[b]System Report[/b] ************* Run on Mon 04/27/2009 at 02:09 PM Microsoft Windows XP [Version 5.1.2600] Current user is an administrator [b]Running Processes[/b]: \SystemRoot\System32\smss.exe [152] \??\C:\WINDOWS\system32\csrss.exe [200] \??\C:\WINDOWS\system32\winlogon.exe [224] C:\WINDOWS\system32\services.exe [268] C:\WINDOWS\system32\lsass.exe [280] C:\WINDOWS\system32\svchost.exe [436] C:\WINDOWS\system32\svchost.exe [500] C:\WINDOWS\system32\svchost.exe [576] C:\WINDOWS\Explorer.EXE [860] C:\WINDOWS\system32\wbem\wmiprvse.exe [932] [b]Drivers - Running[/b]: ACPI atapi Beep Cdfs Cdrom Disk dmio dmload Fastfat Fdc Flpydisk FltMgr Ftdisk HDAudBus hidusb Imapi isapnp Kbdclass kbdhid KSecDD Mouclass mouhid MountMgr Msfs mssmbios Mup NDIS Npfs Ntfs Null nvata ohci1394 PartMgr PCI PCIIde rdpdr redbook sr swenum TermDD Update usbccgp usbehci usbhub usbohci VgaSave VolSnap [b]Drivers - Stopped[/b]: Abiosdsk abp480n5 ACPIEC adpu160m aec AFD Aha154x aic78u2 aic78xx AliIde amsint Arp1394 asc asc3350p asc3550 AsyncMac Atdisk Atmarpc audstub cbidf2k cd20xrnt Cdaudio Changer CmdIde Cpqarray dac960nt dmboot DMusic dpti2o drmkaud Fips gdrv Gpc hpn HTTP i2omgmt i2omp i8042prt ini910u IntcAzAudAddService IntelIde ip6fw IpFilterDriver IpInIp IpNat IPSec IRENUM kmixer lbrtfdc mfeapfk mfeavfk mfebopk mfehidk mferkdk mfetdik mnmdd Modem mraid35x MRxDAV MRxSmb MSKSSRV MSPCLOCK MSPQM NdisTapi Ndisuio NdisWan NDProxy NetBIOS NetBT NIC1394 nv NVENETFD nvnetbus NwlnkFlt NwlnkFwd Parport ParVdm PCIDump Pcmcia PDCOMP PDFRAME PDRELI PDRFRAME perc2 perc2hib PptpMiniport Processor PSched Ptilink ql1080 Ql10wnt ql12160 ql1240 ql1280 RasAcd Rasl2tp RasPppoe Raspti Rdbss RDPCDD RDPWD Secdrv serenum Serial Sfloppy Simbad Sparrow splitter Srv swmidi symc810 symc8xx sym_hi sym_u3 sysaudio Tcpip TDPIPE TDTCP TosIde Udfs ultra USBSTOR ViaIde vsdatant Wanarp WDICA wdmaud WS2IFSL WudfPf WudfRd [b]Services - Running[/b]: CryptSvc DcomLaunch dmserver Eventlog helpsvc PlugPlay RpcSs srservice winmgmt [b]Services - Stopped[/b]: Alerter ALG AppMgmt AudioSrv BITS Browser CiSvc ClipSrv COMSysApp Dhcp dmadmin Dnscache Dot3svc EapHost ERSvc EventSystem FastUserSwitchingCompatibility gusvc HidServ hkmsvc HTTPFilter ImapiService lanmanserver lanmanworkstation LmHosts McAfeeFramework McShield McTaskManager Messenger mnmsrvc MSDTC MSIServer napagent NetDDE NetDDEdsdm Netlogon Netman Nla NtLmSsp NtmsSvc NVSvc ose PolicyAgent ProtectedStorage RasAuto RasMan RDSessMgr RemoteAccess RemoteRegistry RpcLocator RSVP SamSs SCardSvr Schedule seclogon SENS SharedAccess ShellHWDetection Spooler SSDPSRV stisvc SwPrv SysmonLog TapiSrv TermService Themes TlntSvr TrkWks upnphost UPS VSS W32Time WebClient WmdmPmSN Wmi WmiApSrv WMPNetworkSvc wscsvc wuauserv WudfSvc WZCSVC xmlprov [b]Files Created/Modified - 60 Days[/b]: C:\ Apr 27 2009 2:07:44p 1,509,949,440 A.SH. "C:\pagefile.sys" C:\WINDOWS\ Apr 27 2009 2:07:48p 2,048 A.S.. "C:\WINDOWS\bootstat.dat" Apr 27 2009 12:32:20p 21,504 A.... "C:\WINDOWS\system32\ak1.exe" Mar 10 2009 8:34:04p 109,400 A.... "C:\WINDOWS\system32\FNTCACHE.DAT" Apr 26 2009 7:48:04p 12,288 A.... "C:\WINDOWS\system32\ftp_non_crp.exe" Apr 27 2009 1:09:54p 10,752 A.... "C:\WINDOWS\system32\iehelper.dll" Mar 21 2009 7:06:58a 989,696 A.... "C:\WINDOWS\system32\kernel32.dll" Apr 27 2009 1:40:16p 27,648 A.... "C:\WINDOWS\system32\lmppcsetup.exe" Apr 27 2009 12:30:16p 24,064 A.... "C:\WINDOWS\system32\loader266.exe" Apr 6 2009 7:57:24a 24,921,544 A.... "C:\WINDOWS\system32\MRT.exe" Mar 6 2009 7:22:18a 284,160 A.... "C:\WINDOWS\system32\pdh.dll" Apr 16 2009 8:06:14p 40,836 A.... "C:\WINDOWS\system32\perfc009.dat" Apr 16 2009 8:06:14p 314,508 A.... "C:\WINDOWS\system32\perfh009.dat" Apr 27 2009 12:30:24p 104,960 A.... "C:\WINDOWS\system32\userinit.exe" Mar 2 2009 5:18:26p 826,368 A.... "C:\WINDOWS\system32\wininet.dll" Apr 27 2009 2:07:06p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT" Apr 27 2009 12:32:30p 34,817 A.... "C:\WINDOWS\Temp\3789150224.exe" Apr 27 2009 12:32:52p 34,817 A.... "C:\WINDOWS\Temp\4070556474.exe" Apr 27 2009 12:32:20p 15,000 A.... "C:\WINDOWS\Temp\arag4qgfgdf.exe" Apr 27 2009 12:32:20p 15,001 ...H. "C:\WINDOWS\Temp\b1v8qpirn8.exe" Apr 27 2009 1:40:18p 24,064 A.... "C:\WINDOWS\Temp\msb.dll" Apr 27 2009 2:09:36p 7,625 A.... "C:\WINDOWS\Temp\scs4.tmp" Apr 27 2009 12:32:48p 160 A.... "C:\WINDOWS\Temp\sdglkj90gjgfmfgf.tmp" Apr 27 2009 12:32:30p 160 A.... "C:\WINDOWS\Temp\uhsf873ufnhdfi.tmp" Mar 6 2009 11:35:22a 616,448 A.SH. "C:\WINDOWS\Temp\v3nuu0gj.TMP" Apr 27 2009 12:33:24p 16,384 A.... "C:\WINDOWS\Temp\~DFDCBB.tmp" Feb 27 2009 9:54:42p 636,072 ..... "C:\WINDOWS\system32\dllcache\iexplore.exe" Mar 21 2009 7:06:58a 989,696 ..... "C:\WINDOWS\system32\dllcache\kernel32.dll" Mar 6 2009 7:22:18a 284,160 ..... "C:\WINDOWS\system32\dllcache\pdh.dll" Apr 27 2009 12:30:24p 104,960 A.... "C:\WINDOWS\system32\dllcache\userinit.exe" Mar 2 2009 5:18:26p 826,368 A.... "C:\WINDOWS\system32\dllcache\wininet.dll" Apr 27 2009 12:32:48p 0 A.... "C:\WINDOWS\Temp\Google Toolbar\gtbB.tmp" Apr 27 2009 12:32:56p 15,340 A.... "C:\WINDOWS\Temp\Google Toolbar\gtmC.tmp" Apr 2 2009 6:27:00a 88,590 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe" C:\Program Files\ Feb 27 2009 9:54:42p 636,072 A.... "C:\Program Files\Internet Explorer\iexplore.exe" Apr 27 2009 1:10:42p 8,802 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat" Apr 27 2009 1:10:20p 688,784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Apr 26 2009 5:38:02p 17,408 A.... "C:\Program Files\Common Files\Mozilla Shared\AccessibleMarshal.dll" Apr 26 2009 5:38:02p 307,712 A.... "C:\Program Files\Common Files\Mozilla Shared\firefox.exe" Apr 26 2009 5:38:02p 233,472 A.... "C:\Program Files\Common Files\Mozilla Shared\freebl3.dll" Apr 26 2009 5:38:02p 695,808 A.... "C:\Program Files\Common Files\Mozilla Shared\js3250.dll" Apr 26 2009 5:38:02p 710,144 A.... "C:\Program Files\Common Files\Mozilla Shared\mozcrt19.dll" Apr 26 2009 5:38:02p 198,144 A.... "C:\Program Files\Common Files\Mozilla Shared\nspr4.dll" Apr 26 2009 5:38:02p 697,856 A.... "C:\Program Files\Common Files\Mozilla Shared\nss3.dll" Apr 26 2009 5:38:02p 304,640 A.... "C:\Program Files\Common Files\Mozilla Shared\nssckbi.dll" Apr 26 2009 5:38:02p 103,936 A.... "C:\Program Files\Common Files\Mozilla Shared\nssdbm3.dll" Apr 26 2009 5:38:02p 87,552 A.... "C:\Program Files\Common Files\Mozilla Shared\nssutil3.dll" Apr 26 2009 5:38:02p 20,480 A.... "C:\Program Files\Common Files\Mozilla Shared\plc4.dll" Apr 26 2009 5:38:02p 17,408 A.... "C:\Program Files\Common Files\Mozilla Shared\plds4.dll" Apr 26 2009 5:38:02p 103,936 A.... "C:\Program Files\Common Files\Mozilla Shared\smime3.dll" Apr 26 2009 5:38:02p 151,552 A.... "C:\Program Files\Common Files\Mozilla Shared\softokn3.dll" Apr 26 2009 5:38:04p 414,208 A.... "C:\Program Files\Common Files\Mozilla Shared\sqlite3.dll" Apr 26 2009 5:38:04p 136,704 A.... "C:\Program Files\Common Files\Mozilla Shared\ssl3.dll" Apr 26 2009 5:38:04p 17,920 A.... "C:\Program Files\Common Files\Mozilla Shared\xpcom.dll" Apr 26 2009 5:38:04p 9,715,200 A.... "C:\Program Files\Common Files\Mozilla Shared\xul.dll" Mar 18 2009 6:50:10p 102,400 A.... "C:\Program Files\Yahoo!\Messenger\clientmanager.dll" Mar 18 2009 5:53:54p 789 A.... "C:\Program Files\Yahoo!\Messenger\default.reg" Mar 18 2009 5:55:42p 1,818 A.... "C:\Program Files\Yahoo!\Messenger\emote.dat" Mar 18 2009 6:50:26p 196,608 A.... "C:\Program Files\Yahoo!\Messenger\ft60.dll" Mar 18 2009 6:50:10p 671,744 A.... "C:\Program Files\Yahoo!\Messenger\GIPSVoiceEngineDLL_MD.dll" Mar 18 2009 6:50:12p 327,680 A.... "C:\Program Files\Yahoo!\Messenger\id3lib.dll" Mar 18 2009 5:55:42p 1,070 A.... "C:\Program Files\Yahoo!\Messenger\intl.reg" Mar 18 2009 6:50:26p 495,616 A.... "C:\Program Files\Yahoo!\Messenger\kdu_v32R.dll" Mar 18 2009 6:50:12p 118,784 A.... "C:\Program Files\Yahoo!\Messenger\libexpat.dll" Mar 18 2009 5:55:42p 944 A.... "C:\Program Files\Yahoo!\Messenger\nofriend.html" Mar 18 2009 6:50:12p 163,840 A.... "C:\Program Files\Yahoo!\Messenger\nspr4.dll" Mar 18 2009 5:53:42p 48,637 A.... "C:\Program Files\Yahoo!\Messenger\pcre.dll" Mar 18 2009 6:50:26p 692,224 A.... "C:\Program Files\Yahoo!\Messenger\PhotoShare.dll" Mar 18 2009 6:50:26p 1,339,392 A.... "C:\Program Files\Yahoo!\Messenger\res_msgr.dll" Mar 18 2009 6:50:14p 200,704 A.... "C:\Program Files\Yahoo!\Messenger\RGX.dll" Mar 18 2009 6:50:16p 552,960 A.... "C:\Program Files\Yahoo!\Messenger\rmc_audio.dll" Mar 18 2009 6:50:16p 192,512 A.... "C:\Program Files\Yahoo!\Messenger\StpWd.dll" Mar 18 2009 6:50:26p 253,952 A.... "C:\Program Files\Yahoo!\Messenger\yacscom.dll" Mar 18 2009 6:50:26p 299,008 A.... "C:\Program Files\Yahoo!\Messenger\yacsui.dll" Mar 18 2009 6:50:30p 4,363,504 A.... "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" Mar 18 2009 6:50:16p 184,320 A.... "C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll" Mar 18 2009 6:50:16p 1,056,768 A.... "C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll" Mar 18 2009 6:50:18p 761,856 A.... "C:\Program Files\Yahoo!\Messenger\YCPSSL.dll" Mar 18 2009 6:50:18p 286,720 A.... "C:\Program Files\Yahoo!\Messenger\YHTTP.dll" Mar 18 2009 6:50:26p 270,336 A.... "C:\Program Files\Yahoo!\Messenger\YImage.dll" Mar 18 2009 6:50:18p 19,968 A.... "C:\Program Files\Yahoo!\Messenger\YIniDom.dll" Mar 18 2009 6:50:18p 53,248 A.... "C:\Program Files\Yahoo!\Messenger\ylog.dll" Mar 18 2009 6:50:18p 176,128 A.... "C:\Program Files\Yahoo!\Messenger\ymdm_audio.dll" Mar 18 2009 6:50:26p 32,768 A.... "C:\Program Files\Yahoo!\Messenger\Yml.dll" Mar 18 2009 6:50:22p 3,428,352 A.... "C:\Program Files\Yahoo!\Messenger\ymsdk.dll" Mar 18 2009 6:50:26p 126,976 A.... "C:\Program Files\Yahoo!\Messenger\ymsgip.dll" Mar 18 2009 6:50:24p 1,449,984 A.... "C:\Program Files\Yahoo!\Messenger\ymsglite.dll" Mar 18 2009 6:50:30p 79,088 A.... "C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe" Mar 18 2009 6:50:30p 103,664 A.... "C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll" Mar 18 2009 6:50:26p 52,224 A.... "C:\Program Files\Yahoo!\Messenger\ypagerps1.DLL" Mar 18 2009 6:50:24p 475,136 A.... "C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll" Apr 27 2009 2:00:52p 1,299 A.... "C:\Program Files\Yahoo!\Messenger\ystats_A.dat" Mar 18 2009 6:50:26p 913,408 A.... "C:\Program Files\Yahoo!\Messenger\yui.dll" Mar 18 2009 6:50:26p 1,019,904 A.... "C:\Program Files\Yahoo!\Messenger\yvoiceui.dll" Mar 18 2009 6:50:26p 200,704 A.... "C:\Program Files\Yahoo!\Messenger\yv_res.dll" Mar 18 2009 6:50:26p 294,912 A.... "C:\Program Files\Yahoo!\Messenger\ywcupl.dll" Mar 18 2009 6:50:26p 221,184 A.... "C:\Program Files\Yahoo!\Messenger\ywcvwr.dll" Apr 26 2009 5:34:28p 2,546,861 A.... "C:\Program Files\Common Files\McAfee\Engine\avvclean.dat" Apr 26 2009 5:34:28p 1,086,213 A.... "C:\Program Files\Common Files\McAfee\Engine\avvnames.dat" Apr 26 2009 5:34:28p 67,304,085 A.... "C:\Program Files\Common Files\McAfee\Engine\avvscan.dat" Apr 26 2009 5:38:04p 23,040 A.... "C:\Program Files\Common Files\Mozilla Shared\components\browserdirprovider.dll" Apr 26 2009 5:38:06p 117 A.... "C:\Program Files\Common Files\Mozilla Shared\res\hiddenWindow.html" Apr 27 2009 12:32:56p 470,512 A.... "C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll" Apr 27 2009 12:32:56p 259,696 A.... "C:\Program Files\Google\Google Toolbar\Component\GoogleToolbar_8E9BEC20FA311ADE.dll" Apr 27 2009 12:32:58p 1,091,184 A.... "C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" Apr 27 2009 12:32:58p 2,963,056 A.... "C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_6D0D6FD66D664927.dll" Apr 27 2009 12:32:58p 280,176 A.... "C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_4E01D8E52F3A3A47.exe" Apr 27 2009 12:32:58p 182,768 A.... "C:\Program Files\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe" Apr 27 2009 12:32:58p 934,896 A.... "C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_4DE6AC39DE1AFE56.exe" Apr 27 2009 2:00:06p 0 A.... "C:\Program Files\Yahoo!\Messenger\cache\g7LltYy85iQQVgZ2xGUKnA--.ProfileMap.dat.tmp" Apr 25 2009 12:57:24p 2,531,085 A.... "C:\Program Files\Common Files\McAfee\Engine\OldEngine\avvclean.dat" Apr 25 2009 12:57:24p 1,085,549 A.... "C:\Program Files\Common Files\McAfee\Engine\OldEngine\avvnames.dat" Apr 25 2009 12:57:24p 67,184,661 A.... "C:\Program Files\Common Files\McAfee\Engine\OldEngine\avvscan.dat" Mar 18 2009 5:53:34p 61,127 A.... "C:\Program Files\Yahoo!\Messenger\Media\Etc\OfflineMessageViewer.html" [b]Files with hidden attributes[/b]: Mon 27 Apr 2009 24,064 A.SH. --- "C:\Documents and Settings\Administrator\protect.dll" Mon 27 Apr 2009 24,064 A.SH. --- "C:\Documents and Settings\LocalService\protect.dll" Mon 27 Apr 2009 24,064 A.SH. --- "C:\Documents and Settings\vaughn\protect.dll" Mon 27 Apr 2009 15,001 ...H. --- "C:\WINDOWS\Temp\b1v8qpirn8.exe" Mon 12 Jan 2009 616,448 A.SH. --- "C:\WINDOWS\Temp\ksa2tt6n.TMP" Fri 6 Mar 2009 616,448 A.SH. --- "C:\WINDOWS\Temp\v3nuu0gj.TMP" Fri 8 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 27 Apr 2009 24,064 A.SH. --- "C:\WINDOWS\system32\config\systemprofile\protect.dll" Mon 27 Apr 2009 24,064 A.SH. --- "C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll" Mon 27 Apr 2009 24,064 A.SH. --- "C:\Documents and Settings\vaughn\Start Menu\Programs\Startup\ChkDisk.dll" Mon 27 Apr 2009 24,064 A.SH. --- "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll" [b]Program Folders[/b]: C:\Program Files\ Adobe CCleaner Common Files ComPlus Applications Google InstallShield Installation Information Internet Explorer Java Malwarebytes' Anti-Malware McAfee Messenger Microsoft ActiveSync microsoft frontpage Microsoft Office Microsoft Silverlight Microsoft Visual Studio Movie Maker MSN MSN Gaming Zone MsnMusic NetMeeting OfficeUpdate11 Online Services Outlook Express QuickTime Realtek SUPERAntiSpyware Uninstall Information Windows Media Connect 2 Windows Media Player Windows NT WindowsUpdate xerox Yahoo! C:\Program Files\Common Files\ Adobe Ahead Cisco Systems DESIGNER InstallShield Java McAfee Microsoft Shared Mozilla Shared MSSoap ODBC Services SpeechEngines System [b]Add/Remove Programs[/b]: Adobe Flash Player 10 ActiveX CCleaner (remove only) Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 Windows Genuine Advantage Validation Tool (KB892130) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows XP (KB913433) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923561) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Internet Explorer 7 (KB928090) Hotfix for Windows Media Format 11 SDK (KB929399) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows Internet Explorer 7 (KB939653) Hotfix for Windows Media Player 11 (KB939683) Security Update for Windows XP (KB941569) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows XP (KB946648) Hotfix for Windows Internet Explorer 7 (KB947864) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Update for Windows XP (KB951072-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Update for Windows XP (KB951978) Security Update for Windows XP (KB952004) Security Update for Windows Media Player (KB952069) Hotfix for Windows XP (KB952287) Security Update for Windows XP (KB952954) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Update for Windows XP (KB955839) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Critical Update for Windows Media Player 11 (KB959772) Security Update for Windows XP (KB960225) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows XP (KB961373) Security Update for Windows Internet Explorer 7 (KB963027) Update for Windows XP (KB967715) Malwarebytes' Anti-Malware Microsoft Compression Client Pack 1.0 for Windows XP MSN Music Assistant Microsoft National Language Support Downlevel APIs NVIDIA Drivers Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Notifications (KB905474) Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 Yahoo! Toolbar Yahoo! Messenger Google Toolbar for Internet Explorer J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Java(TM) SE Runtime Environment 6 Update 1 Java(TM) 6 Update 2 Java(TM) 6 Update 3 McAfee VirusScan Enterprise Microsoft Visual C++ 2005 Redistributable Microsoft Silverlight Microsoft Office Professional Edition 2003 Adobe Reader 7.0.9 Realtek High Definition Audio Driver Google Chrome [b]Run Values[/b]: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "ShStatEXE"="\"C:\\Program Files\\McAfee\\VirusScan Enterprise\\SHSTAT.EXE\" /STANDALONE" "McAfeeUpdaterUI"="\"C:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1" "Messenger (Yahoo!)"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "Diagnostic Manager"="C:\\DOCUME~1\\vaughn\\LOCALS~1\\Temp\\3522307928.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Google Update"="\"C:\\Documents and Settings\\vaughn\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c" [b]Bot Check[/b]: SERVICE_NAME: wscsvc DISPLAY_NAME : Security Center START_TYPE : 2 AUTO_START SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatic Updates START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : System Restore Service START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoChangingWallpaper"=dword:00000000 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "TransportBindName"="\\Device\\" [b]ShellExecuteHooks[/b]: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [b]Environment[/b]: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem; windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP VSEDEFLOGDIR REG_SZ C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection DEFLOGDIR REG_SZ C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection SAFEBOOT_OPTION REG_SZ MINIMAL [b]SecurityProviders[/b]: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll [b]Authentication Packages[/b]: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 [b]Subsystem Startup[/b]: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" [b]Midi Drivers[/b]: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" [b]Non-Default IFEO Debugger[/b]: [b]Non-Default Installed Components[/b]: [b]Non-Default Safeboot Minimal[/b]: [b]File Associations[/b]: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\http\shell\open\command] @="\"C:\\Documents and Settings\\vaughn\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\"" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" [b]Finished![/b]