OTL logfile created on: 9/30/2009 12:47:22 AM - Run 1 OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\jairo\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.09 Mb Total Physical Memory | 513.08 Mb Available Physical Memory | 50.20% Memory free 2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.39% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.31 Gb Total Space | 127.43 Gb Free Space | 88.30% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D16D97B1 Current User Name: jairo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2005/08/04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2005/12/15 12:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe PRC - [2005/06/17 07:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe PRC - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe PRC - [2005/12/12 16:52:32 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2005/03/22 23:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2005/06/17 07:56:14 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe PRC - [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE PRC - [2006/06/26 20:16:51 | 00,169,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2006/06/26 20:16:51 | 00,554,496 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2005/05/15 02:04:12 | 00,332,800 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe PRC - [2006/06/26 20:16:51 | 00,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe PRC - [2009/09/15 11:42:42 | 01,998,576 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE PRC - [2009/09/30 00:06:01 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jairo\Desktop\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005/08/04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2005/12/15 12:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running]) SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running]) SRV - [2005/12/12 16:52:32 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService [Auto | Running]) SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/06/17 07:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running]) SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) SRV - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running]) SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running]) SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running]) SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped]) SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running]) SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running]) SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running]) SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [Disabled | Stopped]) SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped]) SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running]) SRV - [2004/11/19 11:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped]) SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2005/08/03 21:05:55 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/14 22:10:02 | 00,000,000 | ---D | M] O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/09/30 00:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/09/30 00:34:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009/09/30 00:07:24 | 00,000,000 | ---D | C] -- C:\_OTL [2009/09/30 00:06:17 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jairo\Desktop\OTL.exe [2009/09/30 00:02:16 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\NTREGOPT.lnk [2009/09/30 00:02:16 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\ERUNT.lnk [2009/09/30 00:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/09/29 22:26:04 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\RootRepeal.zip [2009/09/29 22:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\Desktop\SysProt [2009/09/29 22:12:51 | 00,354,396 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\SysProt.zip [2009/09/29 21:33:41 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009/09/29 21:33:40 | 00,000,000 | ---D | C] -- C:\rsit [2009/09/29 21:33:03 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\RSIT.exe [2009/09/29 07:17:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009/09/29 07:17:01 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/09/29 07:16:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/09/29 07:16:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\Application Data\SUPERAntiSpyware.com [2009/09/29 07:16:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/09/29 07:15:55 | 07,174,176 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\SUPERAntiSpyware.exe [2009/09/29 06:41:24 | 10,718,12608 | -HS- | C] () -- C:\hiberfil.sys [2009/09/28 22:21:13 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\jairo\Desktop\SysRestorePoint.exe [2009/09/28 22:16:27 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jairo\Desktop\TFC.exe [2009/09/28 22:15:38 | 00,518,241 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\Malware and Spyware Cleaning Guide.mht [2009/09/28 12:27:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/09/28 00:32:59 | 00,000,209 | ---- | C] () -- C:\Boot.bak [2009/09/28 00:32:57 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/09/28 00:32:55 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/09/28 00:31:30 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/09/28 00:31:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/09/28 00:31:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/09/28 00:31:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/09/28 00:31:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/09/28 00:31:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/09/28 00:31:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/09/28 00:31:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/09/28 00:31:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/09/28 00:30:05 | 03,321,507 | R--- | C] () -- C:\Documents and Settings\jairo\Desktop\Combo-Fix.exe [2009/09/28 00:28:09 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/09/27 22:09:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\Application Data\Malwarebytes [2009/09/27 22:09:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/27 22:09:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/27 22:09:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/27 22:09:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/09/27 22:09:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/09/27 17:20:56 | 00,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe [2009/09/27 17:01:29 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\jairo\Local Settings\Application Data\housecall.guid.cache [2009/09/20 23:58:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\Application Data\PlayFirst [2009/09/20 23:58:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2009/09/20 18:05:28 | 00,000,860 | ---- | C] () -- C:\Documents and Settings\jairo\Desktop\Passport to Perfume.lnk [2009/09/19 13:31:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/09/19 13:08:14 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2009/09/19 12:54:28 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/09/18 23:16:38 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\jairo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/18 22:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\Application Data\Sonic [2009/09/18 22:02:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\Application Data\Leadertech [2009/09/18 21:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\Local Settings\Application Data\WMTools Downloaded Files [2009/09/18 21:28:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\jairo\My Documents\My DVDs [2009/09/17 07:10:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jairo\My Documents\Ivan's folder [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2009/09/30 00:39:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/30 00:21:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/30 00:21:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/09/30 00:21:24 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys [2009/09/30 00:07:56 | 00,013,509 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/09/30 00:06:01 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jairo\Desktop\OTL.exe [2009/09/30 00:02:16 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\NTREGOPT.lnk [2009/09/30 00:02:16 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\ERUNT.lnk [2009/09/29 23:46:07 | 04,307,716 | -H-- | M] () -- C:\Documents and Settings\jairo\Local Settings\Application Data\IconCache.db [2009/09/29 22:26:05 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\RootRepeal.zip [2009/09/29 22:12:51 | 00,354,396 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\SysProt.zip [2009/09/29 21:33:05 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\RSIT.exe [2009/09/29 07:17:01 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/09/29 07:16:03 | 07,174,176 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\SUPERAntiSpyware.exe [2009/09/28 22:21:09 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\jairo\Desktop\SysRestorePoint.exe [2009/09/28 22:16:28 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jairo\Desktop\TFC.exe [2009/09/28 22:15:42 | 00,518,241 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\Malware and Spyware Cleaning Guide.mht [2009/09/28 07:09:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/09/28 07:04:24 | 03,321,507 | R--- | M] () -- C:\Documents and Settings\jairo\Desktop\Combo-Fix.exe [2009/09/28 00:42:08 | 00,000,027 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/09/28 00:33:00 | 00,000,279 | RHS- | M] () -- C:\boot.ini [2009/09/27 23:23:22 | 00,001,394 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\Media Center.lnk [2009/09/27 22:09:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/27 17:20:56 | 00,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe [2009/09/27 17:01:29 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\jairo\Local Settings\Application Data\housecall.guid.cache [2009/09/20 18:05:28 | 00,001,570 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\Shockwave Games.lnk [2009/09/20 18:05:28 | 00,000,860 | ---- | M] () -- C:\Documents and Settings\jairo\Desktop\Passport to Perfume.lnk [2009/09/20 16:53:34 | 00,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/09/20 16:53:31 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\E00935E2B2.sys [2009/09/19 21:47:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/09/19 13:08:14 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2009/09/18 23:16:38 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\jairo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/18 21:27:32 | 00,000,128 | ---- | M] () -- C:\Documents and Settings\jairo\Local Settings\Application Data\fusioncache.dat [color=#E56717]========== LOP Check ==========[/color] [2009/09/30 00:39:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/08/31 20:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/08/25 15:18:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2005/08/16 20:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2009/09/20 23:58:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2009/09/27 23:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/06/26 20:10:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/09/29 07:16:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\jairo\Application Data [2009/08/18 22:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jairo\Application Data\Corel Photo Album [2009/09/18 22:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jairo\Application Data\Leadertech [2009/08/24 22:46:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jairo\Application Data\My Games [2009/08/23 23:02:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jairo\Application Data\Peace Craft [2009/09/20 23:58:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jairo\Application Data\PlayFirst [2009/09/19 21:47:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/08/14 00:23:45 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/08/14 00:23:44 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/09/30 00:21:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CFF127A @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BB21850 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA5938AB < End of report >