OTL logfile created on: 8/16/2009 6:01:41 PM - Run 2 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.80 Mb Total Physical Memory | 148.36 Mb Available Physical Memory | 29.10% Memory free 1.21 Gb Paging File | 0.73 Gb Available in Paging File | 60.04% Paging File free Paging file location(s): C:\pagefile.sys 763 763 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\winnt | %ProgramFiles% = C:\Program Files Drive C: | 76.33 Gb Total Space | 15.95 Gb Free Space | 20.90% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BREWSTER Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\winnt\System32\drivers\KodakCCS.exe (Eastman Kodak Company) PRC - C:\winnt\System32\NMSSvc.exe (Intel Corporation) PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.) PRC - C:\winnt\System32\ScsiAccess.EXE () PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\winnt\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.) PRC - C:\winnt\System32\igfxtray.exe (Intel Corporation) PRC - C:\winnt\System32\hkcmd.exe (Intel Corporation) PRC - C:\winnt\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company) PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe (Yahoo! Inc.) PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia) PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.) PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe (Raxco Software, Inc.) PRC - C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe (Raxco Software, Inc.) PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (helpsvc [Auto | Running]) -- C:\winnt\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (KodakCCS [Auto | Running]) -- C:\winnt\System32\drivers\KodakCCS.exe (Eastman Kodak Company) SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (NMSSvc [Auto | Running]) -- C:\winnt\System32\NMSSvc.exe (Intel Corporation) SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (PDAgent [Auto | Running]) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.) SRV - (PDEngine [On_Demand | Running]) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.) SRV - (ScsiAccess [Auto | Running]) -- C:\winnt\System32\ScsiAccess.EXE () SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (0059911250313276mcinstcleanup [Auto | Stopped]) -- C:\Documents and Settings\Owner\Local Settings\Temp\0059911250313276mcinst.exe (McAfee, Inc.) SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (ac97intc [On_Demand | Stopped]) -- C:\winnt\System32\drivers\ac97intc.sys (Intel Corporation) DRV - (BCMModem [On_Demand | Stopped]) -- C:\winnt\System32\DRIVERS\BCMDM.sys (BCM) DRV - (Cdr4_xp [System | Running]) -- C:\winnt\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (Cdralw2k [System | Running]) -- C:\winnt\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (cdudf_xp [System | Running]) -- C:\winnt\System32\drivers\cdudf_xp.sys (Roxio) DRV - (DcCam [System | Running]) -- C:\winnt\System32\DRIVERS\DcCam.sys (Eastman Kodak Company) DRV - (DcFpoint [On_Demand | Stopped]) -- C:\winnt\System32\DRIVERS\DcFpoint.sys (Eastman Kodak Company) DRV - (DCFS2K [Auto | Running]) -- C:\winnt\System32\drivers\dcfs2k.sys (Eastman Kodak Company) DRV - (DcLps [On_Demand | Stopped]) -- C:\winnt\System32\DRIVERS\DcLps.sys (Eastman Kodak Company) DRV - (DcPTP [On_Demand | Stopped]) -- C:\winnt\System32\DRIVERS\DcPTP.sys (Eastman Kodak Company) DRV - (DefragFS [Auto | Running]) -- C:\winnt\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (dvd_2K [On_Demand | Stopped]) -- C:\winnt\System32\drivers\Dvd_2k.sys (Roxio) DRV - (E100B [On_Demand | Running]) -- C:\winnt\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (Exportit [System | Stopped]) -- C:\winnt\System32\DRIVERS\exportit.sys (Eastman Kodak Company) DRV - (fasttrak [Boot | Running]) -- C:\winnt\System32\DRIVERS\fasttrak.sys (Promise Technology, Inc.) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\winnt\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (GTWModem [On_Demand | Stopped]) -- C:\winnt\System32\DRIVERS\GWMDM.sys (GTW) DRV - (ialm [On_Demand | Running]) -- C:\winnt\System32\DRIVERS\ialmnt5.sys (Intel Corporation) DRV - (mfeavfk [On_Demand | Running]) -- C:\winnt\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk [On_Demand | Running]) -- C:\winnt\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfehidk [System | Running]) -- C:\winnt\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mferkdk [On_Demand | Running]) -- C:\winnt\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfesmfk [On_Demand | Running]) -- C:\winnt\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mmc_2K [On_Demand | Running]) -- C:\winnt\System32\drivers\Mmc_2k.sys (Roxio) DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\winnt\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (nv [On_Demand | Stopped]) -- C:\winnt\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (PcdrNt [On_Demand | Stopped]) -- C:\winnt\System32\drivers\PcdrNt.sys (PC-Doctor Inc.) DRV - (PSI [On_Demand | Running]) -- C:\winnt\System32\DRIVERS\psi_mf.sys (Secunia) DRV - (Ptilink [On_Demand | Running]) -- C:\winnt\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (pwd_2k [System | Running]) -- C:\winnt\System32\drivers\pwd_2K.sys (Roxio) DRV - (PxHelp20 [Boot | Running]) -- C:\winnt\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (RioPNP [Auto | Running]) -- C:\winnt\System32\drivers\RioPnP.sys (RioPort.com) DRV - (Secdrv [Auto | Running]) -- C:\winnt\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (Sk99202k [On_Demand | Running]) -- C:\winnt\System32\DRIVERS\Sk99202k.sys (Silitek Corp.) DRV - (Sk9920nt [System | Running]) -- C:\winnt\System32\DRIVERS\Sk9920nt.sys (Silitek Corp.) DRV - (smwdm [On_Demand | Running]) -- C:\winnt\System32\drivers\smwdm.sys (Analog Devices, Inc.) DRV - (tmcomm [Auto | Running]) -- C:\winnt\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\winnt\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan) DRV - (UdfReadr_xp [System | Running]) -- C:\winnt\System32\drivers\udfreadr_xp.sys (Roxio) DRV - (ultra [Boot | Running]) -- C:\winnt\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\winnt\System32\drivers\ialmsbw.sys (Intel Corporation) DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\winnt\System32\drivers\ialmkchw.sys (Intel Corporation) DRV - (NMSCFG [On_Demand | Running]) -- C:\winnt\System32\drivers\NMSCFG.SYS (Intel Corporation) DRV - (MPFP [System | Running]) -- C:\winnt\System32\Drivers\Mpfp.sys (McAfee, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/28 08:00:14 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/15 08:49:07 | 00,000,000 | ---D | M] O1 HOSTS File: (683976 bytes) - C:\winnt\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar] O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net] O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] O1 - Hosts: 127.0.0.1 phpadsnew.abac.com O1 - Hosts: 127.0.0.1 a.abnad.net O1 - Hosts: 127.0.0.1 b.abnad.net O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] O1 - Hosts: 127.0.0.1 d.abnad.net O1 - Hosts: 127.0.0.1 e.abnad.net O1 - Hosts: 127.0.0.1 t.abnad.net O1 - Hosts: 127.0.0.1 banners.absolpublisher.com O1 - Hosts: 127.0.0.1 tracking.absolstats.com O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 gtb5.acecounter.com O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie] O1 - Hosts: 127.0.0.1 acestats.com O1 - Hosts: 127.0.0.1 www.acestats.com O1 - Hosts: 18174 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found. O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\Yiesrvc1.DLL (Yahoo! Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\winnt\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [HotKeysCmds] C:\winnt\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\winnt\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [PCDRealtime] C:\WINNT\realtime.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8 - Extra context menu item: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/03/31 20:07:42 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/03/31 20:07:42 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/03/31 20:07:42 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/03/31 20:07:42 | 00,000,000 | ---D | M] O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\Yiesrvc1.DLL (Yahoo! Inc.) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\winnt\bdoscandel.exe File not found O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\winnt\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: doubleclick.net ([ad] http in Trusted sites) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([download.windowsupdate] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([V4.Windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([V4.Windowsupdate] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([V5.Windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([V5.Windowsupdate] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([Windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: sbc.com ([yahoo] http in Trusted sites) O15 - HKCU\..Trusted Domains: yahoo.com ([att.my] http in Trusted sites) O15 - HKCU\..Trusted Domains: yahoo.com ([finance] http in Trusted sites) O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc825.mail] http in Trusted sites) O15 - HKCU\..Trusted Domains: Yieldmanager.com ([ad] http in Trusted sites) O15 - HKCU\..Trusted Domains: 514 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: Range10 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range100 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range101 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range102 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range103 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range104 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range105 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range106 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range107 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range108 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range109 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range11 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range110 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range111 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range112 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range113 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range114 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range115 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range116 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range12 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range13 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range14 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range15 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range16 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range17 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range18 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range19 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range20 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range21 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range22 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range23 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range24 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range25 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range26 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range27 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range28 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range29 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range3 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range30 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range31 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range32 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range33 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range34 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range35 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range36 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range38 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range39 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range4 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range40 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range41 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range42 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range43 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range44 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range45 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range46 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range47 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range48 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range49 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range5 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range50 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range51 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range52 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range53 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range54 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range55 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range56 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range57 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range58 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range59 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range6 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range60 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range61 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range62 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range63 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range64 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range65 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range66 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range67 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range68 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range69 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range7 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range70 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range71 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range72 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range73 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range74 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range75 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range76 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range77 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range78 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range79 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range8 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range80 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range81 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range82 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range83 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range84 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range85 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range86 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range87 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range88 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range89 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range9 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range90 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range91 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range92 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range93 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range94 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range95 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range96 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range97 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range98 ([*] in Local intranet) O15 - HKCU\..Trusted Ranges: Range99 ([*] in Local intranet) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189044338703 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221530192640 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\winnt\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\winnt\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (PDBoot.exe) - C:\winnt\System32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\winnt\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (SsiEfr.e) - File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: Wmi - C:\winnt\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\winnt\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) NetSvcs: uploadmgr - Service key not found. File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009/08/16 17:59:46 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/08/16 17:52:00 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ROOTREPEAL.EXE-01EC1452.pf.lnk [2009/08/16 17:11:05 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\System Restore.lnk [2009/08/15 01:19:21 | 00,004,565 | ---- | C] () -- C:\winnt\System32\Config.MPF [2009/08/15 01:18:59 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/08/15 01:18:33 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk [2009/08/15 01:14:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\winnt\System32\drivers\Mpfp.sys [2009/08/15 01:14:08 | 00,000,336 | ---- | C] () -- C:\winnt\tasks\McDefragTask.job [2009/08/15 01:14:06 | 00,000,318 | ---- | C] () -- C:\winnt\tasks\McQcTask.job [2009/08/15 01:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2009/08/15 01:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2009/08/15 01:12:56 | 00,000,000 | ---D | C] -- C:\winnt\LastGood [2009/08/15 00:50:29 | 00,000,330 | -H-- | C] () -- C:\winnt\tasks\MP Scheduled Scan.job [2009/08/14 23:59:30 | 00,000,000 | ---D | C] -- C:\winnt\BDOSCAN8 [2009/08/14 23:55:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative [2009/08/14 23:54:54 | 53,463,0400 | -HS- | C] () -- C:\hiberfil.sys [2009/08/14 22:20:35 | 00,000,530 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\att.lnk [2009/08/14 21:38:32 | 00,000,000 | ---D | C] -- C:\VundoFix Backups [2009/08/14 21:33:37 | 00,128,766 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_213331.reg [2009/08/14 21:23:58 | 00,010,105 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\hijack 08-14-09 [2009/08/14 06:25:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/08/14 06:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/08/14 06:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak [2009/08/13 22:53:50 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\winnt\System32\drivers\mfesmfk.sys [2009/08/13 22:53:50 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\winnt\System32\drivers\mfebopk.sys [2009/08/13 22:53:49 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\winnt\System32\drivers\mfeavfk.sys [2009/08/13 22:40:30 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\winnt\System32\drivers\mferkdk.sys [2009/08/12 14:46:48 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\winnt\System32\dllcache\dhtmled.ocx [2009/08/12 14:46:40 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\winnt\System32\dllcache\msoe.dll [2009/08/09 14:44:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth [2009/08/09 14:42:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender [2009/08/06 22:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\Carbonite [2009/08/06 22:23:33 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\winnt\System32\javacpl.cpl [2009/08/06 22:23:30 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\winnt\System32\javaws.exe [2009/08/06 22:23:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\winnt\System32\javaw.exe [2009/08/06 22:23:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\winnt\System32\java.exe [2009/08/05 20:10:58 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/08/05 05:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\winnt\System32\dllcache\mswebdvd.dll [2009/07/24 22:50:39 | 00,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk [2009/07/24 22:50:39 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner 4.lnk [2009/07/24 22:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner [2009/07/19 21:29:27 | 00,152,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Obama Health Care.doc [2008/05/27 21:20:36 | 00,000,000 | ---- | C] () -- C:\winnt\Unsetup.INI [2007/09/06 14:55:05 | 00,000,031 | -H-- | C] () -- C:\winnt\uccspecc.sys [2007/03/19 19:08:50 | 00,061,440 | ---- | C] () -- C:\winnt\System32\WipeAllCom.dll [2007/03/19 19:08:50 | 00,057,344 | ---- | C] () -- C:\winnt\FWWipeALL.dll [2007/03/18 10:37:53 | 00,251,420 | ---- | C] () -- C:\winnt\System32\FarLsp(2).dll [2006/10/13 12:30:10 | 00,668,976 | ---- | C] () -- C:\winnt\System32\OGACheckControl.DLL [2006/06/09 23:03:44 | 00,363,520 | ---- | C] () -- C:\winnt\System32\psisdecd.dll [2006/03/26 01:10:35 | 00,000,020 | ---- | C] () -- C:\winnt\MP3com103best.ini [2006/01/27 08:05:48 | 00,000,024 | ---- | C] () -- C:\winnt\wininit.ini [2006/01/27 08:05:37 | 00,000,002 | ---- | C] () -- C:\winnt\msoffice.ini [2005/11/18 22:51:31 | 00,001,167 | ---- | C] () -- C:\winnt\DigbysDonuts.ini [2005/11/17 23:56:32 | 00,684,032 | ---- | C] () -- C:\winnt\libeay32.dll [2005/11/17 23:56:32 | 00,155,648 | ---- | C] () -- C:\winnt\ssleay32.dll [2005/06/15 23:18:51 | 00,002,158 | ---- | C] () -- C:\winnt\System32\ssmute.ini [2004/11/04 07:18:15 | 00,000,045 | ---- | C] () -- C:\winnt\JBCEKMO.ini [2004/10/01 18:33:46 | 00,000,679 | ---- | C] () -- C:\winnt\TSC.ini [2004/09/08 17:31:50 | 00,071,749 | ---- | C] () -- C:\winnt\HCExtOutput.dll [2004/09/08 17:30:25 | 00,000,156 | ---- | C] () -- C:\winnt\GetServer.ini [2004/09/05 22:59:13 | 00,000,342 | ---- | C] () -- C:\winnt\QTW.INI [2004/09/05 22:55:30 | 00,000,000 | ---- | C] () -- C:\winnt\SETUP32.INI [2004/03/29 00:36:35 | 00,000,031 | ---- | C] () -- C:\winnt\HPWIN.INI [2003/08/02 14:08:28 | 00,139,776 | ---- | C] () -- C:\winnt\System32\ZipDll.dll [2003/07/15 15:32:30 | 00,122,368 | ---- | C] () -- C:\winnt\System32\UnzDll.dll [2003/04/22 02:33:23 | 00,000,094 | -H-- | C] () -- C:\winnt\System32\tbd_G1ssg.ini [2003/04/14 15:07:17 | 00,000,102 | ---- | C] () -- C:\winnt\clikbook.ini [2003/04/11 23:02:17 | 00,000,242 | ---- | C] () -- C:\winnt\qwimp.ini [2003/04/07 15:13:22 | 00,000,094 | -H-- | C] () -- C:\winnt\System32\wup_WBasw.ini [2003/03/28 03:18:53 | 00,000,000 | ---- | C] () -- C:\winnt\Route32.INI [2003/03/28 03:04:49 | 00,000,027 | ---- | C] () -- C:\winnt\BOXERJAM.INI [2003/03/24 12:03:18 | 00,000,724 | ---- | C] () -- C:\winnt\cdPlayer.ini [2003/03/21 02:25:35 | 00,000,245 | ---- | C] () -- C:\winnt\SIERRA.INI [2003/03/19 19:05:26 | 00,065,536 | ---- | C] () -- C:\winnt\System32\YCRWin32.dll [2003/03/13 21:05:20 | 00,000,061 | ---- | C] () -- C:\winnt\smscfg.ini [2003/03/13 20:54:11 | 00,028,672 | ---- | C] () -- C:\winnt\System32\CTPdeSrvps.dll [2003/03/13 20:52:01 | 00,000,370 | ---- | C] () -- C:\winnt\ODBC.INI [2003/03/13 20:49:04 | 00,000,788 | ---- | C] () -- C:\winnt\QUICKEN.INI [2003/03/13 20:49:04 | 00,000,396 | ---- | C] () -- C:\winnt\intuprof.ini [2003/03/13 20:47:59 | 00,069,632 | ---- | C] () -- C:\winnt\System32\PROInst.dll [2003/03/13 20:47:59 | 00,065,536 | ---- | C] () -- C:\winnt\System32\NMSInst.dll [2003/03/13 20:47:11 | 00,000,256 | ---- | C] () -- C:\winnt\System32\UPDATE.INI [2003/03/13 20:46:56 | 00,000,701 | ---- | C] () -- C:\winnt\System32\OEMINFO.INI [2003/01/09 10:04:29 | 00,000,770 | ---- | C] () -- C:\winnt\orun32.ini [2001/12/14 14:34:46 | 00,164,864 | ---- | C] () -- C:\winnt\patchw32.dll [2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\winnt\System32\KodakOneTouch.dll [1999/07/23 14:46:48 | 00,000,116 | ---- | C] () -- C:\winnt\AuHCcup1.ini [1999/07/23 11:53:20 | 00,129,536 | ---- | C] () -- C:\winnt\AuHCcup1.dll [1998/08/16 07:00:00 | 00,004,096 | ---- | C] () -- C:\winnt\System32\sysres.dll [1980/01/01 01:00:00 | 00,001,082 | ---- | C] () -- C:\winnt\win.ini [1980/01/01 01:00:00 | 00,000,284 | ---- | C] () -- C:\winnt\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009/08/16 17:59:52 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/08/16 17:52:00 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ROOTREPEAL.EXE-01EC1452.pf.lnk [2009/08/16 17:18:23 | 00,001,158 | ---- | M] () -- C:\winnt\System32\wpa.dbl [2009/08/16 17:11:05 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\System Restore.lnk [2009/08/16 09:00:00 | 00,000,386 | ---- | M] () -- C:\winnt\tasks\rpc.job [2009/08/16 08:29:22 | 00,004,565 | ---- | M] () -- C:\winnt\System32\Config.MPF [2009/08/15 01:29:15 | 04,849,690 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2009/08/15 01:18:59 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/08/15 01:18:33 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk [2009/08/15 01:14:08 | 00,000,336 | ---- | M] () -- C:\winnt\tasks\McDefragTask.job [2009/08/15 01:14:07 | 00,000,318 | ---- | M] () -- C:\winnt\tasks\McQcTask.job [2009/08/15 01:07:35 | 00,000,330 | -H-- | M] () -- C:\winnt\tasks\MP Scheduled Scan.job [2009/08/15 01:04:21 | 00,000,006 | -H-- | M] () -- C:\winnt\tasks\SA.DAT [2009/08/15 01:04:17 | 00,002,048 | --S- | M] () -- C:\winnt\bootstat.dat [2009/08/15 01:04:16 | 53,463,0400 | -HS- | M] () -- C:\hiberfil.sys [2009/08/14 22:20:35 | 00,000,530 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\att.lnk [2009/08/14 21:33:41 | 00,128,766 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_213331.reg [2009/08/14 21:23:58 | 00,010,105 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\hijack 08-14-09 [2009/08/09 22:00:00 | 00,000,384 | ---- | M] () -- C:\winnt\tasks\SmartDefrag.job [2009/08/05 20:10:58 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\mswebdvd.dll [2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\dllcache\mswebdvd.dll [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\winnt\System32\drivers\mbamswissarmy.sys [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\winnt\System32\drivers\mbam.sys [2009/08/03 09:24:06 | 00,000,284 | ---- | M] () -- C:\winnt\tasks\AppleSoftwareUpdate.job [2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\MRT.exe [2009/07/27 18:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\dllcache\dhtmled.ocx [2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\winnt\System32\javaws.exe [2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\winnt\System32\javaw.exe [2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\winnt\System32\java.exe [2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\winnt\System32\deploytk.dll [2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\winnt\System32\javacpl.cpl [2009/07/24 22:50:39 | 00,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk [2009/07/24 22:50:39 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner 4.lnk [2009/07/19 21:29:28 | 00,152,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Obama Health Care.doc [2009/07/19 21:27:58 | 00,084,056 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT [2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\ieframe.dll [2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\dllcache\ieframe.dll [2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\mshtml.dll [2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\winnt\System32\dllcache\mshtml.dll [2009/07/18 17:57:06 | 00,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 10.lnk [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\tmaptn.zip:SummaryInformation @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >