Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Icons gone task bar gone [Closed]

Started by Robyncr , May 04 2010 12:56 PM

  • This topic is locked This topic is locked

#1
Robyncr
Posted 04 May 2010 - 12:56 PM

Robyncr

    Member

  • Member
  • PipPip
  • 21 posts
I turn on my computer and all I get is this windows scan thing that won't let me access any thing all my icons are gone there is no task bar all it will do is run this scan and when its done scanning it still will not let me access anything I have tried safe mode and it does the same thing.I have tried to do a recovery and a windows repair using my windows xp cd it didn't work I don't want to loose all my stuff or I would of just done an fresh install. Is there any thing I could do without loosing all my stuff?
Thank you
  • 0

Advertisements

#2
Essexboy
Posted 04 May 2010 - 12:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you burn a disc so that we can work outside of windows ?

OK this file is big about 276.7Mb, print these instruction out so that you know what you are doing

File details
Bytes - 290,236,416
MB - 276.7
MD5 - 3BD19DB0ADB880A39DD80C704CB907D0

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
    [attachment=41445:scan.txt]
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
Robyncr
Posted 04 May 2010 - 02:12 PM

Robyncr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok I did all that and I put it in the computer made it boot from the cd and the screen says no boot device available press enter to retry and I did still didn't work.
  • 0

#4
Robyncr
Posted 04 May 2010 - 02:24 PM

Robyncr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok I just read something that I didn't see before about downloading the ISO so let me do it correctly this time and see if it works. Sorry about that.
  • 0

#5
Essexboy
Posted 04 May 2010 - 02:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you will need to burn the ISO to disc that will then boot. If it is not something you have done before it can be a bit daunting
  • 0

#6
Robyncr
Posted 04 May 2010 - 06:07 PM

Robyncr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 5/4/2010 4:12:47 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 792.00 Mb Available Physical Memory | 78.00% Memory free
901.00 Mb Paging File | 819.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 275.14 Gb Free Space | 92.30% Space Free | Partition Type: NTFS
Drive D: | 229.77 Gb Total Space | 193.49 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 19:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/02/22 19:14:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/22 18:40:35 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/02/22 17:21:11 | 000,723,632 | ---- | M] (COMODO) [Auto] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/11/12 05:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2002/04/04 16:02:58 | 000,077,824 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/03/10 23:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2010/03/01 02:25:37 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/02/22 18:40:37 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/02/22 18:40:32 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/02/22 18:40:30 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/02/22 18:40:23 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/02/22 17:21:11 | 000,134,344 | ---- | M] (COMODO) [File_System | System] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/22 17:21:11 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2010/02/22 17:21:11 | 000,025,160 | ---- | M] (COMODO) [Kernel | System] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/10/19 04:29:36 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008/05/02 00:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 08:00:00 | 000,125,056 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2007/07/23 19:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 19:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 19:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 19:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 19:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 19:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 19:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 19:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 18:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 18:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 18:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 18:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/05/02 18:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 23:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/13 22:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2003/11/17 17:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/04/04 16:02:58 | 000,050,800 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/04/04 16:02:58 | 000,049,956 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2002/04/04 16:02:58 | 000,018,928 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/04/04 16:02:58 | 000,016,112 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data]

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data]
IE - HKU\Owner_ON_C\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 00:19:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 20:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/03 18:53:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/28 20:22:51 | 000,000,000 | ---D | M]

[2010/05/04 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/02/22 19:26:10 | 000,002,114 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 16 more lines...
O2 - BHO: (no name) - {01D95B27-2427-4EA3-A6E3-3EE6AF33C39c} - C:\WINDOWS\system32\iashlpr32.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll ()
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll ()
O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\LocalService_ON_C..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\NetworkService_ON_C..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\Owner_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Owner_ON_C..\Run: [COMODO livePCsupport] File not found
O4 - HKU\Owner_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\Owner_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Owner_ON_C..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Owner_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (aiSnieXwS.dll) - C:\WINDOWS\System32\aiSnieXwS.dll (Westwood Studios)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\hphc320432.dll) - C:\WINDOWS\system32\hphc320432.dll ()
O20 - HKLM Winlogon: Shell - (C:\DOCUME~1\Owner\LOCALS~1\Temp\Twz.exe) - C:\Documents and Settings\Owner\Local Settings\Temp\Twz.exe (Westwood Studios)
O20 - Winlogon\Notify\2201e399899: DllName - C:\WINDOWS\system32\hphc320432.dll - C:\WINDOWS\system32\hphc320432.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/02/22 02:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 16:12:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/05/04 07:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/04 07:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/04 06:12:17 | 001,442,415 | ---- | C] (Westwood Studios) -- C:\WINDOWS\System32\viniuU.exe
[2010/05/04 06:12:17 | 001,441,792 | ---- | C] (Westwood Studios) -- C:\WINDOWS\System32\aiSnieXwS.dll
[2010/05/04 05:59:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
[2010/05/04 05:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2010/05/04 05:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\271811838
[2010/05/03 02:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\dvd
[2010/05/03 02:02:55 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/05/03 02:02:55 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/05/03 02:02:54 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2010/05/03 02:02:54 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2010/05/03 02:02:54 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/05/03 02:02:53 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2010/05/03 02:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/05/03 01:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/03 01:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/05/02 22:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVD Flick
[2010/04/30 02:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/04/30 02:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Gamevance
[2010/04/28 20:23:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/28 20:21:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/24 11:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010/04/22 04:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games
[2010/04/11 17:38:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/11 17:38:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/11 17:38:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/11 17:38:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/11 17:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/07 23:22:11 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/04/07 23:22:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/04/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/04/07 01:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Grande Vegas Casino
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/04 16:12:09 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/04 13:34:35 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/05/04 13:34:35 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/04 13:34:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 13:34:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 13:34:13 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/05/04 13:34:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/05/04 13:34:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC317065-E849-4425-9590-F951F4D1890F}.job
[2010/05/04 09:51:07 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/05/04 06:21:47 | 005,336,734 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/05/04 06:20:47 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\570549145
[2010/05/04 06:12:17 | 000,135,168 | ---- | M] () -- C:\WINDOWS\seqm6826.exe
[2010/05/04 06:12:14 | 001,442,415 | ---- | M] (Westwood Studios) -- C:\WINDOWS\System32\viniuU.exe
[2010/05/04 06:12:14 | 001,441,792 | ---- | M] (Westwood Studios) -- C:\WINDOWS\System32\aiSnieXwS.dll
[2010/05/04 06:12:04 | 000,101,888 | ---- | M] () -- C:\WINDOWS\msxi31500.exe
[2010/05/04 06:06:46 | 000,001,908 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2010/05/04 05:59:36 | 000,001,103 | -HS- | M] () -- C:\WINDOWS\System32\1917957065
[2010/05/04 05:59:16 | 000,000,113 | ---- | M] () -- C:\WINDOWS\System32\sl330309979
[2010/05/04 05:59:10 | 000,003,753 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899P.manifest
[2010/05/04 05:59:01 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/05/04 05:58:50 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899C.manifest
[2010/05/04 05:58:47 | 000,281,600 | ---- | M] () -- C:\WINDOWS\System32\iashlpr32.dll
[2010/05/04 05:58:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899S.manifest
[2010/05/04 05:58:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899O.manifest
[2010/05/04 05:58:43 | 000,184,320 | ---- | M] () -- C:\WINDOWS\System32\hphc320432.dll
[2010/05/03 12:34:12 | 000,000,072 | ---- | M] () -- C:\WINDOWS\pex.INI
[2010/05/03 12:30:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/02 22:53:54 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 22:18:42 | 734,248,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\THE_INCREDIBLE_MR_LIMPET.avi
[2010/05/02 21:53:15 | 000,000,044 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/04/19 17:57:22 | 000,002,082 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play MahJong Quest 3 The Balance of life.lnk
[2010/04/19 17:56:08 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Brickshooter Egypt.lnk
[2010/04/15 15:14:26 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Ocean Express.lnk
[2010/04/14 14:12:01 | 001,225,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IFRDRAFT17forwebADOBE.pdf
[2010/04/11 17:37:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/11 17:37:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/11 17:37:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/11 17:37:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/11 17:37:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/07 23:18:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI
[2010/04/06 13:01:43 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Elf Bowling Hawaiian Vacation.lnk
[2010/04/06 00:18:37 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 09:51:07 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/05/04 06:12:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\seqm6826.exe
[2010/05/04 06:12:03 | 000,101,888 | ---- | C] () -- C:\WINDOWS\msxi31500.exe
[2010/05/04 06:06:46 | 000,001,908 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010/05/04 05:59:36 | 000,001,103 | -HS- | C] () -- C:\WINDOWS\System32\1917957065
[2010/05/04 05:59:35 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\570549145
[2010/05/04 05:59:16 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\sl330309979
[2010/05/04 05:59:01 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/05/04 05:58:47 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\iashlpr32.dll
[2010/05/04 05:58:44 | 000,003,753 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899P.manifest
[2010/05/04 05:58:44 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899C.manifest
[2010/05/04 05:58:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899S.manifest
[2010/05/04 05:58:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899O.manifest
[2010/05/04 05:58:43 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\hphc320432.dll
[2010/05/03 01:50:12 | 734,248,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\THE_INCREDIBLE_MR_LIMPET.avi
[2010/04/14 14:12:01 | 001,225,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IFRDRAFT17forwebADOBE.pdf
[2010/04/07 23:18:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/04/06 00:18:37 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk
[2010/03/25 04:30:03 | 000,000,251 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/03/11 21:48:42 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/04 22:19:44 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2010/03/04 22:19:44 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2010/03/04 22:19:44 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2010/03/04 22:19:44 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2010/03/04 22:19:43 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/03/04 22:19:43 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/02/25 13:05:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GSP_Sol.INI
[2010/02/24 07:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2010/02/23 22:35:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI
[2010/02/22 18:49:03 | 000,000,104 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2010/02/22 18:10:39 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/22 17:27:26 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/22 02:48:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/02/22 02:38:33 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/22 02:38:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/22 02:38:31 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/02/22 02:38:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/02/22 02:38:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/22 02:38:30 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 02:38:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/22 02:38:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/22 02:35:45 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/22 02:31:19 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/22 02:31:18 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT.LOG
[2010/02/22 02:31:09 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2010/02/22 02:31:08 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/22 02:31:08 | 000,061,440 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT.LOG
[2010/02/22 02:31:06 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2010/02/22 02:31:05 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/22 02:31:05 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG
[2009/10/19 04:34:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/04/14 08:00:00 | 000,125,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2002/05/03 17:25:32 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll

========== LOP Check ==========

[2010/02/24 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2010/03/23 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Exent Technologies
[2010/02/22 02:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/03/13 12:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2010/04/22 04:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games
[2010/03/24 19:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2010/02/23 22:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/03/23 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2010/02/22 11:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2010/02/22 19:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2010/03/08 00:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2010/05/04 06:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/03/05 04:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2010/05/04 13:34:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC317065-E849-4425-9590-F951F4D1890F}.job

========== Purity Check ==========



========== Custom Scans ==========


< OTL logfile created on: 5/4/2010 4:07:48 PM - Run >
Invalid Switch: 2010 4:07:48 PM - Run

< OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE >

< Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM >

< Internet Explorer (Version = 8.0.6001.18702) >

< Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy >
Invalid Switch: yyyy



< 1,013.00 Mb Total Physical Memory | 822.00 Mb Available Physical Memory | 81.00% Memory free >

< 901.00 Mb Paging File | 843.00 Mb Available in Paging File | 94.00% Paging File free >

< Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] >


< %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files >

< Drive C: | 298.09 Gb Total Space | 275.14 Gb Free Space | 92.30% Space Free | Partition Type: NTFS >

< Drive D: | 229.77 Gb Total Space | 193.49 Gb Free Space | 84.21% Space Free | Partition Type: NTFS >

< E: Drive not present or media not loaded >

< F: Drive not present or media not loaded >

< G: Drive not present or media not loaded >

< H: Drive not present or media not loaded >

< I: Drive not present or media not loaded >

< Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS >


< Computer Name: REATOGO >

< Current User Name: SYSTEM >

< Logged in as Administrator. >


< Current Boot Mode: Normal >

< Scan Mode: All users >

< Company Name Whitelist: Off >

< Skip Microsoft Files: Off >

< File Age = 30 Days >

< Output = Standard >

< Using ControlSet: ControlSet002 >


< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]



< SRV - [2010/04/16 19:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) >
Invalid Switch: 16 19:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


< SRV - [2010/02/22 19:14:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) >
Invalid Switch: 22 19:14:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


< SRV - [2010/02/22 18:40:35 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) >
Invalid Switch: 22 18:40:35 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)


< SRV - [2010/02/22 17:21:11 | 000,723,632 | ---- | M] (COMODO) [Auto] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) >
Invalid Switch: 22 17:21:11 | 000,723,632 | ---- | M] (COMODO) [Auto] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)


< SRV - [2009/11/12 05:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) >
Invalid Switch: 12 05:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


< SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) >
Invalid Switch: 09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


< SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) >
Invalid Switch: 27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


< SRV - [2002/04/04 16:02:58 | 000,077,824 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11) >
Invalid Switch: 04 16:02:58 | 000,077,824 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)




< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]



< DRV - File not found [Kernel | On_Demand] -- -- (WDICA) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) >

< DRV - File not found [Kernel | System] -- -- (PCIDump) >

< DRV - File not found [Kernel | System] -- -- (lbrtfdc) >

< DRV - File not found [Kernel | System] -- -- (i2omgmt) >

< DRV - File not found [Kernel | System] -- -- (Changer) >

< DRV - [2010/03/10 23:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx) >
Invalid Switch: 10 23:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)


< DRV - [2010/03/01 02:25:37 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) >
Invalid Switch: 01 02:25:37 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)


< DRV - [2010/02/22 18:40:37 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) >
Invalid Switch: 22 18:40:37 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)


< DRV - [2010/02/22 18:40:32 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) >
Invalid Switch: 22 18:40:32 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)


< DRV - [2010/02/22 18:40:30 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) >
Invalid Switch: 22 18:40:30 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)


< DRV - [2010/02/22 18:40:23 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) >
Invalid Switch: 22 18:40:23 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)


< DRV - [2010/02/22 17:21:11 | 000,134,344 | ---- | M] (COMODO) [File_System | System] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard) >
Invalid Switch: 22 17:21:11 | 000,134,344 | ---- | M] (COMODO) [File_System | System] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)


< DRV - [2010/02/22 17:21:11 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) >
Invalid Switch: 22 17:21:11 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)


< DRV - [2010/02/22 17:21:11 | 000,025,160 | ---- | M] (COMODO) [Kernel | System] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) >
Invalid Switch: 22 17:21:11 | 000,025,160 | ---- | M] (COMODO) [Kernel | System] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)


< DRV - [2009/10/19 04:29:36 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\dumpdrv.sys -- (DumpDrv) >
Invalid Switch: 19 04:29:36 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\dumpdrv.sys -- (DumpDrv)


< DRV - [2008/05/02 00:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) >
Invalid Switch: 02 00:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)


< DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) >
Invalid Switch: 14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)


< DRV - [2008/04/14 08:00:00 | 000,125,056 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk) >
Invalid Switch: 14 08:00:00 | 000,125,056 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)


< DRV - [2007/07/23 19:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) >
Invalid Switch: 23 19:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)


< DRV - [2007/07/23 19:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM) >
Invalid Switch: 23 19:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)


< DRV - [2007/07/23 19:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) >
Invalid Switch: 23 19:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)


< DRV - [2007/07/23 19:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) >
Invalid Switch: 23 19:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)


< DRV - [2007/07/23 19:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) >
Invalid Switch: 23 19:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)


< DRV - [2007/07/23 19:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) >
Invalid Switch: 23 19:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)


< DRV - [2007/07/23 19:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) >
Invalid Switch: 23 19:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)


< DRV - [2007/07/23 19:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) >
Invalid Switch: 23 19:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)


< DRV - [2007/07/23 18:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB) >
Invalid Switch: 23 18:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)


< DRV - [2007/07/23 18:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) >
Invalid Switch: 23 18:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


< DRV - [2007/07/23 18:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) >
Invalid Switch: 23 18:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


< DRV - [2007/07/23 18:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) >
Invalid Switch: 23 18:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)


< DRV - [2007/05/02 18:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) >
Invalid Switch: 02 18:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


< DRV - [2007/04/16 23:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) >
Invalid Switch: 16 23:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


< DRV - [2007/04/13 22:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel® >
Invalid Switch: 13 22:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®


< DRV - [2003/11/17 17:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) >
Invalid Switch: 17 17:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)


< DRV - [2003/11/17 17:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) >
Invalid Switch: 17 17:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


< DRV - [2003/11/17 17:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) >
Invalid Switch: 17 17:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


< DRV - [2002/04/04 16:02:58 | 000,050,800 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11) >
Invalid Switch: 04 16:02:58 | 000,050,800 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)


< DRV - [2002/04/04 16:02:58 | 000,049,956 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11) >
Invalid Switch: 04 16:02:58 | 000,049,956 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)


< DRV - [2002/04/04 16:02:58 | 000,018,928 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11) >
Invalid Switch: 04 16:02:58 | 000,018,928 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)


< DRV - [2002/04/04 16:02:58 | 000,016,112 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11) >
Invalid Switch: 04 16:02:58 | 000,016,112 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)


< DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) >
Invalid Switch: 17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)




< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]




< ========== Internet Explorer ========== >
Invalid Switch: color]



< IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com >
Invalid Switch: www.yahoo.com


< IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com >
Invalid Switch: www.yahoo.com




< IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data] >

< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >


< IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data] >


< IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data] >


< IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com >
Invalid Switch: www.yahoo.com


< IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 5B D9 01 27 24 A3 4E A6 E3 3E E6 AF 33 C3 9C [binary data] >

< IE - HKU\Owner_ON_C\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.) >

< IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >



< FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 00:19:02 | 000,000,000 | ---D | M] >
Invalid Switch: 04 00:19:02 | 000,000,000 | ---D | M]


< FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 20:22:51 | 000,000,000 | ---D | M] >
Invalid Switch: 28 20:22:51 | 000,000,000 | ---D | M]


< FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/03 18:53:26 | 000,000,000 | ---D | M] >
Invalid Switch: 03 18:53:26 | 000,000,000 | ---D | M]


< FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/28 20:22:51 | 000,000,000 | ---D | M] >
Invalid Switch: 28 20:22:51 | 000,000,000 | ---D | M]



< [2010/05/04 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions >
Invalid Switch: 04 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions


< [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll >
Invalid Switch: 19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll


< [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll >
Invalid Switch: 19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll


< [2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll >
Invalid Switch: 27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll



< O1 HOSTS File: ([2010/02/22 19:26:10 | 000,002,114 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts >
Invalid Switch: 22 19:26:10 | 000,002,114 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts


< O1 - Hosts: 127.0.0.1 localhost >

< O1 - Hosts: 127.0.0.1 activate.adobe.com >

< O1 - Hosts: 127.0.0.1 practivate.adobe.com >

< O1 - Hosts: 127.0.0.1 ereg.adobe.com >

< O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com >

< O1 - Hosts: 127.0.0.1 wip3.adobe.com >

< O1 - Hosts: 127.0.0.1 3dns-3.adobe.com >

< O1 - Hosts: 127.0.0.1 3dns-2.adobe.com >

< O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com >

< O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com >

< O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com >

< O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com >

< O1 - Hosts: 127.0.0.1 activate-sea.adobe.com >

< O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com >

< O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com >

< O1 - Hosts: 127.0.0.1 practivate.adobe.com >

< O1 - Hosts: 127.0.0.1 ereg.adobe.com >

< O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com >

< O1 - Hosts: 127.0.0.1 wip3.adobe.com >

< O1 - Hosts: 127.0.0.1 3dns-3.adobe.com >

< O1 - Hosts: 127.0.0.1 3dns-2.adobe.com >

< O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com >

< O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com >

< O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com >

< O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com >

< O1 - Hosts: 16 more lines... >

< O2 - BHO: (no name) - {01D95B27-2427-4EA3-A6E3-3EE6AF33C39c} - C:\WINDOWS\system32\iashlpr32.dll () >

< O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) >

< O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll () >

< O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll () >

< O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll () >

< O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.) >

< O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) >

< O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) >

< O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.) >

< O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.) >

< O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) >

< O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe () >

< O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) >

< O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) >

< O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) >

< O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) >

< O4 - HKU\LocalService_ON_C..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) >

< O4 - HKU\NetworkService_ON_C..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) >

< O4 - HKU\Owner_ON_C..\Run: [AdobeBridge] File not found >

< O4 - HKU\Owner_ON_C..\Run: [COMODO livePCsupport] File not found >

< O4 - HKU\Owner_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) >

< O4 - HKU\Owner_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) >

< O4 - HKU\Owner_ON_C..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) >

< O4 - HKU\Owner_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 >

< O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >

< O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 >

< O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) >

< O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll () >

< O13 - gopher Prefix: missing >

< O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) >

< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19) >
Invalid Switch: jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)


< O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19) >
Invalid Switch: jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)


< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19) >
Invalid Switch: jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)


< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 >

< O20 - AppInit_DLLs: (aiSnieXwS.dll) - C:\WINDOWS\System32\aiSnieXwS.dll (Westwood Studios) >

< O20 - AppInit_DLLs: (C:\WINDOWS\system32\hphc320432.dll) - C:\WINDOWS\system32\hphc320432.dll () >

< O20 - HKLM Winlogon: Shell - (C:\DOCUME~1\Owner\LOCALS~1\Temp\Twz.exe) - C:\Documents and Settings\Owner\Local Settings\Temp\Twz.exe (Westwood Studios) >

< O20 - Winlogon\Notify\2201e399899: DllName - C:\WINDOWS\system32\hphc320432.dll - C:\WINDOWS\system32\hphc320432.dll () >

< O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) >

< O32 - HKLM CDRom: AutoRun - 0 >

< O32 - AutoRun File - [2010/02/22 02:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] >
Invalid Switch: 22 02:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]


< O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] >
Invalid Switch: 11 19:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]


< O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] >
Invalid Switch: 24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]


< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >

< O35 - HKLM\..comfile [open] -- "%1" %* >

< O35 - HKLM\..exefile [open] -- "%1" %* >

< O37 - HKLM\...com [@ = comfile] -- "%1" %* >

< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >


< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]



< [2010/05/04 07:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia >
Invalid Switch: 04 07:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia


< [2010/05/04 07:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe >
Invalid Switch: 04 07:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe


< [2010/05/04 06:12:17 | 001,442,415 | ---- | C] (Westwood Studios) -- C:\WINDOWS\System32\viniuU.exe >
Invalid Switch: 04 06:12:17 | 001,442,415 | ---- | C] (Westwood Studios) -- C:\WINDOWS\System32\viniuU.exe


< [2010/05/04 06:12:17 | 001,441,792 | ---- | C] (Westwood Studios) -- C:\WINDOWS\System32\aiSnieXwS.dll >
Invalid Switch: 04 06:12:17 | 001,441,792 | ---- | C] (Westwood Studios) -- C:\WINDOWS\System32\aiSnieXwS.dll


< [2010/05/04 05:59:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32 >
Invalid Switch: 04 05:59:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32


< [2010/05/04 05:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR >
Invalid Switch: 04 05:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR


< [2010/05/04 05:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\271811838 >
Invalid Switch: 04 05:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\271811838


< [2010/05/03 02:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\dvd >
Invalid Switch: 03 02:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\dvd


< [2010/05/03 02:02:55 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll >
Invalid Switch: 03 02:02:55 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll


< [2010/05/03 02:02:55 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx >
Invalid Switch: 03 02:02:55 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx


< [2010/05/03 02:02:54 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx >
Invalid Switch: 03 02:02:54 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx


< [2010/05/03 02:02:54 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx >
Invalid Switch: 03 02:02:54 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx


< [2010/05/03 02:02:54 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx >
Invalid Switch: 03 02:02:54 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx


< [2010/05/03 02:02:53 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx >
Invalid Switch: 03 02:02:53 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx


< [2010/05/03 02:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick >
Invalid Switch: 03 02:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick


< [2010/05/03 01:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent >
Invalid Switch: 03 01:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent


< [2010/05/03 01:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent >
Invalid Switch: 03 01:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent


< [2010/05/02 22:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVD Flick >
Invalid Switch: 02 22:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVD Flick


< [2010/04/30 02:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer >
Invalid Switch: 30 02:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer


< [2010/04/30 02:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Gamevance >
Invalid Switch: 30 02:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Gamevance


< [2010/04/28 20:23:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt >
Invalid Switch: 28 20:23:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt


< [2010/04/28 20:21:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi >
Invalid Switch: 28 20:21:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi


< [2010/04/24 11:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars >
Invalid Switch: 24 11:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars


< [2010/04/22 04:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games >
Invalid Switch: 22 04:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games


< [2010/04/11 17:38:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe >
Invalid Switch: 11 17:38:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe


< [2010/04/11 17:38:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe >
Invalid Switch: 11 17:38:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe


< [2010/04/11 17:38:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe >
Invalid Switch: 11 17:38:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe


< [2010/04/11 17:38:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl >
Invalid Switch: 11 17:38:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl


< [2010/04/11 17:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java >
Invalid Switch: 11 17:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java


< [2010/04/07 23:22:11 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll >
Invalid Switch: 07 23:22:11 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll


< [2010/04/07 23:22:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll >
Invalid Switch: 07 23:22:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll


< [2010/04/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Canon >
Invalid Switch: 07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Canon


< [2010/04/07 01:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Grande Vegas Casino >
Invalid Switch: 07 01:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Grande Vegas Casino


< [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >


< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]



< [2010/05/04 13:34:35 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat >
Invalid Switch: 04 13:34:35 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat


< [2010/05/04 13:34:35 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT >
Invalid Switch: 04 13:34:35 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT


< [2010/05/04 13:34:35 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT >
Invalid Switch: 04 13:34:35 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT


< [2010/05/04 13:34:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat >
Invalid Switch: 04 13:34:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat


< [2010/05/04 13:34:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT >
Invalid Switch: 04 13:34:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT


< [2010/05/04 13:34:13 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat >
Invalid Switch: 04 13:34:13 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat


< [2010/05/04 13:34:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini >
Invalid Switch: 04 13:34:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini


< [2010/05/04 13:34:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC317065-E849-4425-9590-F951F4D1890F}.job >
Invalid Switch: 04 13:34:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC317065-E849-4425-9590-F951F4D1890F}.job


< [2010/05/04 09:51:07 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat >
Invalid Switch: 04 09:51:07 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat


< [2010/05/04 06:21:47 | 005,336,734 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db >
Invalid Switch: 04 06:21:47 | 005,336,734 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db


< [2010/05/04 06:20:47 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\570549145 >
Invalid Switch: 04 06:20:47 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\570549145


< [2010/05/04 06:12:17 | 000,135,168 | ---- | M] () -- C:\WINDOWS\seqm6826.exe >
Invalid Switch: 04 06:12:17 | 000,135,168 | ---- | M] () -- C:\WINDOWS\seqm6826.exe


< [2010/05/04 06:12:14 | 001,442,415 | ---- | M] (Westwood Studios) -- C:\WINDOWS\System32\viniuU.exe >
Invalid Switch: 04 06:12:14 | 001,442,415 | ---- | M] (Westwood Studios) -- C:\WINDOWS\System32\viniuU.exe


< [2010/05/04 06:12:14 | 001,441,792 | ---- | M] (Westwood Studios) -- C:\WINDOWS\System32\aiSnieXwS.dll >
Invalid Switch: 04 06:12:14 | 001,441,792 | ---- | M] (Westwood Studios) -- C:\WINDOWS\System32\aiSnieXwS.dll


< [2010/05/04 06:12:04 | 000,101,888 | ---- | M] () -- C:\WINDOWS\msxi31500.exe >
Invalid Switch: 04 06:12:04 | 000,101,888 | ---- | M] () -- C:\WINDOWS\msxi31500.exe


< [2010/05/04 06:06:46 | 000,001,908 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini >
Invalid Switch: 04 06:06:46 | 000,001,908 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini


< [2010/05/04 05:59:36 | 000,001,103 | -HS- | M] () -- C:\WINDOWS\System32\1917957065 >
Invalid Switch: 04 05:59:36 | 000,001,103 | -HS- | M] () -- C:\WINDOWS\System32\1917957065


< [2010/05/04 05:59:16 | 000,000,113 | ---- | M] () -- C:\WINDOWS\System32\sl330309979 >
Invalid Switch: 04 05:59:16 | 000,000,113 | ---- | M] () -- C:\WINDOWS\System32\sl330309979


< [2010/05/04 05:59:10 | 000,003,753 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899P.manifest >
Invalid Switch: 04 05:59:10 | 000,003,753 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899P.manifest


< [2010/05/04 05:59:01 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe >
Invalid Switch: 04 05:59:01 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe


< [2010/05/04 05:58:50 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899C.manifest >
Invalid Switch: 04 05:58:50 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899C.manifest


< [2010/05/04 05:58:47 | 000,281,600 | ---- | M] () -- C:\WINDOWS\System32\iashlpr32.dll >
Invalid Switch: 04 05:58:47 | 000,281,600 | ---- | M] () -- C:\WINDOWS\System32\iashlpr32.dll


< [2010/05/04 05:58:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899S.manifest >
Invalid Switch: 04 05:58:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899S.manifest


< [2010/05/04 05:58:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899O.manifest >
Invalid Switch: 04 05:58:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899O.manifest


< [2010/05/04 05:58:43 | 000,184,320 | ---- | M] () -- C:\WINDOWS\System32\hphc320432.dll >
Invalid Switch: 04 05:58:43 | 000,184,320 | ---- | M] () -- C:\WINDOWS\System32\hphc320432.dll


< [2010/05/03 12:34:12 | 000,000,072 | ---- | M] () -- C:\WINDOWS\pex.INI >
Invalid Switch: 03 12:34:12 | 000,000,072 | ---- | M] () -- C:\WINDOWS\pex.INI


< [2010/05/03 12:30:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl >
Invalid Switch: 03 12:30:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl


< [2010/05/02 22:53:54 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 02 22:53:54 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


< [2010/05/02 22:18:42 | 734,248,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\THE_INCREDIBLE_MR_LIMPET.avi >
Invalid Switch: 02 22:18:42 | 734,248,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\THE_INCREDIBLE_MR_LIMPET.avi


< [2010/05/02 21:53:15 | 000,000,044 | ---- | M] () -- C:\WINDOWS\popcinfo.dat >
Invalid Switch: 02 21:53:15 | 000,000,044 | ---- | M] () -- C:\WINDOWS\popcinfo.dat


< [2010/04/19 17:57:22 | 000,002,082 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play MahJong Quest 3 The Balance of life.lnk >
Invalid Switch: 19 17:57:22 | 000,002,082 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play MahJong Quest 3 The Balance of life.lnk


< [2010/04/19 17:56:08 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Brickshooter Egypt.lnk >
Invalid Switch: 19 17:56:08 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Brickshooter Egypt.lnk


< [2010/04/15 15:14:26 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Ocean Express.lnk >
Invalid Switch: 15 15:14:26 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Ocean Express.lnk


< [2010/04/14 14:12:01 | 001,225,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IFRDRAFT17forwebADOBE.pdf >
Invalid Switch: 14 14:12:01 | 001,225,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IFRDRAFT17forwebADOBE.pdf


< [2010/04/11 17:37:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll >
Invalid Switch: 11 17:37:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll


< [2010/04/11 17:37:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe >
Invalid Switch: 11 17:37:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe


< [2010/04/11 17:37:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe >
Invalid Switch: 11 17:37:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe


< [2010/04/11 17:37:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe >
Invalid Switch: 11 17:37:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe


< [2010/04/11 17:37:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl >
Invalid Switch: 11 17:37:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl


< [2010/04/07 23:18:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI >
Invalid Switch: 07 23:18:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI


< [2010/04/06 13:01:43 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Elf Bowling Hawaiian Vacation.lnk >
Invalid Switch: 06 13:01:43 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Elf Bowling Hawaiian Vacation.lnk


< [2010/04/06 00:18:37 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk >
Invalid Switch: 06 00:18:37 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk


< [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >


< ========== Files Created - No Company Name ========== >
Invalid Switch: color]



< [2010/05/04 09:51:07 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat >
Invalid Switch: 04 09:51:07 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat


< [2010/05/04 06:12:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\seqm6826.exe >
Invalid Switch: 04 06:12:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\seqm6826.exe


< [2010/05/04 06:12:03 | 000,101,888 | ---- | C] () -- C:\WINDOWS\msxi31500.exe >
Invalid Switch: 04 06:12:03 | 000,101,888 | ---- | C] () -- C:\WINDOWS\msxi31500.exe


< [2010/05/04 06:06:46 | 000,001,908 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini >
Invalid Switch: 04 06:06:46 | 000,001,908 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini


< [2010/05/04 05:59:36 | 000,001,103 | -HS- | C] () -- C:\WINDOWS\System32\1917957065 >
Invalid Switch: 04 05:59:36 | 000,001,103 | -HS- | C] () -- C:\WINDOWS\System32\1917957065


< [2010/05/04 05:59:35 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\570549145 >
Invalid Switch: 04 05:59:35 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\570549145


< [2010/05/04 05:59:16 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\sl330309979 >
Invalid Switch: 04 05:59:16 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\sl330309979


< [2010/05/04 05:59:01 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe >
Invalid Switch: 04 05:59:01 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe


< [2010/05/04 05:58:47 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\iashlpr32.dll >
Invalid Switch: 04 05:58:47 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\iashlpr32.dll


< [2010/05/04 05:58:44 | 000,003,753 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899P.manifest >
Invalid Switch: 04 05:58:44 | 000,003,753 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899P.manifest


< [2010/05/04 05:58:44 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899C.manifest >
Invalid Switch: 04 05:58:44 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899C.manifest


< [2010/05/04 05:58:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899S.manifest >
Invalid Switch: 04 05:58:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899S.manifest


< [2010/05/04 05:58:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899O.manifest >
Invalid Switch: 04 05:58:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000001372f563899O.manifest


< [2010/05/04 05:58:43 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\hphc320432.dll >
Invalid Switch: 04 05:58:43 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\hphc320432.dll


< [2010/05/03 01:50:12 | 734,248,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\THE_INCREDIBLE_MR_LIMPET.avi >
Invalid Switch: 03 01:50:12 | 734,248,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\THE_INCREDIBLE_MR_LIMPET.avi


< [2010/04/14 14:12:01 | 001,225,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IFRDRAFT17forwebADOBE.pdf >
Invalid Switch: 14 14:12:01 | 001,225,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IFRDRAFT17forwebADOBE.pdf


< [2010/04/07 23:18:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI >
Invalid Switch: 07 23:18:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI


< [2010/04/06 00:18:37 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk >
Invalid Switch: 06 00:18:37 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk


< [2010/03/25 04:30:03 | 000,000,251 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI >
Invalid Switch: 25 04:30:03 | 000,000,251 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI


< [2010/03/11 21:48:42 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini >
Invalid Switch: 11 21:48:42 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini


< [2010/03/04 22:19:44 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll >
Invalid Switch: 04 22:19:44 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll


< [2010/03/04 22:19:44 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll >
Invalid Switch: 04 22:19:44 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll


< [2010/03/04 22:19:44 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll >
Invalid Switch: 04 22:19:44 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll


< [2010/03/04 22:19:44 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll >
Invalid Switch: 04 22:19:44 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll


< [2010/03/04 22:19:43 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL >
Invalid Switch: 04 22:19:43 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL


< [2010/03/04 22:19:43 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL >
Invalid Switch: 04 22:19:43 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL


< [2010/02/25 13:05:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GSP_Sol.INI >
Invalid Switch: 25 13:05:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GSP_Sol.INI


< [2010/02/24 07:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI >
Invalid Switch: 24 07:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI


< [2010/02/23 22:35:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI >
Invalid Switch: 23 22:35:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI


< [2010/02/22 18:49:03 | 000,000,104 | ---- | C] () -- C:\WINDOWS\ulead32.ini >
Invalid Switch: 22 18:49:03 | 000,000,104 | ---- | C] () -- C:\WINDOWS\ulead32.ini


< [2010/02/22 18:10:39 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 22 18:10:39 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


< [2010/02/22 17:27:26 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat >
Invalid Switch: 22 17:27:26 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat


< [2010/02/22 02:48:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll >
Invalid Switch: 22 02:48:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll


< [2010/02/22 02:38:33 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll >
Invalid Switch: 22 02:38:33 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll


< [2010/02/22 02:38:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini >
Invalid Switch: 22 02:38:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini


< [2010/02/22 02:38:31 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll >
Invalid Switch: 22 02:38:31 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll


< [2010/02/22 02:38:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll >
Invalid Switch: 22 02:38:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll


< [2010/02/22 02:38:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll >
Invalid Switch: 22 02:38:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll


< [2010/02/22 02:38:30 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll >
Invalid Switch: 22 02:38:30 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll


< [2010/02/22 02:38:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll >
Invalid Switch: 22 02:38:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll


< [2010/02/22 02:38:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest >
Invalid Switch: 22 02:38:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest


< [2010/02/22 02:35:45 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat >
Invalid Switch: 22 02:35:45 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat


< [2010/02/22 02:31:19 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini >
Invalid Switch: 22 02:31:19 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini


< [2010/02/22 02:31:18 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT.LOG >
Invalid Switch: 22 02:31:18 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT.LOG


< [2010/02/22 02:31:09 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini >
Invalid Switch: 22 02:31:09 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini


< [2010/02/22 02:31:08 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT >
Invalid Switch: 22 02:31:08 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT


< [2010/02/22 02:31:08 | 000,053,248 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT.LOG >
Invalid Switch: 22 02:31:08 | 000,053,248 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT.LOG


< [2010/02/22 02:31:06 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini >
Invalid Switch: 22 02:31:06 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini


< [2010/02/22 02:31:05 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT >
Invalid Switch: 22 02:31:05 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT


< [2010/02/22 02:31:05 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG >
Invalid Switch: 22 02:31:05 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG


< [2009/10/19 04:34:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll >
Invalid Switch: 19 04:34:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll


< [2008/04/14 08:00:00 | 000,125,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys >
Invalid Switch: 14 08:00:00 | 000,125,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys


< [2002/05/03 17:25:32 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll >
Invalid Switch: 03 17:25:32 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll



< ========== LOP Check ========== >
Invalid Switch: color]



< [2010/02/24 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis >
Invalid Switch: 24 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis


< [2010/03/23 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Exent Technologies >
Invalid Switch: 23 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Exent Technologies


< [2010/02/22 02:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit >
Invalid Switch: 22 02:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit


< [2010/03/13 12:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software >
Invalid Switch: 13 12:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software


< [2010/04/22 04:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games >
Invalid Switch: 22 04:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games


< [2010/03/24 19:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin >
Invalid Switch: 24 19:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin


< [2010/02/23 22:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire >
Invalid Switch: 23 22:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire


< [2010/03/23 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia >
Invalid Switch: 23 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia


< [2010/02/22 11:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird >
Invalid Switch: 22 11:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird


< [2010/02/22 19:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems >
Invalid Switch: 22 19:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems


< [2010/03/08 00:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity >
Invalid Switch: 08 00:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity


< [2010/05/04 06:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent >
Invalid Switch: 04 06:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent


< [2010/03/05 04:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent >
Invalid Switch: 05 04:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent


< [2010/05/04 13:34:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC317065-E849-4425-9590-F951F4D1890F}.job >
Invalid Switch: 04 13:34:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC317065-E849-4425-9590-F951F4D1890F}.job



< ========== Purity Check ========== >
Invalid Switch: color]





< ========== Alternate Data Streams ========== >
Invalid Switch: color]



< @Alternate Data Stream - 88 bytes -> C:\DPS2_E_ESD.exe:SummaryInformation >

< < End of report > >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\DPS2_E_ESD.exe:SummaryInformation

< End of report >
  • 0

#7
Essexboy
Posted 05 May 2010 - 12:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This will not clear all the problems but it will enable us to use other programmes


Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=41474:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
Robyncr
Posted 05 May 2010 - 05:35 PM

Robyncr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I did what you said and I still can't access my desk top in normal mode I have that Virus Protector scan thing that I can't get rid of. I don't know if that helps you out or not. I'm not able to download the combofix to the infected computers desk top cause I can't get on line. Is there another way to get that program on to that computer?
Here is the otl log you asked for. Thanks for all your help.




========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01D95B27-2427-4EA3-A6E3-3EE6AF33C39c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01D95B27-2427-4EA3-A6E3-3EE6AF33C39c}\ not found.
File C:\WINDOWS\system32\iashlpr32.dll not found.
Registry value HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\hphc320432.dll deleted successfully.
File C:\WINDOWS\system32\hphc320432.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\2201e399899\ not found.
File C:\WINDOWS\system32\hphc320432.dll not found.
Folder C:\WINDOWS\System32\271811838\ not found.
File C:\WINDOWS\System32\570549145 not found.
File C:\WINDOWS\seqm6826.exe not found.
File C:\WINDOWS\System32\1917957065 not found.
File C:\WINDOWS\System32\sl330309979 not found.
File C:\WINDOWS\System32\hphc320432.dll not found.
File C:\WINDOWS\seqm6826.exe not found.
File C:\WINDOWS\msxi31500.exe not found.
File C:\WINDOWS\System32\1917957065 not found.
File C:\WINDOWS\System32\570549145 not found.
File C:\WINDOWS\System32\sl330309979 not found.

OTLPE by OldTimer - Version 3.1.38.0 log created on 05052010_192222
  • 0

#9
Robyncr
Posted 05 May 2010 - 06:41 PM

Robyncr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok I was able to put the combofix on the infected computer It did it's thing and then i rebooted and now all I get is my desktop no icons no task bar and it just stays there.it tried to download the windows recovery console but couldn't cause it couldn't go on line. any way here is the log from combofix.ComboFix 10-05-05.04 - Owner 05/05/2010 16:55:47.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.813 [GMT -7:00]
Running from: G:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\020000001372f563899C.manifest
c:\documents and settings\Owner\Application Data\020000001372f563899O.manifest
c:\documents and settings\Owner\Application Data\020000001372f563899P.manifest
c:\documents and settings\Owner\Application Data\020000001372f563899S.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\u2s03p4w.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\u2s03p4w.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\u2s03p4w.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\u2s03p4w.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\u2s03p4w.default\extensions\{2a29819e-fd13-4722-8773-7ef35d7d0b4e}\install.rdf
C:\mspaint.exe
c:\program files\WindowsUpdate
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-05 22:02 . 2010-05-05 22:02 -------- d-----w- C:\_OTL
2010-05-05 06:33 . 2010-05-05 06:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-05-05 06:33 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 06:33 . 2010-05-05 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 06:33 . 2010-05-05 07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 06:33 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 13:51 . 2010-05-04 13:51 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-05-04 10:12 . 2010-05-04 10:12 1442415 ----a-w- c:\windows\system32\viniuU.exe
2010-05-04 10:12 . 2010-05-04 10:12 1441792 ----a-w- c:\windows\system32\aiSnieXwS.dll
2010-05-03 06:02 . 2003-01-26 20:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-05-03 06:02 . 2010-05-03 06:05 -------- d-----w- c:\program files\DVD Flick
2010-05-03 05:40 . 2010-05-03 16:30 -------- d-----w- c:\program files\uTorrent
2010-05-03 05:40 . 2010-05-04 10:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-05-03 02:23 . 2010-05-03 08:10 -------- d-----w- c:\documents and settings\Owner\Application Data\DVD Flick
2010-04-30 06:28 . 2010-04-30 06:28 -------- d-----w- c:\program files\Bing Bar Installer
2010-04-28 18:36 . 2010-04-28 18:36 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-28 10:24 . 2010-04-28 10:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-04-28 10:21 . 2010-04-28 10:21 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-28 09:22 . 2010-04-28 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-28 09:22 . 2010-04-28 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-24 15:39 . 2010-04-25 20:04 -------- d-----w- c:\program files\PokerStars
2010-04-22 08:18 . 2010-04-22 08:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Gold Casual Games
2010-04-20 18:07 . 2010-04-30 06:27 105984 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.dll
2010-04-11 21:37 . 2010-04-11 21:37 -------- d-----w- c:\program files\Java
2010-04-08 03:22 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-08 03:22 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-08 03:17 . 2010-04-08 03:19 -------- d-----w- c:\program files\Canon
2010-04-07 05:18 . 2010-04-07 06:08 -------- d-----w- c:\program files\Grande Vegas Casino

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 23:52 . 2010-02-22 21:23 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-04 09:58 . 2010-05-04 09:58 1081856 --sha-w- c:\windows\system32\1D8.tmp
2010-05-03 01:53 . 2010-03-19 06:16 44 ----a-w- c:\windows\popcinfo.dat
2010-05-01 16:56 . 2010-02-22 15:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-29 00:22 . 2010-02-22 23:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-22 08:17 . 2010-03-05 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-04-22 08:16 . 2010-03-05 08:36 2523560 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-04-15 23:32 . 2010-03-05 08:26 -------- d-----w- c:\program files\HP Games
2010-04-15 01:40 . 2010-03-21 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-11 21:37 . 2010-02-22 06:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-08 03:19 . 2010-02-22 06:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 03:16 . 2010-02-22 06:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-26 12:15 . 2010-03-26 12:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 12:14 . 2010-03-26 12:14 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd9e92a-n\msvcp71.dll
2010-03-26 12:14 . 2010-03-26 12:14 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd9e92a-n\jmc.dll
2010-03-26 12:14 . 2010-03-26 12:14 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd9e92a-n\msvcr71.dll
2010-03-26 12:14 . 2010-03-26 12:14 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4a87503b-n\decora-sse.dll
2010-03-26 12:14 . 2010-03-26 12:14 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4a87503b-n\decora-d3d.dll
2010-03-25 08:59 . 2010-03-25 08:59 -------- d-----w- c:\program files\Novel Games
2010-03-25 08:15 . 2010-02-22 21:21 -------- d-----w- c:\program files\COMODO
2010-03-25 08:14 . 2010-02-22 22:29 74880 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 00:56 . 2010-03-24 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-03-24 23:58 . 2010-03-23 16:43 -------- d-----w- c:\program files\Free_Ride_Games
2010-03-24 23:29 . 2010-03-24 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
2010-03-24 00:24 . 2010-03-24 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Ludia
2010-03-24 00:24 . 2010-03-24 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Ludia
2010-03-24 00:24 . 2010-03-24 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Exent Technologies
2010-03-23 16:43 . 2010-03-23 16:42 -------- d-----w- c:\program files\Free Ride Games
2010-03-23 16:43 . 2010-03-23 16:43 64 ----a-w- c:\windows\GPlrLanc.dat
2010-03-23 16:43 . 2010-03-23 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-03-23 16:43 . 2010-03-23 16:43 -------- d-----w- c:\program files\Conduit
2010-03-21 05:21 . 2010-03-21 05:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-03-21 05:13 . 2010-03-21 05:10 -------- d-----w- c:\program files\Yahoo!
2010-03-21 05:13 . 2010-03-21 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-19 07:01 . 2010-03-19 06:13 -------- d-----w- c:\program files\TetriBox
2010-03-19 07:00 . 2010-03-19 07:00 -------- d-----w- c:\program files\Trymedia
2010-03-19 06:14 . 2010-03-19 06:14 -------- d-----w- c:\program files\Hexacto
2010-03-19 06:13 . 2010-03-19 06:13 -------- d-----w- c:\program files\Mahjongg Towers
2010-03-19 06:08 . 2010-03-19 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-03-19 05:31 . 2010-03-19 05:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2010-03-13 16:52 . 2010-03-13 16:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2010-03-12 02:02 . 2010-03-12 02:02 -------- d-----w- c:\program files\Real
2010-03-12 02:00 . 2010-03-12 02:00 -------- d-----w- c:\program files\RealArcade
2010-03-12 01:49 . 2010-03-12 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-03-12 01:49 . 2010-03-12 01:47 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-12 01:49 . 2010-03-12 01:47 -------- d-----w- c:\program files\Roxio
2010-03-12 01:48 . 2010-03-12 01:48 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-03-12 01:47 . 2010-03-12 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-03-12 01:47 . 2010-03-12 01:47 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-12 01:47 . 2010-02-22 20:58 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-03-12 01:47 . 2010-03-12 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-03-11 07:47 . 2010-03-11 07:44 -------- d-----w- c:\program files\CaptainJack Casino
2010-03-10 10:54 . 2010-03-10 10:54 -------- d-----w- c:\program files\PlaySushi
2010-03-08 04:06 . 2010-03-08 04:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2010-03-07 06:57 . 2010-03-07 06:57 -------- d-----w- c:\program files\Legacy Interactive
2010-03-04 18:23 . 2010-03-23 16:42 53314 ------w- c:\windows\ExentInfo.exe
2010-03-01 06:25 . 2010-03-01 06:25 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-02-22 22:42 . 2010-02-22 22:39 82499496 ----a-w- C:\DPS2_E_ESD.exe
2010-02-22 22:40 . 2010-02-22 22:40 160288 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-02-22 22:40 . 2010-02-22 22:40 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-02-22 22:40 . 2010-02-22 22:40 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-02-22 22:40 . 2010-02-22 22:40 158272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-02-22 21:29 . 2010-02-22 21:29 0 ----a-w- c:\windows\nsreg.dat
2010-02-22 21:21 . 2010-02-22 21:21 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-22 21:21 . 2010-02-22 21:21 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-22 21:21 . 2010-02-22 21:21 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-22 21:21 . 2010-02-22 21:21 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-22 19:10 . 2010-02-22 19:10 188928 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\extensions\[email protected]\components\PlaySushiFF.dll
2010-02-22 19:10 . 2010-02-22 19:10 188928 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.dll
2010-02-22 06:44 . 2010-02-22 06:44 315392 ----a-w- c:\windows\HideWin.exe
2010-02-22 06:38 . 2010-02-22 06:38 318 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}\ARPPRODUCTICON.exe
2010-02-22 06:38 . 2010-02-22 06:38 25214 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}\_294823.exe
2010-02-22 06:29 . 2010-02-22 06:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-22 06:27 . 2010-02-22 06:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2009-10-19 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f92a9fe4-2850-4198-b9d5-279880e49b16}"= "c:\program files\Free_Ride_Games\tbFre1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
2010-03-24 23:58 2349080 ----a-w- c:\program files\Free_Ride_Games\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f92a9fe4-2850-4198-b9d5-279880e49b16}"= "c:\program files\Free_Ride_Games\tbFre1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F92A9FE4-2850-4198-B9D5-279880E49B16}"= "c:\program files\Free_Ride_Games\tbFre1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-03 321328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-22 1800464]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 188416]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-03-04 1750528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-10-19 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\aiSnieXwS.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=c:\windows\pss\Forget Me Not.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-11-12 09:49 361632 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 00:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 23:30 45632 ----a-w- c:\windows\system32\TaskSwitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2010-03-04 18:49 1750528 ------w- c:\program files\Free Ride Games\GPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-04-17 01:51 162584 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-04-17 01:51 142104 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-04-17 01:51 138008 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-26 20:27 16132608 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-11-12 09:48 5106904 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2/22/2010 3:40 PM 911680]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/22/2010 2:21 PM 134344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/22/2010 2:21 PM 25160]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [10/19/2009 1:29 AM 9472]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2/22/2010 3:40 PM 2480048]
S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [3/23/2010 9:42 AM 56352]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2/22/2010 3:40 PM 160288]
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\User_Feed_Synchronization-{EC317065-E849-4425-9590-F951F4D1890F}.job
- c:\windows\system32\msfeedssync.exe [2009-10-19 08:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zsld8m.default\extensions\[email protected]\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-COMODO livePCsupport - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-CaptainJack Casino - c:\program files\CaptainJack Casino\Install.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\mp3fhg.acm
c:\windows\system32\divxa32.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll
.
Completion time: 2010-05-05 17:04:23
ComboFix-quarantined-files.txt 2010-05-06 00:04

Pre-Run: 299,067,400,192 bytes free
Post-Run: 299,897,167,872 bytes free

- - End Of File - - C5B774F02E8D32EBA2360C42D5854BE3
  • 0

#10
Robyncr
Posted 05 May 2010 - 11:48 PM

Robyncr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok everything is fixed. I ran combofix again rebooted and everything was back in order. Thank you so much for all your help. It was greatly appreciated.
  • 0

#11
Essexboy
Posted 06 May 2010 - 12:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have a look at the second combofix log please as one of your files was corrupted and I need to see if that is still the case
  • 0

#12
Essexboy
Posted 09 May 2010 - 05:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP