08:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
    [2009/03/16 08:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/21 08:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/08 09:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/15 08:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/11/09 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Ad-Aware Antivirus
    [2009/12/22 07:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\CheckPoint
    [2011/02/22 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Costco Photo Viewer US
    [2013/01/03 08:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Dropbox
    [2012/11/30 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\ElevatedDiagnostics
    [2007/04/17 10:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\InterTrust
    [2006/12/13 13:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Leadertech
    [2010/03/02 10:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\LimeWire
    [2009/04/23 08:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\OfficeUpdate12
    [2013/01/10 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Worksimaging
    [2011/12/09 16:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Xerox
    [2012/12/28 15:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\YouSendIt
     
    ========== Purity Check ==========
     
     
     
    ========== Custom Scans ==========
     
    < %SYSTEMDRIVE%\*.exe >
    [2010/10/29 16:10:26 | 001,552,776 | ---- | M] (Piriform Ltd) -- C:\rcsetup138.exe
     
    < %systemroot%\system32\drivers\*.sys /90 >
     
    < %systemroot%\*. /mp /s >
     
    < c:\$recycle.bin\*.* /s >
    [2006/03/29 10:33:35 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
    [2006/03/29 10:35:16 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
    [2007/05/04 12:47:32 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{135698D9-6968-4FF3-98CE-E1F9EF4CB990}.job
    [2009/09/23 08:14:14 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2010/08/11 08:50:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/11 08:50:00 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/30 07:07:53 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    [2012/11/09 15:08:31 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2012/11/30 10:14:21 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
     
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-02-13 11:15:06
     
    < MD5 for: AGP440.SYS  >
    [2006/03/31 14:32:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/09/22 08:58:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2006/03/31 14:32:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/09/22 08:58:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
     
    < MD5 for: ATAPI.SYS  >
    [2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
    [2006/03/31 14:32:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/09/22 08:58:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2006/03/31 14:32:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/09/22 08:58:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
     
    < MD5 for: AUTOCHK.EXE  >
    [2008/04/13 16:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
    [2008/04/13 16:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
    [2008/04/13 16:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
    [2004/08/03 23:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
     
    < MD5 for: BEEP.SYS  >
    [2003/03/31 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
    [2003/03/31 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
    [2003/03/31 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
     
    < MD5 for: EVENTLOG.DLL  >
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\erdnt\cache\eventlog.dll
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
     
    < MD5 for: EXPLORER.EXE  >
    [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
    [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
     
    < MD5 for: KERNEL32.DLL  >
    [2007/04/16 08:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [2006/07/05 02:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    [2012/10/02 20:57:29 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=6CBFEEB384F04681AF75F495AA48DD32 -- C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
    [2012/10/02 20:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) MD5=6FE42512AB1B89F32A7407F261B1D2D0 -- C:\WINDOWS\erdnt\cache\kernel32.dll
    [2012/10/02 20:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) MD5=6FE42512AB1B89F32A7407F261B1D2D0 -- C:\WINDOWS\system32\dllcache\kernel32.dll
    [2012/10/02 20:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) MD5=6FE42512AB1B89F32A7407F261B1D2D0 -- C:\WINDOWS\system32\kernel32.dll
    [2004/08/03 23:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
    [2007/04/16 07:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
    [2009/03/21 06:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$NtUninstallKB2758857$\kernel32.dll
    [2008/04/13 16:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
    [2008/04/13 16:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
    [2006/07/05 02:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
    [2009/03/21 05:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
     
    < MD5 for: MSWSOCK.DLL  >
    [2008/06/20 09:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
    [2008/06/20 09:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [2004/08/03 23:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
    [2008/06/20 09:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [2008/06/20 09:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
    [2008/06/20 08:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
    [2008/06/20 08:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
    [2008/06/20 08:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
    [2008/04/13 16:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
    [2008/04/13 16:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
    [2008/06/20 09:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
    [2008/06/20 09:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
     
    < MD5 for: NDIS.SYS  >
    [2008/04/13 11:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
    [2008/04/13 11:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
    [2008/04/13 11:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
    [2004/08/03 22:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
     
    < MD5 for: NETLOGON.DLL  >
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\erdnt\cache\netlogon.dll
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
     
    < MD5 for: NTFS.SYS  >
    [2007/02/09 03:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [2007/02/09 03:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
    [2008/04/13 11:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\erdnt\cache\ntfs.sys
    [2008/04/13 11:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
    [2008/04/13 11:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
    [2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
    [2004/08/03 22:15:09 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
     
    < MD5 for: NTMSSVC.DLL  >
    [2008/04/13 16:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\erdnt\cache\ntmssvc.dll
    [2008/04/13 16:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
    [2008/04/13 16:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
    [2004/08/03 23:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
     
    < MD5 for: NVATA.SYS  >
    [2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\D00447-001-001\IDE\Win2K\sata_ide\nvata.sys
    [2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\D00447-001-001\IDE\WinXP\sata_ide\nvata.sys
     
    < MD5 for: NVATABUS.SYS  >
    [2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\D00447-001-001\IDE\Win2K\sataraid\nvatabus.sys
    [2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\D00447-001-001\IDE\WinXP\sataraid\nvatabus.sys
     
    < MD5 for: PROQUOTA.EXE  >
    [2004/08/03 23:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
    [2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
    [2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe
     
    < MD5 for: QMGR.DLL  >
    [2004/08/03 23:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
    [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\erdnt\cache\qmgr.dll
    [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
    [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
    [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
    [2003/03/31 04:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll
     
    < MD5 for: SCECLI.DLL  >
    [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\erdnt\cache\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
     
    < MD5 for: SFCFILES.DLL  >
    [2004/08/03 23:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
    [2008/04/13 16:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\erdnt\cache\sfcfiles.dll
    [2008/04/13 16:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
    [2008/04/13 16:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll
     
    < MD5 for: SPOOLSV.EXE  >
    [2010/08/17 05:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
    [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\erdnt\cache\spoolsv.exe
    [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
    [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
    [2004/08/03 23:56:57 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
    [2003/03/31 04:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=9B4155BA58192D4073082B8FC5D42612 -- C:\WINDOWS\$NtUninstallKB896423_0$\spoolsv.exe
    [2005/06/10 16:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [2008/04/13 16:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
    [2008/04/13 16:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    [2005/06/10 15:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
    [2005/06/10 15:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
     
    < MD5 for: SRSVC.DLL  >
    [2008/04/13 16:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\erdnt\cache\srsvc.dll
    [2008/04/13 16:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
    [2008/04/13 16:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
    [2004/08/03 23:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
     
    < MD5 for: SVCHOST.EXE  >
    [2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
    [2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
     
    < MD5 for: TERMSRV.DLL  >
    [2004/08/03 23:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
    [2008/04/13 16:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\erdnt\cache\termsrv.dll
    [2008/04/13 16:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
    [2008/04/13 16:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll
     
    < MD5 for: USERINIT.EXE  >
    [2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
    [2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
     
    < MD5 for: XMLPROV.DLL  >
    [2008/04/13 16:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\erdnt\cache\xmlprov.dll
    [2008/04/13 16:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
    [2008/04/13 16:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
    [2004/08/03 23:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll


     

    < End of report >

     

     

    Extras.txt:

     

    OTL Extras logfile created on: 2/13/2013 12:28:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Mark A\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.48% Memory free
    3.84 Gb Paging File | 3.40 Gb Available in Paging File | 88.64% Paging File free
    Paging file location(s): c:\pagefile3\Pagefile.sys 4095 4095 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 114.94 Gb Free Space | 77.12% Space Free | Partition Type: NTFS
    Drive E: | 74.52 Gb Total Space | 8.38 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
     
    Computer Name: MARK | User Name: Mark A | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htafile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "5353:UDP" = 5353:UDP:*:Enabled:Bonjour
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Nero\Nero 9\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 9\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
    "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java™ 6 Update 39
    "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
    "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3BC341BD-3736-45F0-B0E0-5664792AC528}" = HP Care Pack Core
    "{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
    "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
    "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
    "{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5BA1655E-6CF5-47C7-95F0-311D4F676021}" =
    "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
    "{5E55F3F1-2210-4CC9-A761-9E4B818D9FA7}" = HP Care Pack Products
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
    "{6481861a-d9c9-4768-b61d-fb0857953a6c}" = Nero 9 Essentials
    "{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A760067A-C07E-1033-0000-A764AC000008}" = Avery Template
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D8D0D7C9-C4CA-4BE1-9CEC-384DCBB238DD}" = Web Chrono Desktop
    "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
    "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
    "{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
    "{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
    "CCleaner" = CCleaner
    "HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NAV" = Norton AntiVirus
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Palringo" = Palringo
    "Recuva" = Recuva
    "Revo Uninstaller" = Revo Uninstaller 1.93
    "UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WinZip Self-Extractor" = WinZip Self-Extractor
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xerox Phaser 3300MFP" = Xerox Phaser 3300MFP
    "Xerox WorkCentre Pro 665/765 software & documentation" = Xerox WorkCentre Pro 665/765 software & documentation
    "Yahoo! Central" = Yahoo! Central
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Mail Advisor" = Yahoo! Mail Advisor
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "Yahoo! Widget Engine" = Yahoo! Widgets
    "YInstHelper" = Yahoo! Install Manager
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 11/30/2012 2:27:13 PM | Computer Name = MARK | Source = VBRuntime | ID = 1
    Description = The VB Application identified by the event source logged this Application
     MSICUU: Thread ID: 1836 ,Logged:     Success:   C:\Program Files\Windows Installer Clean
     Up\msizap.exe TW! {B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
     
    Error - 11/30/2012 2:27:29 PM | Computer Name = MARK | Source = VBRuntime | ID = 1
    Description = The VB Application identified by the event source logged this Application
     MSICUU: Thread ID: 1836 ,Logged:     Success:   C:\Program Files\Windows Installer Clean
     Up\msizap.exe TW! {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
     
    Error - 11/30/2012 2:28:32 PM | Computer Name = MARK | Source = VBRuntime | ID = 1
    Description = The VB Application identified by the event source logged this Application
     MSICUU: Thread ID: 1836 ,Logged:     Failed:   C:\Program Files\Windows Installer Clean
     Up\msizap.exe TW! {14291118-0C19-45EA-A4FA-5C1C0F5FDE09}
     
    Error - 12/13/2012 3:16:28 PM | Computer Name = MARK | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
     module mshtml.dll, version 8.0.6001.19393, fault address 0x000b9f88.
     
    Error - 12/17/2012 6:21:16 PM | Computer Name = MARK | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
     and it will not be loaded. This is most likely caused by a faulty registration.
     
    Error - 12/17/2012 6:21:16 PM | Computer Name = MARK | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
     and it will not be loaded. This is most likely caused by a faulty registration.
     
    Error - 12/17/2012 6:21:16 PM | Computer Name = MARK | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
     and it will not be loaded. This is most likely caused by a faulty registration.
     
    Error - 12/17/2012 6:21:16 PM | Computer Name = MARK | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
     and it will not be loaded. This is most likely caused by a faulty registration.
     
    Error - 2/10/2013 6:26:59 AM | Computer Name = MARK | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
     P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
     
    Error - 2/11/2013 6:26:48 AM | Computer Name = MARK | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
     P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
     
    [ System Events ]
    Error - 2/13/2013 1:29:57 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
    Error - 2/13/2013 1:31:29 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
    Error - 2/13/2013 1:31:31 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
    Error - 2/13/2013 1:32:24 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
    Error - 2/13/2013 1:32:24 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
    Error - 2/13/2013 2:01:50 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
    Error - 2/13/2013 2:01:55 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
      with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
     
    < End of report >

    Error - 2/13/2013 2:46:00 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
     arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
     
    Error - 2/13/2013 4:27:15 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService
     with arguments ""  in order to run the server:  {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
     
    Error - 2/13/2013 4:27:15 PM | Computer Name = MARK | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service YahooAUService

     



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 39,223 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:01:58 PM

    Posted 14 February 2013 - 09:16 AM

     
    What can you tell me about this Mozswing extension?
    Do you need it?
    How long have you had this?
     
    [2010/03/02 09:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark A\Application Data\Mozilla\Extensions\mozswing@mozswing.org
     
    This is what I found.
    MozSwing – A smart browser built on XUL and Java Swing
    ===
     
    Your Hosts file may be damaged. It will be reset to the default value with the OTL fix below.
    ===
     
    I suggest you get this Hosts file if you want one. You can get this file after you have executed the OTL fix.
     
    Download HostsXpert
     
    Tutorial, go here:

    •  


    • Unzip HostsXpert to it's own folder.


    • Run HostsXpert.exe


    • Click: Make Writable? in the upper left corner.


    • Click: Download


    • Click: MVPs Hosts


    • Click: Replace


    • Click: OK


    • Click: Make ReadOnly


    • Close HostsXpert.

    Note: If a custom Hosts file was in place, also edit those entries back in.
    */*
    I suggest that you update the new version of the Hosts file, every 6 weeks. I Do.
     
    All you need to know about the hosts file.
    <<<>>>
     
     
    Run OTL -  Double-click OTL.exe to start it.
     

    •  


    • Under the Custom Scans/Fixes box at the bottom, paste in the following

     

    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
     
    :processes
    [RESETHOSTS]
    [CREATERESTOREPOINT]
     

    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

     
    ===
     
    If the problem persists,
     
    Download this Process Explorer tool.
    RUN IT AND TRY to find the Process / file that is draining your CPU.
    Instructions on the help file.
     
    Keep me posted.


    #11 markeeone

    markeeone
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:58 AM

    Posted 14 February 2013 - 01:07 PM

    What can you tell me about this Mozswing extension? Nothing


     

    Do you need it? Nope


     

    How long have you had this? Didnt know it was installed. Do not use it.
     
    Tried to download HostsXpert, unable to do so. Web-site says I am forbidden. Wierd???
     
    I have ran Process explorer. Other than IE & itunes normally doesn't show anything else eating up process time.
     
    Here is the OTL results:
     

    OTL logfile created on: 2/14/2013 9:45:37 AM - Run 3
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Mark A\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.01% Memory free
    3.84 Gb Paging File | 3.18 Gb Available in Paging File | 82.98% Paging File free
    Paging file location(s): c:\pagefile3\Pagefile.sys 4095 4095 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 115.24 Gb Free Space | 77.32% Space Free | Partition Type: NTFS
    Drive E: | 74.52 Gb Total Space | 8.38 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
     
    Computer Name: MARK | User Name: Mark A | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Documents and Settings\Mark A\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\WebChronoDesktop.exe (Gaia Dream Creation Inc.)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\XeroxFaxPort.dll ()
    MOD - C:\WINDOWS\system32\ssh1ml3.dll ()
    MOD - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\DynCore.dll ()
    MOD - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\GUIExtension.dll ()
    MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()
    MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (xlptsu) --  File not found
    DRV - (WDICA) --  File not found
    DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
    DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (cpuz132) -- C:\DOCUME~1\MARKA~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
    DRV - (Changer) --  File not found
    DRV - (catchme) -- C:\DOCUME~1\MARKA~1\LOCALS~1\Temp\catchme.sys File not found
    DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130214.005\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130214.005\NAVENG.SYS (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130214.001\IDSXpx86.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\srtsp.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symefa.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symds.sys (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symtdi.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\ironx86.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\srtspx.sys (Symantec Corporation)
    DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\ccsetx86.sys (Symantec Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
    DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\FA311XP.SYS (Netgear Inc.                                                )
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (Nbf) -- C:\WINDOWS\system32\drivers\NBF.SYS (Microsoft Corporation)
    DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {632BCE2F-8426-434C-9F9F-B948686567A1}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{632BCE2F-8426-434C-9F9F-B948686567A1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Mark A\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012/11/13 15:28:16 | 000,000,000 | ---D | M]
     
    [2010/03/02 09:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark A\Application Data\Mozilla\Extensions
    [2010/03/02 09:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark A\Application Data\Mozilla\Extensions\mozswing@mozswing.org
     
    O1 HOSTS File: ([2013/02/08 17:28:58 | 000,447,228 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 15364 more lines...
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143842749140 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4795E8EC-194D-4F64-B8C7-440BF91AFA57}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60A74113-E0BC-4933-9FC0-ACB4BF9200DB}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mark A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/03/29 10:35:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    [CREATERESTOREPOINT]
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/02/13 12:24:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark A\Desktop\OTL.exe
    [2013/02/13 09:30:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/02/11 14:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Desktop\RK_Quarantine
    [2013/02/11 14:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Local Settings\Application Data\Sun
    [2013/02/11 14:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2013/02/11 14:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2013/02/11 09:00:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/02/11 08:53:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/02/11 08:53:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/02/11 08:53:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/02/11 08:53:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/02/11 08:53:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/11 08:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/02/11 08:48:48 | 005,030,592 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark A\Desktop\ComboFix.exe
    [2013/02/08 17:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013/02/08 17:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2013/02/08 13:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Desktop\Start Menu\Programs\HiJackThis
    [2013/01/27 19:01:08 | 000,704,512 | ---- | C] (S8onPC.com) -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/02/14 09:48:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{135698D9-6968-4FF3-98CE-E1F9EF4CB990}.job
    [2013/02/14 09:47:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/14 09:45:33 | 000,000,833 | ---- | M] () -- C:\WINDOWS\TMW20.INI
    [2013/02/14 09:36:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/14 08:39:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/02/14 07:46:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/14 01:44:35 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2013/02/13 12:24:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark A\Desktop\OTL.exe
    [2013/02/13 09:30:02 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Mark A\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/02/13 03:32:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/13 03:31:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2013/02/13 03:31:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/13 03:31:39 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 03:09:35 | 000,739,492 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1402010.016\Cat.DB
    [2013/02/13 03:09:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 03:03:55 | 000,436,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 03:03:55 | 000,069,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/11 14:48:27 | 000,782,848 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\RogueKiller.exe
    [2013/02/11 09:30:00 | 000,587,659 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\adwcleaner.exe
    [2013/02/11 09:27:40 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\SecurityCheck.exe
    [2013/02/11 09:00:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/02/11 08:48:56 | 005,030,592 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark A\Desktop\ComboFix.exe
    [2013/02/08 16:40:52 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\HiJackThis.lnk
    [2013/01/27 19:01:08 | 000,704,512 | ---- | M] (S8onPC.com) -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe
    [2013/01/25 13:35:58 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
    [2013/01/25 13:34:38 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1402010.016\VT20130115.021
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/02/11 14:48:23 | 000,782,848 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\RogueKiller.exe
    [2013/02/11 09:29:58 | 000,587,659 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\adwcleaner.exe
    [2013/02/11 09:27:38 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\SecurityCheck.exe
    [2013/02/11 09:00:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/02/11 09:00:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/02/11 08:53:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/02/11 08:53:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/02/11 08:53:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/02/11 08:53:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/02/11 08:53:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/02/08 13:46:29 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\HiJackThis.lnk
    [2012/10/19 14:23:59 | 000,067,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/02/15 21:50:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/09 16:06:32 | 000,007,642 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\XeroxFaxOptions.xml
    [2011/12/09 16:05:56 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
    [2011/12/09 16:05:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\XeroxFaxPort.dll
    [2011/12/09 16:04:26 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
    [2011/12/09 16:00:10 | 000,110,592 | R--- | C] () -- C:\WINDOWS\Wiainst.exe
    [2011/12/09 15:58:18 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
    [2011/12/09 15:58:18 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
    [2011/12/09 15:58:18 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
    [2011/12/09 15:58:18 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
    [2011/12/09 15:58:18 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
    [2011/12/09 15:58:07 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssh1ml3.dll
    [2011/09/06 15:41:12 | 000,094,123 | ---- | C] () -- C:\WINDOWS\hppins05.dat
    [2011/09/06 15:41:12 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
    [2011/08/10 12:28:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
    [2011/05/15 14:50:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2010/12/30 12:49:36 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\default.rss
    [2010/12/30 12:49:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\downloads.m3u
    [2010/10/05 14:46:54 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009/05/29 07:32:15 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Mark A\presets.ini
    [2009/02/13 13:07:38 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\rx_audio.Cache
    [2009/02/13 13:07:38 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\rx_image.Cache
    [2009/02/13 11:55:40 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Mark A\pool.bin
    [2006/04/14 15:10:10 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== ZeroAccess Check ==========
     
    [2010/01/25 17:00:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2012/12/28 08:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2007/09/20 07:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2010/11/02 08:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/03/26 09:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2009/02/02 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2006/03/29 11:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2009/05/27 08:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
    [2009/03/16 08:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/21 08:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/08 09:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/15 08:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/11/09 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Ad-Aware Antivirus
    [2009/12/22 07:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\CheckPoint
    [2011/02/22 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Costco Photo Viewer US
    [2013/01/03 08:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Dropbox
    [2012/11/30 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\ElevatedDiagnostics
    [2007/04/17 10:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\InterTrust
    [2006/12/13 13:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Leadertech
    [2010/03/02 10:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\LimeWire
    [2009/04/23 08:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\OfficeUpdate12
    [2013/01/10 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Worksimaging
    [2011/12/09 16:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Xerox
    [2012/12/28 15:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\YouSendIt
     
    ========== Purity Check ==========
     
     
     
    ========== Custom Scans ==========
     
    < :OTL >
    [2006/03/29 10:33:35 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
    [2006/03/29 10:35:16 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
    [2007/05/04 12:47:32 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{135698D9-6968-4FF3-98CE-E1F9EF4CB990}.job
    [2009/09/23 08:14:14 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2010/08/11 08:50:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/11 08:50:00 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/30 07:07:53 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    [2012/11/09 15:08:31 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2012/11/30 10:14:21 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
     
    < O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >
     
    < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >
     
    < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. >
     
    < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. >
     
    < O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.) >
    Invalid Switch: MicrosoftDownloadManager.cab (Reg Error: Key error.)
     
    < O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) >
    Invalid Switch: jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
     
    < O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) >
    Invalid Switch: jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
     
    < O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) >
    Invalid Switch: jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
     
    < O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) >
    Invalid Switch: jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
     
    < O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object) >
    Invalid Switch: popcaploader_v6.cab (PopCapLoader Object)
     
    <   >
     
    < :processes >
     
    < [RESETHOSTS] >


    < End of report >

     



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 39,223 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:01:58 PM

    Posted 14 February 2013 - 02:18 PM

    Use this fix to reset yourHosts file back to the default.
    How To:
     
    Use the Fix it button on the page.
    ===
     
    Run OTL -  Double-click OTL.exe to start it.
     

    •  


    • Under the Custom Scans/Fixes box at the bottom, paste in the following

     

    :OTL
    [2010/03/02 09:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark A\Application Data\Mozilla\Extensions\mozswing@mozswing.org
     

    • Then click the Run Fix button at the top


    • Let the program run unhindered, reboot the PC when it is done


    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

     
    ===
     
    Try this to repair IE.
     
    From the Start menu, select Run. 
    In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow) 
    Select the OK button. 
    Follow the prompts throughout the System File Checker process. 
    Reboot the computer when System File Checker completes.
     
    Keep me posted. 


    #13 markeeone

    markeeone
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:58 AM

    Posted 14 February 2013 - 03:09 PM

    The problem persists. Seems to be just when I connect to the internet so i think IE may be the problem. Here is the OTL file:

     

    OTL logfile created on: 2/14/2013 11:55:55 AM - Run 4
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Mark A\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.83% Memory free
    3.84 Gb Paging File | 2.94 Gb Available in Paging File | 76.52% Paging File free
    Paging file location(s): c:\pagefile3\Pagefile.sys 4095 4095 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 114.72 Gb Free Space | 76.97% Space Free | Partition Type: NTFS
    Drive E: | 74.52 Gb Total Space | 8.38 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
     
    Computer Name: MARK | User Name: Mark A | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Documents and Settings\Mark A\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\Mark A\Desktop\S8onPC.exe (S8onPC.com)
    PRC - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation)
    PRC - C:\TMW\TMW32.EXE ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\msagent\agentsvr.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\WebChronoDesktop.exe (Gaia Dream Creation Inc.)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\TMW\TMW32.EXE ()
    MOD - C:\WINDOWS\system32\XeroxFaxPort.dll ()
    MOD - C:\WINDOWS\system32\SaXPWIA.dll ()
    MOD - C:\WINDOWS\system32\SaXPSTI.dll ()
    MOD - C:\WINDOWS\system32\SaXPIPH.dll ()
    MOD - C:\WINDOWS\system32\SaXPEH.dll ()
    MOD - C:\WINDOWS\system32\ssh1ml3.dll ()
    MOD - C:\Program Files\Microsoft Office\OFFICE11\BLNMGR.DLL ()
    MOD - C:\Program Files\Microsoft Office\OFFICE11\BLNMGRPS.DLL ()
    MOD - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\AssistCalendar.dll ()
    MOD - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\DynCore.dll ()
    MOD - C:\Program Files\Gaia Dream Creation\Web Chrono Desktop\GUIExtension.dll ()
    MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()
    MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
    MOD - C:\TMW\TMDATA32.DLL ()
    MOD - C:\TMW\TMLINK32.DLL ()
    MOD - C:\TMW\TMLIB32.DLL ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (xlptsu) --  File not found
    DRV - (WDICA) --  File not found
    DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
    DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (cpuz132) -- C:\DOCUME~1\MARKA~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
    DRV - (Changer) --  File not found
    DRV - (catchme) -- C:\DOCUME~1\MARKA~1\LOCALS~1\Temp\catchme.sys File not found
    DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130214.005\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130214.005\NAVENG.SYS (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130214.001\IDSXpx86.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\srtsp.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symefa.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symds.sys (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\symtdi.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\ironx86.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\srtspx.sys (Symantec Corporation)
    DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1402010.016\ccsetx86.sys (Symantec Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
    DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\FA311XP.SYS (Netgear Inc.                                                )
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (Nbf) -- C:\WINDOWS\system32\drivers\NBF.SYS (Microsoft Corporation)
    DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {632BCE2F-8426-434C-9F9F-B948686567A1}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{632BCE2F-8426-434C-9F9F-B948686567A1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Mark A\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012/11/13 15:28:16 | 000,000,000 | ---D | M]
     
    [2010/03/02 09:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark A\Application Data\Mozilla\Extensions
     
    O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143842749140 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4795E8EC-194D-4F64-B8C7-440BF91AFA57}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60A74113-E0BC-4933-9FC0-ACB4BF9200DB}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mark A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/03/29 10:35:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/02/14 11:45:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/14 11:43:24 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2013/02/14 11:43:24 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2013/02/14 11:43:08 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2013/02/14 11:43:07 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2013/02/14 11:42:40 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2013/02/14 11:42:40 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2013/02/14 11:42:32 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2013/02/14 11:42:24 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2013/02/14 11:42:12 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2013/02/14 11:42:12 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2013/02/14 11:42:11 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2013/02/14 11:42:07 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2013/02/14 11:42:06 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2013/02/14 11:42:04 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2013/02/14 11:42:03 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2013/02/14 11:41:57 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2013/02/14 11:41:54 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2013/02/14 11:41:54 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2013/02/14 11:41:53 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2013/02/14 11:41:45 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2013/02/14 11:41:40 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2013/02/14 11:41:38 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2013/02/14 11:41:37 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2013/02/14 11:41:32 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2013/02/14 11:41:32 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2013/02/14 11:41:31 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2013/02/14 11:41:31 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2013/02/14 11:41:30 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2013/02/14 11:41:30 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2013/02/14 11:41:20 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2013/02/14 11:41:17 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2013/02/14 11:41:17 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2013/02/14 11:41:15 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2013/02/14 11:41:14 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2013/02/14 11:41:13 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2013/02/14 11:41:09 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2013/02/14 11:41:08 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2013/02/14 11:40:57 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2013/02/14 11:40:56 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2013/02/14 11:40:56 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2013/02/14 11:40:55 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2013/02/14 11:40:52 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2013/02/14 11:40:44 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2013/02/14 11:40:32 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2013/02/14 11:40:30 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2013/02/14 11:40:29 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2013/02/14 11:40:29 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2013/02/14 11:40:28 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2013/02/14 11:40:13 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2013/02/14 11:40:13 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2013/02/14 11:40:12 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2013/02/14 11:40:10 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2013/02/14 11:40:00 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2013/02/14 11:39:59 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2013/02/14 11:39:58 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2013/02/14 11:39:58 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2013/02/14 11:39:49 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2013/02/14 11:39:48 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2013/02/14 11:39:47 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2013/02/14 11:39:42 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2013/02/14 11:39:42 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2013/02/14 11:39:41 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2013/02/14 11:39:41 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2013/02/14 11:39:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2013/02/14 11:39:40 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2013/02/14 11:39:39 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2013/02/14 11:39:39 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2013/02/14 11:39:38 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2013/02/14 11:39:37 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2013/02/14 11:39:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2013/02/14 11:39:34 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2013/02/14 11:39:33 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2013/02/14 11:39:29 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2013/02/14 11:39:25 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2013/02/14 11:39:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2013/02/14 11:39:23 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2013/02/14 11:39:14 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2013/02/14 11:39:13 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2013/02/14 11:39:03 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2013/02/14 11:39:03 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2013/02/14 11:39:02 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2013/02/14 11:38:57 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2013/02/14 11:38:34 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2013/02/14 11:38:31 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2013/02/14 11:38:30 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2013/02/14 11:38:29 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2013/02/14 11:38:18 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2013/02/14 11:38:18 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2013/02/14 11:38:17 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2013/02/14 11:38:17 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2013/02/14 11:38:05 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2013/02/14 11:37:59 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2013/02/14 11:37:59 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2013/02/14 11:37:55 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2013/02/14 11:37:52 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2013/02/14 11:37:51 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2013/02/14 11:37:47 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2013/02/14 11:37:46 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2013/02/14 11:37:46 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2013/02/14 11:37:45 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2013/02/14 11:37:45 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2013/02/14 11:37:44 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2013/02/14 11:37:42 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2013/02/14 11:37:41 | 000,019,968 | ---- | C] (Macronix International Co., Ltd.                                               ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2013/02/14 11:37:41 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2013/02/14 11:37:40 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2013/02/14 11:37:40 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2013/02/14 11:37:04 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2013/02/14 11:36:46 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2013/02/14 11:36:39 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2013/02/14 11:36:38 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2013/02/14 11:36:37 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2013/02/14 11:36:36 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2013/02/14 11:36:35 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2013/02/14 11:36:35 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2013/02/14 11:36:30 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2013/02/14 11:36:30 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2013/02/14 11:36:29 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2013/02/14 11:36:28 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2013/02/14 11:36:26 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2013/02/14 11:36:25 | 000,019,016 | ---- | C] (Kingston Technology Company                                                             ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2013/02/14 11:35:46 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2013/02/14 11:35:11 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2013/02/14 11:34:31 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2013/02/14 11:34:29 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2013/02/14 11:34:17 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2013/02/14 11:34:16 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2013/02/14 11:34:15 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2013/02/14 11:34:09 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2013/02/14 11:34:00 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2013/02/14 11:33:59 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2013/02/14 11:33:56 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2013/02/14 11:33:55 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2013/02/14 11:33:55 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2013/02/14 11:33:53 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2013/02/14 11:33:47 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2013/02/14 11:33:45 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2013/02/14 11:33:44 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2013/02/14 11:33:01 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2013/02/14 11:32:56 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2013/02/14 11:32:50 | 000,029,696 | ---- | C] (CNet Technology, Inc.                                                    ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2013/02/14 11:32:49 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2013/02/14 11:32:49 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2013/02/14 11:32:46 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2013/02/14 11:32:46 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2013/02/14 11:32:45 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2013/02/14 11:32:44 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2013/02/14 11:32:42 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2013/02/14 11:32:29 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2013/02/14 11:32:29 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2013/02/14 11:32:26 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2013/02/14 11:32:11 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2013/02/14 11:32:11 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2013/02/14 11:32:10 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2013/02/14 11:32:10 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2013/02/14 11:32:09 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2013/02/14 11:32:08 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2013/02/14 11:32:08 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2013/02/14 11:32:05 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2013/02/14 11:32:00 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2013/02/14 11:31:46 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2013/02/14 11:31:39 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2013/02/14 11:31:29 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2013/02/14 11:31:28 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2013/02/14 11:31:28 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2013/02/14 11:31:27 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2013/02/14 11:31:26 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2013/02/14 11:31:23 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2013/02/14 11:31:22 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2013/02/14 11:31:22 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2013/02/14 11:31:21 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2013/02/14 11:31:20 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2013/02/14 11:31:19 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2013/02/14 11:30:28 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2013/02/14 11:30:27 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2013/02/14 11:30:26 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2013/02/14 11:30:26 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2013/02/14 11:30:25 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2013/02/14 11:30:25 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2013/02/14 11:30:24 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2013/02/14 11:30:23 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2013/02/14 11:30:21 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2013/02/14 11:30:20 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2013/02/14 11:30:20 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2013/02/14 11:30:19 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2013/02/14 11:30:18 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2013/02/14 11:30:17 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2013/02/14 11:30:17 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2013/02/14 11:30:16 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2013/02/14 11:30:15 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2013/02/14 11:30:14 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2013/02/14 11:30:10 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2013/02/14 11:30:05 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2013/02/14 11:30:05 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2013/02/14 11:30:03 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2013/02/14 11:30:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2013/02/14 11:30:02 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2013/02/14 11:30:01 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2013/02/14 11:30:01 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2013/02/14 11:29:37 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2013/02/14 11:29:30 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2013/02/14 11:29:17 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2013/02/14 11:29:16 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2013/02/14 11:29:15 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2013/02/14 11:29:14 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2013/02/14 11:29:13 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2013/02/14 11:29:10 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2013/02/14 11:29:06 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2013/02/14 11:29:03 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2013/02/14 11:29:02 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2013/02/14 11:29:02 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2013/02/13 12:24:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark A\Desktop\OTL.exe
    [2013/02/13 09:30:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/02/11 14:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Desktop\RK_Quarantine
    [2013/02/11 14:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Local Settings\Application Data\Sun
    [2013/02/11 14:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2013/02/11 14:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2013/02/11 09:00:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/02/11 08:53:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/02/11 08:53:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/02/11 08:53:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/02/11 08:53:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/02/11 08:53:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/11 08:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/02/11 08:48:48 | 005,030,592 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark A\Desktop\ComboFix.exe
    [2013/02/08 17:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013/02/08 17:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2013/02/08 13:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark A\Desktop\Start Menu\Programs\HiJackThis
    [2013/01/27 19:01:08 | 000,704,512 | ---- | C] (S8onPC.com) -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/02/14 12:03:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{135698D9-6968-4FF3-98CE-E1F9EF4CB990}.job
    [2013/02/14 11:52:55 | 000,000,833 | ---- | M] () -- C:\WINDOWS\TMW20.INI
    [2013/02/14 11:51:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2013/02/14 11:48:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/14 11:48:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/14 11:48:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2013/02/14 11:48:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/14 11:46:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/14 11:36:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/14 08:39:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/02/13 12:24:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark A\Desktop\OTL.exe
    [2013/02/13 09:30:02 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Mark A\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/02/13 03:31:39 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 03:09:35 | 000,739,492 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1402010.016\Cat.DB
    [2013/02/13 03:09:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 03:03:55 | 000,436,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 03:03:55 | 000,069,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/11 14:48:27 | 000,782,848 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\RogueKiller.exe
    [2013/02/11 09:30:00 | 000,587,659 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\adwcleaner.exe
    [2013/02/11 09:27:40 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\SecurityCheck.exe
    [2013/02/11 09:00:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/02/11 08:48:56 | 005,030,592 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark A\Desktop\ComboFix.exe
    [2013/02/08 17:28:58 | 000,447,228 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
    [2013/02/08 16:40:52 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Mark A\Desktop\HiJackThis.lnk
    [2013/01/27 19:01:08 | 000,704,512 | ---- | M] (S8onPC.com) -- C:\Documents and Settings\Mark A\Desktop\S8onPC.exe
    [2013/01/25 13:35:58 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
    [2013/01/25 13:34:38 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1402010.016\VT20130115.021
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/02/14 11:43:22 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2013/02/14 11:43:22 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2013/02/14 11:38:59 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2013/02/14 11:38:57 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2013/02/14 11:37:11 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2013/02/14 11:34:30 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2013/02/14 11:34:29 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2013/02/14 11:34:28 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2013/02/14 11:34:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2013/02/14 11:34:26 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2013/02/14 11:32:48 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2013/02/14 11:32:47 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2013/02/14 11:32:47 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2013/02/14 11:29:55 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2013/02/14 11:29:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2013/02/14 11:29:53 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2013/02/14 11:29:53 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2013/02/14 11:29:52 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2013/02/14 11:29:51 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2013/02/14 11:29:51 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2013/02/14 11:29:50 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2013/02/14 11:29:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2013/02/14 11:29:42 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2013/02/11 14:48:23 | 000,782,848 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\RogueKiller.exe
    [2013/02/11 09:29:58 | 000,587,659 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\adwcleaner.exe
    [2013/02/11 09:27:38 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\SecurityCheck.exe
    [2013/02/11 09:00:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/02/11 09:00:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/02/11 08:53:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/02/11 08:53:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/02/11 08:53:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/02/11 08:53:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/02/11 08:53:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/02/08 13:46:29 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Mark A\Desktop\HiJackThis.lnk
    [2012/10/19 14:23:59 | 000,067,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/02/15 21:50:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/09 16:06:32 | 000,007,642 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\XeroxFaxOptions.xml
    [2011/12/09 16:05:56 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
    [2011/12/09 16:05:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\XeroxFaxPort.dll
    [2011/12/09 16:04:26 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
    [2011/12/09 16:00:10 | 000,110,592 | R--- | C] () -- C:\WINDOWS\Wiainst.exe
    [2011/12/09 15:58:18 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
    [2011/12/09 15:58:18 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
    [2011/12/09 15:58:18 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
    [2011/12/09 15:58:18 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
    [2011/12/09 15:58:18 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
    [2011/12/09 15:58:07 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssh1ml3.dll
    [2011/09/06 15:41:12 | 000,094,123 | ---- | C] () -- C:\WINDOWS\hppins05.dat
    [2011/09/06 15:41:12 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
    [2011/08/10 12:28:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
    [2011/05/15 14:50:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2010/12/30 12:49:36 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\default.rss
    [2010/12/30 12:49:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark A\Application Data\downloads.m3u
    [2010/10/05 14:46:54 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009/05/29 07:32:15 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Mark A\presets.ini
    [2009/02/13 13:07:38 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\rx_audio.Cache
    [2009/02/13 13:07:38 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\rx_image.Cache
    [2009/02/13 11:55:40 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Mark A\pool.bin
    [2006/04/14 15:10:10 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Mark A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== ZeroAccess Check ==========
     
    [2010/01/25 17:00:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2012/12/28 08:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2007/09/20 07:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2010/11/02 08:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/03/26 09:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2009/02/02 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2006/03/29 11:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2009/05/27 08:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
    [2009/03/16 08:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/21 08:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/08 09:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/15 08:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/11/09 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Ad-Aware Antivirus
    [2009/12/22 07:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\CheckPoint
    [2011/02/22 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Costco Photo Viewer US
    [2013/01/03 08:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Dropbox
    [2012/11/30 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\ElevatedDiagnostics
    [2007/04/17 10:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\InterTrust
    [2006/12/13 13:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Leadertech
    [2010/03/02 10:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\LimeWire
    [2009/04/23 08:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\OfficeUpdate12
    [2013/01/10 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Worksimaging
    [2011/12/09 16:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\Xerox
    [2012/12/28 15:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark A\Application Data\YouSendIt
     
    ========== Purity Check ==========
     
     


     

    < End of report >



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 39,223 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:01:58 PM

    Posted 15 February 2013 - 08:22 AM

    I suggest you remove IE8 using the Add/Remove Programs applet.

     

    This will reinstall IE7.

    Restart the computer 

     

    If all is well then you can update all of the new security updates.

     

    When all is well after a few days you can reinstall IE8 and see if you can get it to run correctly.

     

    Keep me posted.



    #15 markeeone

    markeeone
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:58 AM

    Posted 15 February 2013 - 02:18 PM

    Removed...made things worse. Reinstalled IE8 again. Problem persists. Now I am thinking mal/ad/spy ware. Any good programs to check for that?






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users