MBAM (From a scan while following the guide):
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
5/2/2010 6:45:52 PM
mbam-log-2010-05-02 (18-45-52).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|K:\|)
Objects scanned: 198823
Time elapsed: 32 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL:
OTL logfile created on: 5/2/2010 5:39:56 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 432.23 Gb Free Space | 92.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-AE587A64F7
Current User Name: Kay M. McClintock
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/02 17:27:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/17 15:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 11:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Pixart\Pac7302\Monitor.exe
PRC - [2004/07/30 15:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
========== Modules (SafeList) ==========
MOD - [2010/05/02 17:27:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 04:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/17 15:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 12:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 11:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 10:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2004/07/30 15:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe -- (RetroExpLauncher)
========== Driver Services (SafeList) ==========
DRV - [2010/05/02 17:38:12 | 000,093,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/03/01 11:34:36 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/08/24 13:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/08/08 17:54:36 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/08/08 17:54:34 | 000,439,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/08/08 17:54:28 | 001,093,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/08/08 17:54:20 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/08/08 17:54:16 | 000,142,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/08/08 17:54:16 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/08/08 17:54:12 | 000,501,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/07/26 17:48:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/26 17:48:28 | 000,033,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/13 21:18:48 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/07/08 22:57:00 | 003,198,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/09 17:49:40 | 000,014,592 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2004/08/03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/10/10 11:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofx.sys -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adm8511.sys -- (ADM8511)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear.......p;l=zu&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 10:35:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 21:26:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 21:26:32 | 000,000,000 | ---D | M]
[2010/04/25 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/04/27 14:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\94bev22h.default\extensions
[2010/04/27 14:25:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\94bev22h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/25 21:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2007/12/21 13:25:42 | 000,221,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7780 more lines...
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://pro.realquest...r/mapviewer.cab (First American Res MapActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/19 18:46:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e750a87-339d-11de-903a-001422410187}\Shell\AutoRun\command - "" = L:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{1e750a87-339d-11de-903a-001422410187}\Shell\RoboForm2Go\command - "" = L:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{a84aa538-aa95-11dc-87e1-001422410187}\Shell - "" = AutoRun
O33 - MountPoints2\{a84aa538-aa95-11dc-87e1-001422410187}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a84aa538-aa95-11dc-87e1-001422410187}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c2609fa5-f46b-11dc-87f0-001422410187}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{c2609fa5-f46b-11dc-87f0-001422410187}\Shell\Shell00\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{c2609fa5-f46b-11dc-87f0-001422410187}\Shell\Shell01\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{c2609fa5-f46b-11dc-87f0-001422410187}\Shell\Shell02\Command - "" = J:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/05/02 17:30:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/05/02 15:50:05 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/02 15:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/02 15:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/05/02 15:14:41 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/02 14:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/02 14:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/02 14:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/02 13:36:35 | 000,000,000 | ---D | C] -- C:\7cf7ddd59f49e35298bed0ee30
[2010/05/01 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/01 16:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/30 21:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\jarvlvemn
[2010/04/25 21:47:06 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/25 21:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/25 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/25 21:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2010/04/25 21:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla
[2010/04/25 20:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/25 20:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/25 19:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/25 19:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/25 19:05:52 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/04/25 19:05:52 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/04/25 19:05:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/04/25 19:05:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/04/25 19:05:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/04/25 19:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\45ACB046261207F6FF7D287E6B1A2E3C
[2010/04/25 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/25 19:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/25 18:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/04/25 18:09:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/25 18:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/25 18:09:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 18:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/24 16:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Deployment
[2010/04/24 13:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\GlarySoft
[2010/04/24 13:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/04/07 09:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\CutePDF Writer
[2010/04/07 09:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2007/06/19 19:08:01 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 30 Days ==========
[2010/05/02 17:42:34 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/02 17:42:34 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/02 17:42:34 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/02 17:39:13 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/02 17:39:05 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/02 17:38:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/02 17:38:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 17:38:12 | 000,093,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys
[2010/05/02 17:37:57 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2010/05/02 17:37:57 | 000,054,312 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2010/05/02 17:37:57 | 000,054,312 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2010/05/02 17:37:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/02 17:37:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/02 17:37:52 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/05/02 17:37:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/05/02 17:04:54 | 000,020,363 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/02 17:04:45 | 004,836,790 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/05/02 16:12:12 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/02 15:27:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/02 15:14:41 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/01 16:53:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 15:50:46 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Word 2003.lnk
[2010/05/01 01:00:06 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/30 21:29:35 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/30 08:13:28 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 09:56:46 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Excel 2003.lnk
[2010/04/28 21:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/27 09:18:03 | 000,000,666 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/27 09:18:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/27 09:18:03 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/04/27 07:28:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/25 21:47:04 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/25 21:26:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/25 21:26:35 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/25 19:05:02 | 000,001,178 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\w1vjs2h771
[2010/04/25 19:05:02 | 000,001,178 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\w1vjs2h771
[2010/04/22 07:12:26 | 013,719,807 | ---- | M] () -- C:\Documents and Settings\user\Desktop\South Valley Outdoor, LLC.QBB
[2010/04/17 17:20:29 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/04/15 03:03:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 01:08:02 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/05 21:27:28 | 008,201,728 | ---- | M] () -- C:\Documents and Settings\user\Desktop\South Valley Outdoor, LLC.QBX
[2010/04/05 08:28:09 | 000,660,992 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Ross & Kay.QBX
========== Files Created - No Company Name ==========
[2010/05/02 14:54:43 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/30 21:29:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/30 21:29:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/25 21:47:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/25 21:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/25 21:26:35 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/25 19:05:02 | 000,001,178 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\w1vjs2h771
[2010/04/25 19:05:02 | 000,001,178 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w1vjs2h771
[2010/04/24 13:18:30 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/22 07:12:12 | 013,719,807 | ---- | C] () -- C:\Documents and Settings\user\Desktop\South Valley Outdoor, LLC.QBB
[2010/04/07 09:54:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/05 21:27:20 | 008,201,728 | ---- | C] () -- C:\Documents and Settings\user\Desktop\South Valley Outdoor, LLC.QBX
[2010/04/05 08:28:05 | 000,660,992 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Ross & Kay.QBX
[2009/09/23 20:15:15 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2008/11/02 19:08:45 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/04/29 15:17:10 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2008/04/29 15:17:10 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/04/29 15:17:09 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2008/02/25 14:18:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/02/25 14:18:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/06/26 09:09:14 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\VLMenuRes.dll
[2007/06/26 09:09:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\VlUtils.dll
[2007/06/26 09:09:13 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\c1sizerppg.dll
[2007/06/25 10:40:35 | 000,000,128 | ---- | C] () -- C:\WINDOWS\PMJobCli.ini
[2007/06/25 10:40:33 | 000,012,309 | ---- | C] () -- C:\WINDOWS\PMRicMb.ini
[2007/06/25 10:40:33 | 000,007,873 | ---- | C] () -- C:\WINDOWS\PMRicPMb.ini
[2007/06/25 10:40:33 | 000,005,390 | ---- | C] () -- C:\WINDOWS\PMPrtMb.ini
[2007/06/25 10:40:33 | 000,004,644 | ---- | C] () -- C:\WINDOWS\PMRicFMb.ini
[2007/06/25 10:40:33 | 000,003,149 | ---- | C] () -- C:\WINDOWS\PMDvPrn.ini
[2007/06/25 10:40:33 | 000,002,102 | ---- | C] () -- C:\WINDOWS\PMDvDev.ini
[2007/06/25 10:40:33 | 000,002,047 | ---- | C] () -- C:\WINDOWS\PMDIOMb.ini
[2007/06/25 10:40:33 | 000,002,036 | ---- | C] () -- C:\WINDOWS\PMHostMb.ini
[2007/06/25 10:40:33 | 000,001,885 | ---- | C] () -- C:\WINDOWS\PMPSIOMb.ini
[2007/06/25 10:40:33 | 000,001,727 | ---- | C] () -- C:\WINDOWS\PMRicSMb.ini
[2007/06/25 10:40:33 | 000,001,706 | ---- | C] () -- C:\WINDOWS\PMRicCMb.ini
[2007/06/25 10:40:33 | 000,001,494 | ---- | C] () -- C:\WINDOWS\PMMib2Mb.ini
[2007/06/25 10:40:33 | 000,001,168 | ---- | C] () -- C:\WINDOWS\PMDvFax.ini
[2007/06/25 10:40:33 | 000,001,143 | ---- | C] () -- C:\WINDOWS\PMDPIMb.ini
[2007/06/25 10:40:33 | 000,001,094 | ---- | C] () -- C:\WINDOWS\PMAxsMb.ini
[2007/06/25 10:40:33 | 000,000,842 | ---- | C] () -- C:\WINDOWS\PMDvScan.ini
[2007/06/25 10:40:33 | 000,000,423 | ---- | C] () -- C:\WINDOWS\PMDvCopy.ini
[2007/06/25 10:40:33 | 000,000,332 | ---- | C] () -- C:\WINDOWS\PMSnmpMb.ini
[2007/06/25 10:40:32 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\rpnv2ui.dll
[2007/06/25 10:40:32 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\rtcpf.dll
[2007/06/25 10:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RLPR.dll
[2007/06/25 10:40:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMObservps.dll
[2007/06/25 10:05:28 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/06/19 23:37:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/19 19:08:03 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2007/06/19 19:08:01 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007/06/19 19:07:20 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/06/19 19:07:19 | 000,049,274 | ---- | C] () -- C:\WINDOWS\System32\claptn32.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/26 11:53:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpace.dll
[2004/08/26 11:49:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpMFC.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Files - Unicode (All) ==========
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?ystem32) -- C:\Documents and Settings\user\My Documents\?ystem32
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?ymbols) -- C:\Documents and Settings\user\My Documents\?ymbols
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?racle) -- C:\Documents and Settings\user\My Documents\?racle
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?racle) -- C:\Documents and Settings\user\My Documents\?racle
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?ppPatch) -- C:\Documents and Settings\user\My Documents\?ppPatch
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?icrosoft.NET) -- C:\Documents and Settings\user\My Documents\?icrosoft.NET
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?ecurity) -- C:\Documents and Settings\user\My Documents\?ecurity
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\?dobe) -- C:\Documents and Settings\user\My Documents\?dobe
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\??stem32) -- C:\Documents and Settings\user\My Documents\??stem32
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\??sks) -- C:\Documents and Settings\user\My Documents\??sks
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\??pPatch) -- C:\Documents and Settings\user\My Documents\??pPatch
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\??curity) -- C:\Documents and Settings\user\My Documents\??curity
[2008/10/06 15:52:10 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\??crosoft.NET) -- C:\Documents and Settings\user\My Documents\??crosoft.NET
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?ystem32) -- C:\Documents and Settings\user\My Documents\?ystem32
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?ymbols) -- C:\Documents and Settings\user\My Documents\?ymbols
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?racle) -- C:\Documents and Settings\user\My Documents\?racle
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?racle) -- C:\Documents and Settings\user\My Documents\?racle
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?ppPatch) -- C:\Documents and Settings\user\My Documents\?ppPatch
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?icrosoft.NET) -- C:\Documents and Settings\user\My Documents\?icrosoft.NET
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?ecurity) -- C:\Documents and Settings\user\My Documents\?ecurity
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\?dobe) -- C:\Documents and Settings\user\My Documents\?dobe
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\??stem32) -- C:\Documents and Settings\user\My Documents\??stem32
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\??sks) -- C:\Documents and Settings\user\My Documents\??sks
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\??pPatch) -- C:\Documents and Settings\user\My Documents\??pPatch
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\??curity) -- C:\Documents and Settings\user\My Documents\??curity
[2008/10/06 15:52:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\??crosoft.NET) -- C:\Documents and Settings\user\My Documents\??crosoft.NET
[2008/10/06 15:52:09 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\W?nSxS) -- C:\Documents and Settings\user\My Documents\W?nSxS
[2008/10/06 15:52:09 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\T?sks) -- C:\Documents and Settings\user\My Documents\T?sks
[2008/10/06 15:52:09 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\W?nSxS) -- C:\Documents and Settings\user\My Documents\W?nSxS
[2008/10/06 15:52:09 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\T?sks) -- C:\Documents and Settings\user\My Documents\T?sks
[2008/10/06 15:52:03 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\s?stem32) -- C:\Documents and Settings\user\My Documents\s?stem32
[2008/10/06 15:52:03 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\s?stem) -- C:\Documents and Settings\user\My Documents\s?stem
[2008/10/06 15:52:03 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\s?stem32) -- C:\Documents and Settings\user\My Documents\s?stem32
[2008/10/06 15:52:03 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\s?stem) -- C:\Documents and Settings\user\My Documents\s?stem
[2008/10/06 15:49:48 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\M?crosoft) -- C:\Documents and Settings\user\My Documents\M?crosoft
[2008/10/06 15:49:48 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\M?crosoft) -- C:\Documents and Settings\user\My Documents\M?crosoft
[2008/10/06 15:49:00 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\F?nts) -- C:\Documents and Settings\user\My Documents\F?nts
[2008/10/06 15:49:00 | 000,000,000 | ---D | M](C:\Documents and Settings\user\My Documents\F?nts) -- C:\Documents and Settings\user\My Documents\F?nts
[2008/10/06 15:49:00 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\F?nts) -- C:\Documents and Settings\user\My Documents\F?nts
[2008/10/06 15:49:00 | 000,000,000 | ---D | C](C:\Documents and Settings\user\My Documents\F?nts) -- C:\Documents and Settings\user\My Documents\F?nts
========== Alternate Data Streams ==========
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
< End of report >
EXTRAS (OTL):
OTL Extras logfile created on: 5/2/2010 5:39:56 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 432.23 Gb Free Space | 92.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-AE587A64F7
Current User Name: Kay M. McClintock
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}" = Retrospect Express HD 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AAB2A3A6-6789-4260-9966-517498589AB5}" = ArcSoft PhotoImpression 5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B22CFC7C-86DD-4D4E-8898-328DDB8B6400}" = Salesperson Exam Prep
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C138D676-4F0F-4FDE-8BE5-26CFD3566DCD}" = DeskTopBinder - SmartDeviceMonitor for Client
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDAC27F9-8293-465f-A4B0-011F1D38BBA1}" = RoxioShim
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EF3F9770-CA7B-4c5d-8A98-49AB97216546}" = C8100
"{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}" = VGA USB Camera
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A61B59-A8DE-4faf-B13E-BB596D698089}" = C8100_Help
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F75EBC67-0CF7-416a-A8E2-E38251ABE62E}" = C8100_doccd
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Carbonite Backup" = Carbonite
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Glary Utilities_is1" = Glary Utilities 2.21.0.863
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetroScan Online_is1" = MetroScan Online v3.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MXOFX" = USB Storage Adapter FX (MXO)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Retail Tenant Directory" = Retail Tenant Directory
"Revo Uninstaller" = Revo Uninstaller 1.87
"WIC" = Windows Imaging Component
"WinAIR Forms 2.0" = WinAIR Forms 2.0
"Windows Media Format Runtime" = Windows Media Format Runtime
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/19/2009 4:07:36 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d7.
Error - 12/19/2009 4:49:13 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
Error - 12/19/2009 4:54:37 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
Error - 12/19/2009 5:15:04 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
Error - 12/19/2009 6:02:38 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
Error - 12/20/2009 9:17:38 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
Error - 12/25/2009 3:05:52 AM | Computer Name = USER-AE587A64F7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 12/30/2009 1:54:19 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
Error - 12/31/2009 9:25:23 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
Error - 1/2/2010 6:57:21 PM | Computer Name = USER-AE587A64F7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.
[ System Events ]
Error - 4/28/2010 1:19:43 AM | Computer Name = USER-AE587A64F7 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 4/28/2010 1:19:43 AM | Computer Name = USER-AE587A64F7 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 4/28/2010 1:21:11 AM | Computer Name = USER-AE587A64F7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6
Error - 4/28/2010 1:24:36 AM | Computer Name = USER-AE587A64F7 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/28/2010 1:25:15 AM | Computer Name = USER-AE587A64F7 | Source = Tcpip | ID = 4198
Description = The system detected an address conflict for IP address 192.168.1.64
with the system having network hardware address 00:1E:6B:50:76:E0. The local interface
has been disabled.
Error - 5/1/2010 12:30:19 AM | Computer Name = USER-AE587A64F7 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 5/1/2010 12:30:50 AM | Computer Name = USER-AE587A64F7 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
Error - 5/2/2010 6:07:52 PM | Computer Name = USER-AE587A64F7 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 5/2/2010 6:07:52 PM | Computer Name = USER-AE587A64F7 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 5/2/2010 6:09:22 PM | Computer Name = USER-AE587A64F7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6
< End of report >
GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-02 18:54:11
Windows 5.1.2600 Service Pack 2
Running: gamerssdfsdf.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pfeyqaog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA6B3878A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA6B38821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA6B38738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA6B3874C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA6B38835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA6B38861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA6B388CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA6B388B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA6B387CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA6B388FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA6B3880D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA6B38710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA6B38724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA6B3879E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA6B38937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA6B388A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA6B3888D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA6B3884B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA6B38923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA6B3890F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA6B38776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA6B38762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA6B38877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA6B387F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA6B388E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA6B387E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA6B387B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device -> \Driver\nvatabus \Device\Harddisk0\DR0 883C0AC8
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\nvatabus.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Thanks in advance for your help guys, this looks like it is a great site. I have been trying this for a few hours, and can't seem to get this out!
Note: This system got the Antispyware 2009 virus, and I thought I got all of that out, idk if this is related to that or not, but I thought it my be useful for you to know. thanks!