OTL logfile created on: 7/13/2010 8:31:54 PM - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 60.00 Gb Total Space | 22.74 Gb Free Space | 37.89% Space Free | Partition Type: NTFS Drive D: | 45.78 Gb Total Space | 41.71 Gb Free Space | 91.11% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 74.52 Gb Total Space | 46.11 Gb Free Space | 61.88% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: CHICAGO Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Ycrsi) PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (KodakCCS) -- File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe () SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (ntcdrdrv) -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys File not found DRV - (EL90XBC) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys File not found DRV - (BVRPMPR5) -- E:\INSTAL~E\Core\BVRPMPR5.SYS File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (ExterminateIt) -- C:\WINDOWS\system32\drivers\extit.sys (Curiolab) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows (R) 2000 DDK provider) DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows (R) 2000/XP) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CEUSBAUD) -- C:\WINDOWS\system32\drivers\ceusbaud.sys (CEntrance, Inc.) DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/03 08:18:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/25 15:31:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{AA334B2E-9374-4907-ABC9-79883DF254B7}: C:\Documents and Settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7} [2010/07/13 15:54:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 10:32:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 08:18:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/08 10:32:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/13 17:30:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/06/15 14:04:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/03 08:18:49 | 000,000,000 | ---D | M] [2010/07/13 20:23:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/07/18 13:03:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/13 20:23:15 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} [2010/05/03 08:18:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/02/04 18:01:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com [2009/07/18 13:03:11 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/07/18 13:03:11 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/05/03 08:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/12/28 16:59:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009/07/18 13:03:13 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/02 08:30:43 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/04/12 11:06:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/04/12 11:06:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/05/02 13:45:10 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/05/02 13:45:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/05/02 13:45:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/05/02 13:45:10 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/05/02 13:45:10 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/05/02 13:45:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: ([2009/03/16 10:08:10 | 000,302,870 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 applian.securesites.com O1 - Hosts: 127.0.0.1 applianorders.securesites.net O1 - Hosts: O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 10439 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Jlayatiqefame] C:\WINDOWS\evuzoxufapifov.DLL (Sonic Solutions) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Ycrsi) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\HMIPCore.dll () O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189437374203 (WUWebControl Class) O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} http://d.64.69.14.130.downloads.estara.com./as/OneCCDM.php?template=107051&sessionid=1987669332_24.12.62.168_1688&=&req=1239382563346OneCC.cab (OneCCCtl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-e7b7773c968662cc.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_01) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools-events.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 0.0.0.0 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/07/13 20:26:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/07/13 20:23:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Application Data\SystemProc [2010/07/13 17:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2010/07/13 17:50:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2010/07/13 17:50:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2010/07/13 17:50:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2010/07/13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2010/07/13 17:50:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2010/07/13 17:50:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010} [2010/07/13 17:11:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/13 17:11:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/13 17:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware [2010/07/13 16:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/13 16:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/24 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire [2010/06/24 12:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/24 12:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/24 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/24 12:07:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2008/07/26 10:21:19 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/07/13 20:29:16 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/07/13 20:26:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/07/13 20:23:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/13 20:19:20 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/13 20:19:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [2010/07/13 20:06:11 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile [2010/07/13 20:06:00 | 000,198,212 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/07/13 20:05:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/13 20:04:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/07/13 17:11:57 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 17:08:53 | 000,002,832 | ---- | M] () -- C:\WINDOWS\umorabul.dll [2010/07/13 16:33:52 | 000,002,832 | ---- | M] () -- C:\WINDOWS\ixudokaw.dll [2010/07/13 16:23:50 | 000,002,832 | ---- | M] () -- C:\WINDOWS\amatepin.dll [2010/07/13 16:10:55 | 000,002,832 | ---- | M] () -- C:\WINDOWS\exudokawasaxov.dll [2010/07/13 15:54:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qdecoxuxu.dat [2010/07/13 15:54:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ujoxazadahigusu.bin [2010/07/11 14:51:39 | 000,001,052 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2010/07/10 16:00:33 | 000,000,641 | ---- | M] () -- C:\WINDOWS\win.ini [2010/07/10 16:00:33 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/10 13:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/07/07 08:49:18 | 000,000,029 | ---- | M] () -- C:\WINDOWS\coolacm.ini [2010/06/24 12:19:51 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/06/24 12:01:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/06/22 16:46:41 | 000,490,838 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/22 16:46:41 | 000,434,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/22 16:46:41 | 000,068,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/15 16:25:51 | 000,122,563 | ---- | M] () -- C:\logfile [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/07/13 17:51:02 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Mail & Newsgroups.lnk [2010/07/13 17:51:02 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape 7.0.lnk [2010/07/13 17:51:02 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/07/13 17:51:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/07/13 17:51:01 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/07/13 17:51:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2010/07/13 17:50:56 | 000,286,720 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG [2010/07/13 17:50:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/07/13 17:50:55 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/07/13 17:11:57 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 17:08:53 | 000,002,832 | ---- | C] () -- C:\WINDOWS\umorabul.dll [2010/07/13 16:33:51 | 000,002,832 | ---- | C] () -- C:\WINDOWS\ixudokaw.dll [2010/07/13 16:23:50 | 000,002,832 | ---- | C] () -- C:\WINDOWS\amatepin.dll [2010/07/13 16:10:55 | 000,002,832 | ---- | C] () -- C:\WINDOWS\exudokawasaxov.dll [2010/07/13 16:05:38 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/13 15:54:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qdecoxuxu.dat [2010/07/13 15:54:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ujoxazadahigusu.bin [2010/06/24 12:19:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/05/11 17:01:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini [2009/12/07 09:12:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HMIPCore.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/10/21 13:30:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2009/10/21 13:30:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009/10/21 13:30:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI [2009/08/06 08:36:08 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/08/06 08:36:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/08/06 08:36:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/08/06 08:36:06 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/08/06 08:36:06 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/08/06 08:36:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/08/06 08:36:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/07/25 11:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVDConverter.INI [2009/07/25 11:12:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009/06/11 10:54:22 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll [2009/06/11 10:54:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\hasp_windows.dll [2009/04/10 06:21:27 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2008/11/18 18:29:15 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008/07/26 10:21:20 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2008/05/05 17:27:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\free-watereffect.ini [2008/05/05 17:03:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/05/01 07:25:21 | 000,000,077 | ---- | C] () -- C:\WINDOWS\PasswordTools.INI [2007/12/23 10:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2007/12/23 10:48:48 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/09/10 11:34:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/09/10 11:33:18 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2007/09/10 11:33:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini [2007/09/10 10:15:34 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini [2007/09/10 10:08:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/09/10 10:05:58 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\Px.ini [2007/09/10 09:13:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2006/12/19 07:15:20 | 000,087,403 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2006/12/12 10:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2006/11/30 08:01:26 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/10/22 12:22:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 12:22:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/09/27 16:47:40 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005/06/07 21:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2003/12/02 15:44:25 | 000,001,052 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/12/02 15:41:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2003/12/02 15:40:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL [2003/12/02 15:39:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll [2003/12/02 15:01:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/12/01 20:53:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/12/01 20:39:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/12/01 19:29:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2003/12/01 19:29:08 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2003/12/01 19:28:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2003/12/01 19:28:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll [2003/12/01 19:28:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/12/01 19:28:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll [2003/12/01 19:28:40 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll [color=#E56717]========== LOP Check ==========[/color] [2010/07/13 20:23:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Application Data\SystemProc [2008/01/10 17:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2008/07/31 23:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast [2009/01/26 15:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2007/09/17 11:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz [2009/04/20 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2010/04/20 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company [2008/03/04 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2009/06/11 10:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grass Valley [2008/11/18 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software [2010/04/20 08:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak [2009/10/21 13:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software [2009/10/21 14:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/07/26 10:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/12/25 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TC-Helicon [2010/04/21 15:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/21 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/05/29 15:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft [2010/04/04 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/10 14:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/18 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/02/01 13:00:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/06/15 16:25:51 | 000,122,563 | ---- | M] () -- C:\logfile [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/07/26 10:36:40 | 000,001,148 | ---- | M] () -- C:\net_save.dna [2008/02/01 12:56:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/05/07 11:53:45 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/07/13 20:18:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010/07/13 16:44:48 | 000,000,268 | ---- | M] () -- C:\rkill.log [2007/09/12 13:33:41 | 000,000,700 | ---- | M] () -- C:\wsr.txt [4 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2010/05/03 08:18:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\deployJava1.dll [2010/05/04 12:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtmsft.dll [2010/05/04 12:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtrans.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2008/02/01 04:55:14 | 001,572,864 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008/02/01 10:46:49 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2008/02/01 04:55:14 | 026,738,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008/02/01 04:55:14 | 008,126,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color] [2009/08/03 09:33:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B < End of report > [2010/07/13 20:29:16 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/07/13 20:26:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/07/13 20:19:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [2010/07/13 20:06:11 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile [2010/07/13 20:05:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/13 20:04:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/07/13 17:11:57 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 17:08:53 | 000,002,832 | ---- | M] () -- C:\WINDOWS\umorabul.dll [2010/07/13 16:33:52 | 000,002,832 | ---- | M] () -- C:\WINDOWS\ixudokaw.dll [2010/07/13 16:23:50 | 000,002,832 | ---- | M] () -- C:\WINDOWS\amatepin.dll [2010/07/13 16:10:55 | 000,002,832 | ---- | M] () -- C:\WINDOWS\exudokawasaxov.dll [2010/07/13 15:54:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qdecoxuxu.dat [2010/07/13 15:54:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ujoxazadahigusu.bin [2010/07/11 14:51:39 | 000,001,052 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2010/07/10 16:00:33 | 000,000,641 | ---- | M] () -- C:\WINDOWS\win.ini [2010/07/10 16:00:33 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/10 13:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/07/07 08:49:18 | 000,000,029 | ---- | M] () -- C:\WINDOWS\coolacm.ini [2010/06/24 12:19:51 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/06/24 12:01:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== LOP Check ==========[/color] [2010/07/13 20:23:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Application Data\SystemProc [2008/01/10 17:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2008/07/31 23:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast [2009/01/26 15:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2007/09/17 11:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz [2009/04/20 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2010/04/20 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company [2008/03/04 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2009/06/11 10:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grass Valley [2008/11/18 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software [2010/04/20 08:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak [2009/10/21 13:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software [2009/10/21 14:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/07/26 10:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/12/25 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TC-Helicon [2010/04/21 15:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/21 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/05/29 15:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft [2010/04/04 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/10 14:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/18 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/02/01 13:00:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/06/15 16:25:51 | 000,122,563 | ---- | M] () -- C:\logfile [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/07/26 10:36:40 | 000,001,148 | ---- | M] () -- C:\net_save.dna [2008/02/01 12:56:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/05/07 11:53:45 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/07/13 20:18:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010/07/13 16:44:48 | 000,000,268 | ---- | M] () -- C:\rkill.log [2007/09/12 13:33:41 | 000,000,700 | ---- | M] () -- C:\wsr.txt [4 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2010/05/03 08:18:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\deployJava1.dll [2010/05/04 12:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtmsft.dll [2010/05/04 12:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtrans.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2008/02/01 04:55:14 | 001,572,864 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008/02/01 10:46:49 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2008/02/01 04:55:14 | 026,738,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008/02/01 04:55:14 | 008,126,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color] [2009/08/03 09:33:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B < End of report > SRV - (KodakCCS) -- File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe () SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (ntcdrdrv) -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys File not found DRV - (EL90XBC) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys File not found DRV - (BVRPMPR5) -- E:\INSTAL~E\Core\BVRPMPR5.SYS File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (ExterminateIt) -- C:\WINDOWS\system32\drivers\extit.sys (Curiolab) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows (R) 2000 DDK provider) DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows (R) 2000/XP) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CEUSBAUD) -- C:\WINDOWS\system32\drivers\ceusbaud.sys (CEntrance, Inc.) DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/03 08:18:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/25 15:31:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{AA334B2E-9374-4907-ABC9-79883DF254B7}: C:\Documents and Settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7} [2010/07/13 15:54:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 10:32:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 08:18:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/08 10:32:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/13 17:30:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/06/15 14:04:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/03 08:18:49 | 000,000,000 | ---D | M] [2010/07/13 20:23:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/07/18 13:03:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/13 20:23:15 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} [2010/05/03 08:18:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/02/04 18:01:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com [2009/07/18 13:03:11 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/07/18 13:03:11 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/05/03 08:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/12/28 16:59:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009/07/18 13:03:13 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/02 08:30:43 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/04/12 11:06:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/04/12 11:06:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/05/02 13:45:10 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/05/02 13:45:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/05/02 13:45:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/05/02 13:45:10 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/05/02 13:45:10 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/05/02 13:45:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: ([2009/03/16 10:08:10 | 000,302,870 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 applian.securesites.com O1 - Hosts: 127.0.0.1 applianorders.securesites.net O1 - Hosts: O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 10439 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Jlayatiqefame] C:\WINDOWS\evuzoxufapifov.DLL (Sonic Solutions) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Ycrsi) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\HMIPCore.dll () O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189437374203 (WUWebControl Class) O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} http://d.64.69.14.130.downloads.estara.com./as/OneCCDM.php?template=107051&sessionid=1987669332_24.12.62.168_1688&=&req=1239382563346OneCC.cab (OneCCCtl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-e7b7773c968662cc.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_01) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools-events.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 0.0.0.0 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/07/13 20:26:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/07/13 20:23:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Application Data\SystemProc [2010/07/13 17:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2010/07/13 17:50:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2010/07/13 17:50:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2010/07/13 17:50:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2010/07/13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2010/07/13 17:50:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2010/07/13 17:50:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010} [2010/07/13 17:11:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/13 17:11:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/13 17:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware [2010/07/13 16:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/13 16:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/24 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire [2010/06/24 12:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/24 12:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/24 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/24 12:07:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2008/07/26 10:21:19 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/07/13 20:34:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\n3swkre6.exe [2010/07/13 20:29:16 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/07/13 20:26:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/07/13 20:23:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/13 20:19:20 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/13 20:19:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [2010/07/13 20:06:11 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile [2010/07/13 20:06:00 | 000,198,212 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/07/13 20:05:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/13 20:04:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/07/13 17:11:57 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 17:08:53 | 000,002,832 | ---- | M] () -- C:\WINDOWS\umorabul.dll [2010/07/13 16:33:52 | 000,002,832 | ---- | M] () -- C:\WINDOWS\ixudokaw.dll [2010/07/13 16:23:50 | 000,002,832 | ---- | M] () -- C:\WINDOWS\amatepin.dll [2010/07/13 16:10:55 | 000,002,832 | ---- | M] () -- C:\WINDOWS\exudokawasaxov.dll [2010/07/13 15:54:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qdecoxuxu.dat [2010/07/13 15:54:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ujoxazadahigusu.bin [2010/07/11 14:51:39 | 000,001,052 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2010/07/10 16:00:33 | 000,000,641 | ---- | M] () -- C:\WINDOWS\win.ini [2010/07/10 16:00:33 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/10 13:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/07/07 08:49:18 | 000,000,029 | ---- | M] () -- C:\WINDOWS\coolacm.ini [2010/06/24 12:19:51 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/06/24 12:01:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/06/22 16:46:41 | 000,490,838 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/22 16:46:41 | 000,434,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/22 16:46:41 | 000,068,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/15 16:25:51 | 000,122,563 | ---- | M] () -- C:\logfile [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/07/13 20:34:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\n3swkre6.exe [2010/07/13 17:51:02 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Mail & Newsgroups.lnk [2010/07/13 17:51:02 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape 7.0.lnk [2010/07/13 17:51:02 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/07/13 17:51:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/07/13 17:51:01 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/07/13 17:51:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2010/07/13 17:50:56 | 000,286,720 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG [2010/07/13 17:50:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/07/13 17:50:55 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/07/13 17:11:57 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 17:08:53 | 000,002,832 | ---- | C] () -- C:\WINDOWS\umorabul.dll [2010/07/13 16:33:51 | 000,002,832 | ---- | C] () -- C:\WINDOWS\ixudokaw.dll [2010/07/13 16:23:50 | 000,002,832 | ---- | C] () -- C:\WINDOWS\amatepin.dll [2010/07/13 16:10:55 | 000,002,832 | ---- | C] () -- C:\WINDOWS\exudokawasaxov.dll [2010/07/13 16:05:38 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/13 15:54:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qdecoxuxu.dat [2010/07/13 15:54:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ujoxazadahigusu.bin [2010/06/24 12:19:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/05/11 17:01:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini [2009/12/07 09:12:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HMIPCore.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/10/21 13:30:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2009/10/21 13:30:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009/10/21 13:30:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI [2009/08/06 08:36:08 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/08/06 08:36:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/08/06 08:36:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/08/06 08:36:06 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/08/06 08:36:06 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/08/06 08:36:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/08/06 08:36:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/07/25 11:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVDConverter.INI [2009/07/25 11:12:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009/06/11 10:54:22 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll [2009/06/11 10:54:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\hasp_windows.dll [2009/04/10 06:21:27 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2008/11/18 18:29:15 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008/07/26 10:21:20 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2008/05/05 17:27:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\free-watereffect.ini [2008/05/05 17:03:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/05/01 07:25:21 | 000,000,077 | ---- | C] () -- C:\WINDOWS\PasswordTools.INI [2007/12/23 10:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2007/12/23 10:48:48 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/09/10 11:34:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/09/10 11:33:18 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2007/09/10 11:33:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini [2007/09/10 10:15:34 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini [2007/09/10 10:08:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/09/10 10:05:58 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\Px.ini [2007/09/10 09:13:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2006/12/19 07:15:20 | 000,087,403 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2006/12/12 10:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2006/11/30 08:01:26 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/10/22 12:22:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 12:22:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/09/27 16:47:40 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005/06/07 21:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2003/12/02 15:44:25 | 000,001,052 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/12/02 15:41:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2003/12/02 15:40:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL [2003/12/02 15:39:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll [2003/12/02 15:01:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/12/01 20:53:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/12/01 20:39:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/12/01 19:29:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2003/12/01 19:29:08 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2003/12/01 19:28:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2003/12/01 19:28:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll [2003/12/01 19:28:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/12/01 19:28:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll [2003/12/01 19:28:40 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll [color=#E56717]========== LOP Check ==========[/color] [2010/07/13 20:23:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Application Data\SystemProc [2008/01/10 17:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2008/07/31 23:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast [2009/01/26 15:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2007/09/17 11:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz [2009/04/20 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2010/04/20 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company [2008/03/04 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2009/06/11 10:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grass Valley [2008/11/18 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software [2010/04/20 08:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak [2009/10/21 13:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software [2009/10/21 14:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/07/26 10:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/12/25 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TC-Helicon [2010/04/21 15:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/21 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/05/29 15:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft [2010/04/04 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/10 14:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/18 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/02/01 13:00:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/06/15 16:25:51 | 000,122,563 | ---- | M] () -- C:\logfile [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/07/26 10:36:40 | 000,001,148 | ---- | M] () -- C:\net_save.dna [2008/02/01 12:56:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/05/07 11:53:45 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/07/13 20:18:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010/07/13 16:44:48 | 000,000,268 | ---- | M] () -- C:\rkill.log [2007/09/12 13:33:41 | 000,000,700 | ---- | M] () -- C:\wsr.txt [4 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2010/05/03 08:18:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\deployJava1.dll [2010/05/04 12:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtmsft.dll [2010/05/04 12:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtrans.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2008/02/01 04:55:14 | 001,572,864 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008/02/01 10:46:49 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2008/02/01 04:55:14 | 026,738,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008/02/01 04:55:14 | 008,126,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color] [2009/08/03 09:33:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B < End of report > [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Administrator\Desktop\n3swkre6.exe () PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Ycrsi) PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (KodakCCS) -- File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe () SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (ntcdrdrv) -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys File not found DRV - (EL90XBC) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys File not found DRV - (BVRPMPR5) -- E:\INSTAL~E\Core\BVRPMPR5.SYS File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (ExterminateIt) -- C:\WINDOWS\system32\drivers\extit.sys (Curiolab) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows (R) 2000 DDK provider) DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows (R) 2000/XP) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CEUSBAUD) -- C:\WINDOWS\system32\drivers\ceusbaud.sys (CEntrance, Inc.) DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/03 08:18:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/25 15:31:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{AA334B2E-9374-4907-ABC9-79883DF254B7}: C:\Documents and Settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7} [2010/07/13 15:54:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 10:32:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 08:18:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/08 10:32:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/13 17:30:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/06/15 14:04:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/03 08:18:49 | 000,000,000 | ---D | M] [2010/07/13 20:23:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/07/18 13:03:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/13 20:23:15 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} [2010/05/03 08:18:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/02/04 18:01:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com [2009/07/18 13:03:11 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/07/18 13:03:11 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/05/03 08:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/12/28 16:59:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009/07/18 13:03:13 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/02 08:30:43 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/04/12 11:06:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/04/12 11:06:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/04/12 11:06:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/05/02 13:45:10 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/05/02 13:45:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/05/02 13:45:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/05/02 13:45:10 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/05/02 13:45:10 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/05/02 13:45:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: ([2009/03/16 10:08:10 | 000,302,870 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 applian.securesites.com O1 - Hosts: 127.0.0.1 applianorders.securesites.net O1 - Hosts: O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 10439 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Jlayatiqefame] C:\WINDOWS\evuzoxufapifov.DLL (Sonic Solutions) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Ycrsi) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\HMIPCore.dll () O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189437374203 (WUWebControl Class) O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} http://d.64.69.14.130.downloads.estara.com./as/OneCCDM.php?template=107051&sessionid=1987669332_24.12.62.168_1688&=&req=1239382563346OneCC.cab (OneCCCtl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-e7b7773c968662cc.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_01) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools-events.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 0.0.0.0 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/07/13 20:26:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/07/13 20:23:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Application Data\SystemProc [2010/07/13 17:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2010/07/13 17:50:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2010/07/13 17:50:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2010/07/13 17:50:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2010/07/13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2010/07/13 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2010/07/13 17:50:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2010/07/13 17:50:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music [2010/07/13 17:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2010/07/13 17:50:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2010/07/13 17:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010} [2010/07/13 17:11:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/13 17:11:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/13 17:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware [2010/07/13 16:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/13 16:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/24 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire [2010/06/24 12:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/24 12:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/24 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/24 12:07:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2008/07/26 10:21:19 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/07/13 20:34:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\n3swkre6.exe [2010/07/13 20:29:16 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/07/13 20:26:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/07/13 20:23:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/13 20:19:20 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/13 20:19:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [2010/07/13 20:06:11 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile [2010/07/13 20:06:00 | 000,198,212 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/07/13 20:05:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/13 20:04:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/07/13 17:11:57 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 17:08:53 | 000,002,832 | ---- | M] () -- C:\WINDOWS\umorabul.dll [2010/07/13 16:33:52 | 000,002,832 | ---- | M] () -- C:\WINDOWS\ixudokaw.dll [2010/07/13 16:23:50 | 000,002,832 | ---- | M] () -- C:\WINDOWS\amatepin.dll [2010/07/13 16:10:55 | 000,002,832 | ---- | M] () -- C:\WINDOWS\exudokawasaxov.dll [2010/07/13 15:54:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qdecoxuxu.dat [2010/07/13 15:54:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ujoxazadahigusu.bin [2010/07/11 14:51:39 | 000,001,052 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2010/07/10 16:00:33 | 000,000,641 | ---- | M] () -- C:\WINDOWS\win.ini [2010/07/10 16:00:33 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/10 13:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/07/07 08:49:18 | 000,000,029 | ---- | M] () -- C:\WINDOWS\coolacm.ini [2010/06/24 12:19:51 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/06/24 12:01:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/06/22 16:46:41 | 000,490,838 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/22 16:46:41 | 000,434,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/22 16:46:41 | 000,068,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/15 16:25:51 | 000,122,563 | ---- | M] () -- C:\logfile [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/07/13 20:34:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\n3swkre6.exe [2010/07/13 17:51:02 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Mail & Newsgroups.lnk [2010/07/13 17:51:02 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape 7.0.lnk [2010/07/13 17:51:02 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/07/13 17:51:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/07/13 17:51:01 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/07/13 17:51:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2010/07/13 17:50:56 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG [2010/07/13 17:50:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/07/13 17:50:55 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/07/13 17:11:57 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 17:08:53 | 000,002,832 | ---- | C] () -- C:\WINDOWS\umorabul.dll [2010/07/13 16:33:51 | 000,002,832 | ---- | C] () -- C:\WINDOWS\ixudokaw.dll [2010/07/13 16:23:50 | 000,002,832 | ---- | C] () -- C:\WINDOWS\amatepin.dll [2010/07/13 16:10:55 | 000,002,832 | ---- | C] () -- C:\WINDOWS\exudokawasaxov.dll [2010/07/13 16:05:38 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/13 15:54:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qdecoxuxu.dat [2010/07/13 15:54:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ujoxazadahigusu.bin [2010/06/24 12:19:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/05/11 17:01:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini [2009/12/07 09:12:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HMIPCore.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/10/21 13:30:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/10/21 13:30:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2009/10/21 13:30:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009/10/21 13:30:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI [2009/08/06 08:36:08 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/08/06 08:36:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/08/06 08:36:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/08/06 08:36:06 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/08/06 08:36:06 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/08/06 08:36:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/08/06 08:36:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/07/25 11:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVDConverter.INI [2009/07/25 11:12:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009/06/11 10:54:22 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll [2009/06/11 10:54:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\hasp_windows.dll [2009/04/10 06:21:27 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2008/11/18 18:29:15 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008/07/26 10:21:20 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2008/05/05 17:27:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\free-watereffect.ini [2008/05/05 17:03:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/05/01 07:25:21 | 000,000,077 | ---- | C] () -- C:\WINDOWS\PasswordTools.INI [2007/12/23 10:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2007/12/23 10:48:48 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/09/10 11:34:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/09/10 11:33:18 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2007/09/10 11:33:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini [2007/09/10 10:15:34 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini [2007/09/10 10:08:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/09/10 10:05:58 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\Px.ini [2007/09/10 09:13:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2006/12/19 07:15:20 | 000,087,403 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2006/12/12 10:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2006/11/30 08:01:26 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/10/22 12:22:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 12:22:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/09/27 16:47:40 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005/06/07 21:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2003/12/02 15:44:25 | 000,001,052 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/12/02 15:41:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2003/12/02 15:40:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL [2003/12/02 15:39:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll [2003/12/02 15:01:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/12/01 20:53:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/12/01 20:39:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/12/01 19:29:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2003/12/01 19:29:08 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2003/12/01 19:28:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2003/12/01 19:28:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll [2003/12/01 19:28:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/12/01 19:28:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll [2003/12/01 19:28:40 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll [color=#E56717]========== LOP Check ==========[/color] [2010/07/13 20:23:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Application Data\SystemProc [2008/01/10 17:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2008/07/31 23:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast [2009/01/26 15:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2007/09/17 11:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz [2009/04/20 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2010/04/20 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company [2008/03/04 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2009/06/11 10:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grass Valley [2008/11/18 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software [2010/04/20 08:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak [2009/10/21 13:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software [2009/10/21 14:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/07/26 10:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/12/25 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TC-Helicon [2010/04/21 15:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/21 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/05/29 15:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft [2010/04/04 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/10 14:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/18 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/07/13 20:17:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/02/01 13:00:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/06/15 16:25:51 | 000,122,563 | ---- | M] () -- C:\logfile [2003/12/01 20:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/07/26 10:36:40 | 000,001,148 | ---- | M] () -- C:\net_save.dna [2008/02/01 12:56:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/05/07 11:53:45 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/07/13 20:18:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010/07/13 16:44:48 | 000,000,268 | ---- | M] () -- C:\rkill.log [2007/09/12 13:33:41 | 000,000,700 | ---- | M] () -- C:\wsr.txt [4 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2010/05/03 08:18:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\deployJava1.dll [2010/05/04 12:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtmsft.dll [2010/05/04 12:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtrans.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2008/02/01 04:55:14 | 001,572,864 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008/02/01 10:46:49 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2008/02/01 04:55:14 | 026,738,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008/02/01 04:55:14 | 008,126,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color] [2009/08/03 09:33:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B < End of report >