McAfee and Java disabled [Solved]
Started by
Juan1959
, May 30 2010 11:22 AM
-
This topic is locked
#1
Posted 30 May 2010 - 11:22 AM
Juan1959
-
- Member
-
- 33 posts
Member
#2
Posted 30 May 2010 - 11:25 AM
Juan1959
- Topic Starter
-
- Member
-
- 33 posts
Member
I had also followed all of the manual prework without success.
#3
Posted 30 May 2010 - 07:29 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Juan1959,
Welcome.
Please post the logs from the tools you ran so that I can have a look.
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.
Welcome.
I had also followed all of the manual prework without success.
Please post the logs from the tools you ran so that I can have a look.
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.
#4
Posted 31 May 2010 - 06:37 PM
Juan1959
- Topic Starter
-
- Member
-
- 33 posts
Member
Hi emeraldnzl,
Thanks for helping. Here are the logs I ran.
**************************
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 17:40:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Loren\LOCALS~1\Temp\uftdqpog.sys
---- System - GMER 1.0.15 ----
SSDT 873D72B8 ZwAllocateVirtualMemory
SSDT 873AB3A8 ZwCreateKey
SSDT 873E3EC0 ZwCreateProcess
SSDT 873AB218 ZwCreateProcessEx
SSDT 873D7588 ZwCreateThread
SSDT 87386148 ZwDeleteKey
SSDT 873AA0A0 ZwDeleteValueKey
SSDT 873D7330 ZwQueueApcThread
SSDT 873D71C8 ZwReadVirtualMemory
SSDT 873DA858 ZwRenameKey
SSDT 873D7420 ZwSetContextThread
SSDT 873DC020 ZwSetInformationKey
SSDT 8734E298 ZwSetInformationProcess
SSDT 873D7498 ZwSetInformationThread
SSDT 873D36C0 ZwSetValueKey
SSDT 8734E220 ZwSuspendProcess
SSDT 873D73A8 ZwSuspendThread
SSDT 873AB1A0 ZwTerminateProcess
SSDT 873D7510 ZwTerminateThread
SSDT 873D7240 ZwWriteVirtualMemory
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB1037 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB1895 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CB0EA6 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB0F36 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CB130D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CB1B86 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1892] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1904] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \Driver\Tcpip \Device\Ip 86F04B28
Device \Driver\Tcpip \Device\Ip 87021198
Device \Driver\Tcpip \Device\Ip 872DC190
Device \Driver\Tcpip \Device\Ip 86ED61B0
Device \Driver\Tcpip \Device\Tcp 86F04B28
Device \Driver\Tcpip \Device\Tcp 87021198
Device \Driver\Tcpip \Device\Tcp 872DC190
Device \Driver\Tcpip \Device\Tcp 86ED61B0
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
***************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4129
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/31/2010 7:39:10 AM
mbam-log-2010-05-31 (07-39-10).txt
Scan type: Quick scan
Objects scanned: 153555
Time elapsed: 16 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
********
OTL logfile created on: 5/31/2010 5:42:16 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 61.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.43 Gb Free Space | 18.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.56 Gb Total Space | 3.13 Gb Free Space | 87.75% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/03 22:46:24 | 001,181,040 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/04/24 13:19:58 | 006,155,808 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/04/21 18:26:50 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/03 22:46:24 | 001,181,040 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2010/05/31 10:59:51 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/29 15:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 00:42:46 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/05/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/05/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 00:39:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/22 00:38:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2010/05/12 09:21:13 | 000,000,686 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [tcactive] File not found
O4 - HKLM..\Run: [tcmonitor] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\ALI MP3 Player\Res.EXE File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\RunOnce: [DelayShred] c:\program files\mcafee\mshr\ShrCL.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (nd) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{42259be1-8774-11dd-9180-000874ba622b}\Shell - "" = AutoRun
O33 - MountPoints2\{42259be1-8774-11dd-9180-000874ba622b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42259be1-8774-11dd-9180-000874ba622b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c9d61bfd-d1cc-11dd-9197-000874ba622b}\Shell\AutoRun\command - "" = I:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/01/04 16:44:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[2010/04/27 01:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\josghvtwl
[2010/04/18 08:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/18 08:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/04/18 08:37:57 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/04/18 07:48:01 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/18 07:47:13 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/18 07:47:13 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/18 07:47:13 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/18 07:47:12 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/18 07:47:12 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/18 07:47:11 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/18 07:47:10 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/17 23:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\Download Manager
[2010/04/17 23:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2010/04/13 21:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Real
[2010/04/13 21:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/21 21:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\My Documents\Cucusoft
[2010/03/21 21:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Cucusoft
[2010/03/13 21:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling_files
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/05/31 10:59:51 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/05/31 07:30:30 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/31 03:00:07 | 000,002,034 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070509232027.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180629.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180553.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180546.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180509.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070209221549.job
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/30 09:29:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/30 09:27:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/30 09:27:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 09:27:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/30 09:27:16 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/29 15:44:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/05/26 11:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/26 03:00:02 | 000,001,674 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1253915932.job
[2010/05/26 01:00:05 | 000,001,688 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L0E1308FA7D814CBBA2ECBC28D43F0DD4.job
[2010/05/25 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 09:21:13 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/18 01:16:10 | 2214,896,284 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:49 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:01:41 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/21 21:43:25 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Cucusoft iPod Video Converter Suite.lnk
[2010/03/20 05:45:03 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\My Sharing Folders.lnk
[2010/03/13 21:14:16 | 000,027,298 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:14 | 000,052,792 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2010/03/11 04:15:38 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/01 09:47:44 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/04/17 23:35:06 | 2214,896,284 | ---- | C] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/04/13 21:09:49 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:09:47 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/03/21 21:12:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/13 21:13:58 | 000,027,298 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:04 | 000,052,792 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2009/04/21 18:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:56 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== LOP Check ==========
[2009/05/08 21:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/08 21:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2006/09/29 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2003/01/04 17:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/12/30 01:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/18 08:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2005/02/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0137
[2008/11/15 11:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/11 16:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/17 22:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/05/08 21:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/18 19:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/09 21:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 08:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/18 03:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2003/02/21 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\InterTrust
[2004/01/06 20:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Leadertech
[2007/06/26 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller
[2006/08/27 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(2)
[2006/11/19 16:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(3)
[2006/08/22 22:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Tenebril
[2010/05/26 03:00:02 | 000,001,674 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1253915932.job
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070209221549.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180509.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180546.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180553.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180629.job
[2010/05/31 03:00:07 | 000,002,034 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
[2010/05/26 01:00:05 | 000,001,688 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L0E1308FA7D814CBBA2ECBC28D43F0DD4.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/05/19 22:40:57 | 000,000,976 | ---- | M] () -- C:\acttmp.dat
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/20 01:23:40 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2008/08/23 01:08:41 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2008/02/08 19:20:44 | 000,037,376 | ---- | M] () -- C:\Category_Manager_-Site_and_Operations.doc
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/13 19:49:38 | 000,019,456 | ---- | M] () -- C:\Copy of Loren Wk 2.xls
[2010/03/21 21:42:28 | 000,356,358 | ---- | M] () -- C:\Cucu_Video_log.txt
[2003/01/04 16:51:30 | 000,004,096 | RH-- | M] () -- C:\DELL.SDR
[2008/02/02 16:16:45 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2010/04/03 15:43:48 | 000,000,045 | ---- | M] () -- C:\error.log
[2010/05/30 09:27:16 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/05/06 21:32:49 | 000,759,586 | ---- | M] () -- C:\hpfr3425.log
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/05/08 21:58:37 | 000,003,338 | -H-- | M] () -- C:\IPH.PH
[2006/11/19 23:41:01 | 000,125,440 | ---- | M] () -- C:\Mailing list 11-06.doc
[2010/05/01 10:00:23 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/03/09 17:08:06 | 000,000,106 | ---- | M] () -- C:\MSKInstall.log
[2005/02/19 11:29:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/12 20:37:36 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/05/31 09:27:50 | 458,227,712 | -HS- | M] () -- C:\pagefile.sys
[2007/12/30 03:42:13 | 000,005,284 | ---- | M] () -- C:\reset.log
[2006/04/07 16:38:58 | 000,003,345 | ---- | M] () -- C:\smitfiles.txt
[2006/05/19 22:41:01 | 000,001,224 | ---- | M] () -- C:\sonoma.conf
[2005/10/29 11:52:02 | 000,000,306 | -H-- | M] () -- C:\T4Metrics.log
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/21 18:26:56 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wrLZMA.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2002/09/03 09:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 09:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 09:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
************************
OTL Extras logfile created on: 5/31/2010 5:42:16 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 61.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.43 Gb Free Space | 18.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.56 Gb Total Space | 3.13 Gb Free Space | 87.75% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Setup -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}" = Hallmark Card Studio 2
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper for MSN
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4471FF45-62BD-11D6-B259-00C04FF4B435}" = McAfee Firewall
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = ALI MP3 Player
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}" = ImageMixer with VCD
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{750C0D4F-E731-4104-9A51-A5E579CE3867}}_is1" = The Cleaner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = MP3
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15
"{8C25E29E-FC5D-44CD-A58C-5746AF303CF2}" = Microsoft Office Outlook Connector
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.15
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}" = Dora the Explorer: Animal Adventures
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C1E544E5-EF3C-4103-A57B-3A499FD91033}" = Nero 7 Essentials
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D8CE109C-C9DD-4126-8F88-C6450DF91C85}" = ArcSoft MediaImpression Downloader
"{D9044DCB-F8F9-4A81-9B06-ACAC1A59B261}" = QuickConnect
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AOL Email Toolbar" = AOL Email Toolbar
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 8.2.8.2
"Dreamship Tales" = Dreamship Tales
"eMusic Download Manager" = eMusic Download Manager 3.0
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"hp instant support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"PCFriendly" = PCFriendly
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.1.3
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"YOUNTEL-UMS Driver_is1" = YOUNTEL-UMS Driver Install 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pilot Desktop" = Palm Desktop
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/17/2010 10:42:17 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/17/2010 10:42:17 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/17/2010 10:42:38 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/17/2010 10:42:49 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/18/2010 11:12:09 AM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/18/2010 11:35:20 AM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:11:56 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:20:40 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:20:41 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:35:40 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 5/29/2010 4:13:40 PM | Computer Name = NUMBER1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0
(KB928365).
Error - 5/29/2010 4:45:07 PM | Computer Name = NUMBER1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0
(KB928365).
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The OneCare AntiSpyware and AntiVirus service failed to start due
to the following error: %%3
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the following error:
%%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the following
error: %%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the following
error: %%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%2
Error - 5/30/2010 10:28:44 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFP
Error - 5/31/2010 4:04:35 AM | Computer Name = NUMBER1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0
(KB928365).
< End of report >
Thanks for helping. Here are the logs I ran.
**************************
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 17:40:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Loren\LOCALS~1\Temp\uftdqpog.sys
---- System - GMER 1.0.15 ----
SSDT 873D72B8 ZwAllocateVirtualMemory
SSDT 873AB3A8 ZwCreateKey
SSDT 873E3EC0 ZwCreateProcess
SSDT 873AB218 ZwCreateProcessEx
SSDT 873D7588 ZwCreateThread
SSDT 87386148 ZwDeleteKey
SSDT 873AA0A0 ZwDeleteValueKey
SSDT 873D7330 ZwQueueApcThread
SSDT 873D71C8 ZwReadVirtualMemory
SSDT 873DA858 ZwRenameKey
SSDT 873D7420 ZwSetContextThread
SSDT 873DC020 ZwSetInformationKey
SSDT 8734E298 ZwSetInformationProcess
SSDT 873D7498 ZwSetInformationThread
SSDT 873D36C0 ZwSetValueKey
SSDT 8734E220 ZwSuspendProcess
SSDT 873D73A8 ZwSuspendThread
SSDT 873AB1A0 ZwTerminateProcess
SSDT 873D7510 ZwTerminateThread
SSDT 873D7240 ZwWriteVirtualMemory
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB1037 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB1895 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CB0EA6 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB0F36 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CB130D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1524] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CB1B86 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1892] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1904] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3560] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \Driver\Tcpip \Device\Ip 86F04B28
Device \Driver\Tcpip \Device\Ip 87021198
Device \Driver\Tcpip \Device\Ip 872DC190
Device \Driver\Tcpip \Device\Ip 86ED61B0
Device \Driver\Tcpip \Device\Tcp 86F04B28
Device \Driver\Tcpip \Device\Tcp 87021198
Device \Driver\Tcpip \Device\Tcp 872DC190
Device \Driver\Tcpip \Device\Tcp 86ED61B0
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
***************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4129
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/31/2010 7:39:10 AM
mbam-log-2010-05-31 (07-39-10).txt
Scan type: Quick scan
Objects scanned: 153555
Time elapsed: 16 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
********
OTL logfile created on: 5/31/2010 5:42:16 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 61.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.43 Gb Free Space | 18.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.56 Gb Total Space | 3.13 Gb Free Space | 87.75% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/03 22:46:24 | 001,181,040 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/04/24 13:19:58 | 006,155,808 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/04/21 18:26:50 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/03 22:46:24 | 001,181,040 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2010/05/31 10:59:51 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/29 15:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 00:42:46 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/05/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/05/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 00:39:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/22 00:38:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2010/05/12 09:21:13 | 000,000,686 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [tcactive] File not found
O4 - HKLM..\Run: [tcmonitor] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\ALI MP3 Player\Res.EXE File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\RunOnce: [DelayShred] c:\program files\mcafee\mshr\ShrCL.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (nd) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{42259be1-8774-11dd-9180-000874ba622b}\Shell - "" = AutoRun
O33 - MountPoints2\{42259be1-8774-11dd-9180-000874ba622b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42259be1-8774-11dd-9180-000874ba622b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c9d61bfd-d1cc-11dd-9197-000874ba622b}\Shell\AutoRun\command - "" = I:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/01/04 16:44:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[2010/04/27 01:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\josghvtwl
[2010/04/18 08:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/18 08:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/04/18 08:37:57 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/04/18 07:48:01 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/18 07:47:13 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/18 07:47:13 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/18 07:47:13 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/18 07:47:12 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/18 07:47:12 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/18 07:47:11 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/18 07:47:10 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/17 23:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\Download Manager
[2010/04/17 23:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2010/04/13 21:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Real
[2010/04/13 21:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/21 21:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\My Documents\Cucusoft
[2010/03/21 21:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Cucusoft
[2010/03/13 21:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling_files
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/05/31 10:59:51 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/05/31 07:30:30 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/31 03:00:07 | 000,002,034 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070509232027.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180629.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180553.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180546.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070401180509.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20070209221549.job
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/30 09:29:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/30 09:27:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/30 09:27:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 09:27:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/30 09:27:16 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/29 15:44:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/05/26 11:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/26 03:00:02 | 000,001,674 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1253915932.job
[2010/05/26 01:00:05 | 000,001,688 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L0E1308FA7D814CBBA2ECBC28D43F0DD4.job
[2010/05/25 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 09:21:13 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/18 01:16:10 | 2214,896,284 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:49 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:01:41 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/21 21:43:25 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Cucusoft iPod Video Converter Suite.lnk
[2010/03/20 05:45:03 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\My Sharing Folders.lnk
[2010/03/13 21:14:16 | 000,027,298 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:14 | 000,052,792 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2010/03/11 04:15:38 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/01 09:47:44 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/04/17 23:35:06 | 2214,896,284 | ---- | C] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/04/13 21:09:49 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:09:47 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/03/21 21:12:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/13 21:13:58 | 000,027,298 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:04 | 000,052,792 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2009/04/21 18:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:56 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== LOP Check ==========
[2009/05/08 21:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/08 21:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2006/09/29 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2003/01/04 17:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/12/30 01:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/18 08:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2005/02/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0137
[2008/11/15 11:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/11 16:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/17 22:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/05/08 21:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/18 19:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/09 21:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 08:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/18 03:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2003/02/21 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\InterTrust
[2004/01/06 20:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Leadertech
[2007/06/26 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller
[2006/08/27 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(2)
[2006/11/19 16:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(3)
[2006/08/22 22:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Tenebril
[2010/05/26 03:00:02 | 000,001,674 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1253915932.job
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070209221549.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180509.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180546.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180553.job
[2010/05/31 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070401180629.job
[2010/05/31 03:00:07 | 000,002,034 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
[2010/05/26 01:00:05 | 000,001,688 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L0E1308FA7D814CBBA2ECBC28D43F0DD4.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/05/19 22:40:57 | 000,000,976 | ---- | M] () -- C:\acttmp.dat
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/20 01:23:40 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2008/08/23 01:08:41 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2008/02/08 19:20:44 | 000,037,376 | ---- | M] () -- C:\Category_Manager_-Site_and_Operations.doc
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/13 19:49:38 | 000,019,456 | ---- | M] () -- C:\Copy of Loren Wk 2.xls
[2010/03/21 21:42:28 | 000,356,358 | ---- | M] () -- C:\Cucu_Video_log.txt
[2003/01/04 16:51:30 | 000,004,096 | RH-- | M] () -- C:\DELL.SDR
[2008/02/02 16:16:45 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2010/04/03 15:43:48 | 000,000,045 | ---- | M] () -- C:\error.log
[2010/05/30 09:27:16 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/05/06 21:32:49 | 000,759,586 | ---- | M] () -- C:\hpfr3425.log
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/05/08 21:58:37 | 000,003,338 | -H-- | M] () -- C:\IPH.PH
[2006/11/19 23:41:01 | 000,125,440 | ---- | M] () -- C:\Mailing list 11-06.doc
[2010/05/01 10:00:23 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/03/09 17:08:06 | 000,000,106 | ---- | M] () -- C:\MSKInstall.log
[2005/02/19 11:29:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/12 20:37:36 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/05/31 09:27:50 | 458,227,712 | -HS- | M] () -- C:\pagefile.sys
[2007/12/30 03:42:13 | 000,005,284 | ---- | M] () -- C:\reset.log
[2006/04/07 16:38:58 | 000,003,345 | ---- | M] () -- C:\smitfiles.txt
[2006/05/19 22:41:01 | 000,001,224 | ---- | M] () -- C:\sonoma.conf
[2005/10/29 11:52:02 | 000,000,306 | -H-- | M] () -- C:\T4Metrics.log
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/21 18:26:56 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wrLZMA.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2002/09/03 09:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 09:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 09:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
************************
OTL Extras logfile created on: 5/31/2010 5:42:16 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 61.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.43 Gb Free Space | 18.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.56 Gb Total Space | 3.13 Gb Free Space | 87.75% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Setup -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}" = Hallmark Card Studio 2
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper for MSN
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4471FF45-62BD-11D6-B259-00C04FF4B435}" = McAfee Firewall
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = ALI MP3 Player
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}" = ImageMixer with VCD
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{750C0D4F-E731-4104-9A51-A5E579CE3867}}_is1" = The Cleaner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = MP3
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15
"{8C25E29E-FC5D-44CD-A58C-5746AF303CF2}" = Microsoft Office Outlook Connector
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.15
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}" = Dora the Explorer: Animal Adventures
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C1E544E5-EF3C-4103-A57B-3A499FD91033}" = Nero 7 Essentials
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D8CE109C-C9DD-4126-8F88-C6450DF91C85}" = ArcSoft MediaImpression Downloader
"{D9044DCB-F8F9-4A81-9B06-ACAC1A59B261}" = QuickConnect
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AOL Email Toolbar" = AOL Email Toolbar
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 8.2.8.2
"Dreamship Tales" = Dreamship Tales
"eMusic Download Manager" = eMusic Download Manager 3.0
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"hp instant support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"PCFriendly" = PCFriendly
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.1.3
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"YOUNTEL-UMS Driver_is1" = YOUNTEL-UMS Driver Install 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pilot Desktop" = Palm Desktop
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/17/2010 10:42:17 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/17/2010 10:42:17 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/17/2010 10:42:38 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/17/2010 10:42:49 AM | Computer Name = NUMBER1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/18/2010 11:12:09 AM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/18/2010 11:35:20 AM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:11:56 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:20:40 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:20:41 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/29/2010 4:35:40 PM | Computer Name = NUMBER1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 5/29/2010 4:13:40 PM | Computer Name = NUMBER1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0
(KB928365).
Error - 5/29/2010 4:45:07 PM | Computer Name = NUMBER1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0
(KB928365).
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The OneCare AntiSpyware and AntiVirus service failed to start due
to the following error: %%3
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the following error:
%%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the following
error: %%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the following
error: %%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2
Error - 5/30/2010 10:28:01 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%2
Error - 5/30/2010 10:28:44 AM | Computer Name = NUMBER1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFP
Error - 5/31/2010 4:04:35 AM | Computer Name = NUMBER1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0
(KB928365).
< End of report >
#5
Posted 31 May 2010 - 07:29 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Juan1959,
Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:
Viewpoint, Viewpoint Manager, Viewpoint Media Player.:
Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.
http://www.clickz.com/news/article.php/3561546
After that
I see you have McAfee and Spy Sweeper (Webroot) running. I do wonder whether there is a conflict going on there.
Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.
Try uninstalling one of them. You can always reinstall later.
Step 2
Please download JavaRa to your desktop and unzip it to it's own folder
* Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
* Accept any prompts.
* Open JavaRa.exe again and select Search For Updates.
* Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Finally in this post
Please run OTL.exe
Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:
Viewpoint, Viewpoint Manager, Viewpoint Media Player.:
Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.
http://www.clickz.com/news/article.php/3561546
After that
I see you have McAfee and Spy Sweeper (Webroot) running. I do wonder whether there is a conflict going on there.
Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.
Try uninstalling one of them. You can always reinstall later.
Step 2
Please download JavaRa to your desktop and unzip it to it's own folder
* Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
* Accept any prompts.
* Open JavaRa.exe again and select Search For Updates.
* Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Finally in this post
Please run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O30 - LSA: Authentication Packages - (OWS\S) - File not found O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found O30 - LSA: Security Packages - (nd) - File not found [2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\??????????????????????????????????????????????l [2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\?????????????????????????????????????????????? [2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\??????????????????????????????????????????????l [2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\?????????????????????????????????????????????? @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 :Commands [purity] [emptytemp]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- It will produce a log for you on reboot, please post that log in your next reply.
#6
Posted 31 May 2010 - 08:45 PM
Juan1959
- Topic Starter
-
- Member
-
- 33 posts
Member
Hi emeraldnzl,
I removed Viewpoint Viewer, deleted one of the anti spyware programs and updated Java although it took three tries to get it loaded and then ran the OTL. The new log is below.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:OWS\S deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ecurity Packages settings... deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:nd deleted successfully.
File C:\WINDOWS\System32\??????????????????????????????????????????????l not found.
File C:\WINDOWS\System32\?????????????????????????????????????????????? not found.
File C:\WINDOWS\System32\??????????????????????????????????????????????l not found.
File C:\WINDOWS\System32\?????????????????????????????????????????????? not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bridget
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Liz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Loren
->Temp folder emptied: 153201085 bytes
->Temporary Internet Files folder emptied: 16064891 bytes
->Java cache emptied: 799626 bytes
->FireFox cache emptied: 56547057 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 498 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 639057 bytes
User: Owner
User: Wendy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22162 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 217.00 mb
OTL by OldTimer - Version 3.2.5.0 log created on 05312010_213433
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Loren\Local Settings\Temp\Perflib_Perfdata_8e8.dat not found!
Registry entries deleted on Reboot...
I removed Viewpoint Viewer, deleted one of the anti spyware programs and updated Java although it took three tries to get it loaded and then ran the OTL. The new log is below.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:OWS\S deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ecurity Packages settings... deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:nd deleted successfully.
File C:\WINDOWS\System32\??????????????????????????????????????????????l not found.
File C:\WINDOWS\System32\?????????????????????????????????????????????? not found.
File C:\WINDOWS\System32\??????????????????????????????????????????????l not found.
File C:\WINDOWS\System32\?????????????????????????????????????????????? not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bridget
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Liz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Loren
->Temp folder emptied: 153201085 bytes
->Temporary Internet Files folder emptied: 16064891 bytes
->Java cache emptied: 799626 bytes
->FireFox cache emptied: 56547057 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 498 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 639057 bytes
User: Owner
User: Wendy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22162 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 217.00 mb
OTL by OldTimer - Version 3.2.5.0 log created on 05312010_213433
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Loren\Local Settings\Temp\Perflib_Perfdata_8e8.dat not found!
Registry entries deleted on Reboot...
#7
Posted 31 May 2010 - 09:13 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Juan1959,
Please download ComboFix from one of these locations:
NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
After that
Please download ComboFix from one of these locations:
NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
After that
- Close all windows and open OTL again.
- Click Run Scan and let the program run uninterrupted
- It will produce a log for you. Post the log here.
- ComboFix.txt
- OTL scan log - OTL.txt
#8
Posted 31 May 2010 - 10:10 PM
Juan1959
- Topic Starter
-
- Member
-
- 33 posts
Member
Hi emeraldnzl,
Attached are the Combofix and OTL logs. Thanks again for your help!!!
ComboFix 10-05-31.02 - Loren 05/31/2010 22:29:01.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.489 [GMT -5:00]
Running from: c:\documents and settings\Loren\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Loren\Application Data\shb.dat
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.
2010-06-01 02:34 . 2010-06-01 02:34 -------- d-----w- C:\_OTL
2010-06-01 02:14 . 2010-06-01 02:29 -------- d-----w- c:\documents and settings\Loren\.SunDownloadManager
2010-05-22 05:24 . 2010-06-01 02:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-22 04:43 . 2010-05-22 04:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 04:27 . 2010-05-22 04:27 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 14:38 . 2010-05-18 14:38 -------- d-----w- C:\Webroot
2010-05-12 14:16 . 2010-05-12 14:16 -------- d-----w- c:\documents and settings\Bridget\Local Settings\Application Data\ArcSoft
2010-05-12 14:15 . 2010-05-12 14:16 -------- d-----w- c:\documents and settings\Bridget\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 02:38 . 2005-07-12 01:23 18688 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-06-01 02:08 . 2007-05-10 05:07 -------- d-----w- c:\program files\SpywareBlaster
2010-05-25 04:56 . 2008-08-23 06:54 -------- d-----w- c:\program files\ERUNT
2010-05-22 05:56 . 2008-08-23 14:36 -------- d-----w- c:\program files\Java
2010-05-22 05:29 . 2008-07-27 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 14:59 . 2008-11-22 13:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 20:39 . 2008-11-22 13:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2008-11-22 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 22:16 . 2010-04-18 12:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-04-18 12:47 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-04-18 12:47 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-04-18 12:47 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-04-18 12:47 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2010-04-18 12:47 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2010-04-18 12:47 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-04-18 12:47 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2006-12-26 07:50 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2006-12-26 07:50 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 04:58 . 2008-12-13 00:00 -------- d-----w- c:\program files\McAfee.com
2010-04-19 12:28 . 2006-12-26 07:47 -------- d-----w- c:\program files\McAfee
2010-04-19 12:28 . 2006-12-26 07:47 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-18 13:43 . 2010-04-18 13:42 -------- d-----w- c:\program files\Garmin
2010-04-18 13:42 . 2010-04-18 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-04-18 08:55 . 2010-04-18 04:33 -------- d-----w- c:\documents and settings\Loren\Application Data\GARMIN
2010-04-18 06:34 . 2010-04-18 04:34 -------- d-----w- c:\documents and settings\Loren\Application Data\Download Manager
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-14 02:09 . 2010-04-14 02:09 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-14 02:09 . 2010-04-14 02:09 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-14 02:09 . 2010-04-14 02:09 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-14 02:09 . 2010-04-14 02:09 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-14 02:08 . 2010-04-14 02:08 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-14 02:07 . 2003-01-04 22:15 -------- d-----w- c:\program files\Common Files\Real
2010-04-14 02:05 . 2003-01-04 22:15 -------- d-----w- c:\program files\Real
2010-04-14 02:04 . 2010-04-14 02:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-14 02:01 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-14 02:01 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-03 20:46 . 2003-01-04 22:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 14:21 . 2010-04-18 04:32 12255080 ----a-w- c:\documents and settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-27 22:16 . 2010-04-18 12:48 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Dit"="Dit.exe" [2004-12-17 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-14 202256]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ArcSoft MediaImpression Downloader.lnk - c:\program files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe [2009-12-26 204800]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-1-4 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autochec
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [12/11/2008 8:43 AM 28544]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [1/17/2004 6:49 PM 17792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/12/2008 7:06 PM 93320]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 1:02 PM 1213728]
S3 CardReaderFilter;Card Reader Filter;c:\windows\SYSTEM32\DRIVERS\USBCRFT.SYS [7/11/2005 8:23 PM 18688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
2010-05-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8253915932.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
2010-05-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8253915932.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
2010-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8257486127.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
2010-06-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
2010-05-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://205.177.122.74/top/search.php?id=5&s=
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
IE: &AOL Email Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mozilla.com
FF - component: c:\program files\ArcSoft\MediaImpression Downloader\Plugin_FireFox\components\nsURLRecordEx.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-RunOnce-DelayShred - c:\program files\mcafee\mshr\ShrCL.EXE
HKLM-Run-USB Storage Toolbox - c:\program files\ALI MP3 Player\Res.EXE
HKLM-Run-tcactive - (no file)
HKLM-Run-tcmonitor - (no file)
SafeBoot-svcWRSSSDK
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 22:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-05-31 22:51:16
ComboFix-quarantined-files.txt 2010-06-01 03:51
Pre-Run: 11,398,971,392 bytes free
Post-Run: 11,361,517,568 bytes free
- - End Of File - - 7926ACE04B740D93767AB763F9460ABD
*************OTL Logs********************
OTL logfile created on: 5/31/2010 10:55:07 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 564.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.60 Gb Free Space | 18.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
========== Driver Services (SafeList) ==========
DRV - [2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/29 15:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 21:02:40 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/05/31 21:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/05/31 21:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 21:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/31 21:32:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/05/31 22:38:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (Lsa) - File not found
O30 - LSA: Security Packages - (ity Packages settings...) - File not found
O30 - LSA: Security Packages - (or) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/05/31 22:25:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 22:25:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 22:25:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 22:25:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 22:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 21:34:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/31 21:32:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\.SunDownloadManager
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:24:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/31 22:51:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 22:39:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 22:38:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/31 22:23:57 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/05/31 21:38:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/31 21:37:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/31 21:37:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/31 21:37:17 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 21:35:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/05/31 21:32:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/31 21:32:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:21:16 | 000,245,103 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\JavaRa.def
[2010/05/31 21:21:16 | 000,157,696 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Loren\Desktop\JavaRa.exe
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/26 11:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/25 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/31 22:25:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 22:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 22:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 22:25:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 22:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
< End of report >
Attached are the Combofix and OTL logs. Thanks again for your help!!!
ComboFix 10-05-31.02 - Loren 05/31/2010 22:29:01.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.489 [GMT -5:00]
Running from: c:\documents and settings\Loren\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Loren\Application Data\shb.dat
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.
2010-06-01 02:34 . 2010-06-01 02:34 -------- d-----w- C:\_OTL
2010-06-01 02:14 . 2010-06-01 02:29 -------- d-----w- c:\documents and settings\Loren\.SunDownloadManager
2010-05-22 05:24 . 2010-06-01 02:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-22 04:43 . 2010-05-22 04:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 04:27 . 2010-05-22 04:27 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 14:38 . 2010-05-18 14:38 -------- d-----w- C:\Webroot
2010-05-12 14:16 . 2010-05-12 14:16 -------- d-----w- c:\documents and settings\Bridget\Local Settings\Application Data\ArcSoft
2010-05-12 14:15 . 2010-05-12 14:16 -------- d-----w- c:\documents and settings\Bridget\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 02:38 . 2005-07-12 01:23 18688 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-06-01 02:08 . 2007-05-10 05:07 -------- d-----w- c:\program files\SpywareBlaster
2010-05-25 04:56 . 2008-08-23 06:54 -------- d-----w- c:\program files\ERUNT
2010-05-22 05:56 . 2008-08-23 14:36 -------- d-----w- c:\program files\Java
2010-05-22 05:29 . 2008-07-27 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 14:59 . 2008-11-22 13:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 20:39 . 2008-11-22 13:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2008-11-22 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 22:16 . 2010-04-18 12:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-04-18 12:47 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-04-18 12:47 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-04-18 12:47 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-04-18 12:47 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2010-04-18 12:47 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2010-04-18 12:47 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-04-18 12:47 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2006-12-26 07:50 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2006-12-26 07:50 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 04:58 . 2008-12-13 00:00 -------- d-----w- c:\program files\McAfee.com
2010-04-19 12:28 . 2006-12-26 07:47 -------- d-----w- c:\program files\McAfee
2010-04-19 12:28 . 2006-12-26 07:47 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-18 13:43 . 2010-04-18 13:42 -------- d-----w- c:\program files\Garmin
2010-04-18 13:42 . 2010-04-18 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-04-18 08:55 . 2010-04-18 04:33 -------- d-----w- c:\documents and settings\Loren\Application Data\GARMIN
2010-04-18 06:34 . 2010-04-18 04:34 -------- d-----w- c:\documents and settings\Loren\Application Data\Download Manager
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-14 02:09 . 2010-04-14 02:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-14 02:09 . 2010-04-14 02:09 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-14 02:09 . 2010-04-14 02:09 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-14 02:09 . 2010-04-14 02:09 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-14 02:09 . 2010-04-14 02:09 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-14 02:08 . 2010-04-14 02:08 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-14 02:07 . 2003-01-04 22:15 -------- d-----w- c:\program files\Common Files\Real
2010-04-14 02:05 . 2003-01-04 22:15 -------- d-----w- c:\program files\Real
2010-04-14 02:04 . 2010-04-14 02:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-14 02:01 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-14 02:01 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-03 20:46 . 2003-01-04 22:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 14:21 . 2010-04-18 04:32 12255080 ----a-w- c:\documents and settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-27 22:16 . 2010-04-18 12:48 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Dit"="Dit.exe" [2004-12-17 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-14 202256]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ArcSoft MediaImpression Downloader.lnk - c:\program files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe [2009-12-26 204800]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-1-4 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autochec
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [12/11/2008 8:43 AM 28544]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [1/17/2004 6:49 PM 17792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/12/2008 7:06 PM 93320]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 1:02 PM 1213728]
S3 CardReaderFilter;Card Reader Filter;c:\windows\SYSTEM32\DRIVERS\USBCRFT.SYS [7/11/2005 8:23 PM 18688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
2010-05-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8253915932.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
2010-05-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8253915932.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
2010-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8257486127.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
2010-06-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
2010-05-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://205.177.122.74/top/search.php?id=5&s=
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
IE: &AOL Email Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mozilla.com
FF - component: c:\program files\ArcSoft\MediaImpression Downloader\Plugin_FireFox\components\nsURLRecordEx.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-RunOnce-DelayShred - c:\program files\mcafee\mshr\ShrCL.EXE
HKLM-Run-USB Storage Toolbox - c:\program files\ALI MP3 Player\Res.EXE
HKLM-Run-tcactive - (no file)
HKLM-Run-tcmonitor - (no file)
SafeBoot-svcWRSSSDK
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 22:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-05-31 22:51:16
ComboFix-quarantined-files.txt 2010-06-01 03:51
Pre-Run: 11,398,971,392 bytes free
Post-Run: 11,361,517,568 bytes free
- - End Of File - - 7926ACE04B740D93767AB763F9460ABD
*************OTL Logs********************
OTL logfile created on: 5/31/2010 10:55:07 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 564.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.60 Gb Free Space | 18.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
========== Driver Services (SafeList) ==========
DRV - [2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/29 15:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 21:02:40 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/05/31 21:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/05/31 21:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 21:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/31 21:32:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/05/31 22:38:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (Lsa) - File not found
O30 - LSA: Security Packages - (ity Packages settings...) - File not found
O30 - LSA: Security Packages - (or) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/05/31 22:25:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 22:25:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 22:25:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 22:25:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 22:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 21:34:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/31 21:32:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\.SunDownloadManager
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:24:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/31 22:51:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 22:39:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 22:38:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/31 22:23:57 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/05/31 21:38:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/31 21:37:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/31 21:37:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/31 21:37:17 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 21:35:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/05/31 21:32:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/31 21:32:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:21:16 | 000,245,103 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\JavaRa.def
[2010/05/31 21:21:16 | 000,157,696 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Loren\Desktop\JavaRa.exe
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/26 11:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/25 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/31 22:25:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 22:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 22:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 22:25:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 22:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
< End of report >
#9
Posted 31 May 2010 - 10:32 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Juan1959,
I see part of Webroot is still there. If wanted to keep it tell me. Otherwise there are some malware that masquerade as this file, particularly where it is so I think we should endeavour to make sure it is gone.
Download and run Spy Sweeper/Webroot removal tool
After that
I see part of Webroot is still there. If wanted to keep it tell me. Otherwise there are some malware that masquerade as this file, particularly where it is so I think we should endeavour to make sure it is gone.
Download and run Spy Sweeper/Webroot removal tool
After that
- Close all windows and open OTL again.
- Click Run Scan and let the program run uninterrupted
- It will produce a log for you. Post the log here.
#10
Posted 31 May 2010 - 10:43 PM
Juan1959
- Topic Starter
-
- Member
-
- 33 posts
Member
Hi emeraldnzl,
I ran the spysweeper clean up and here is the OTL log.
OTL logfile created on: 5/31/2010 11:39:11 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.59 Gb Free Space | 18.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
========== Driver Services (SafeList) ==========
DRV - [2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/29 15:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 21:02:40 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/05/31 23:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/05/31 21:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 21:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/31 21:32:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/05/31 22:38:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (Lsa) - File not found
O30 - LSA: Security Packages - (ity Packages settings...) - File not found
O30 - LSA: Security Packages - (or) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/05/31 22:25:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 22:25:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 22:25:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 22:25:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 22:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 21:34:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/31 21:32:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\.SunDownloadManager
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:24:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/31 22:51:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 22:39:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 22:38:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/31 22:23:57 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/05/31 21:38:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/31 21:37:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/31 21:37:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/31 21:37:17 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 21:35:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/05/31 21:32:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/31 21:32:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:21:16 | 000,245,103 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\JavaRa.def
[2010/05/31 21:21:16 | 000,157,696 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Loren\Desktop\JavaRa.exe
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/26 11:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/25 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/31 22:25:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 22:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 22:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 22:25:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 22:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
< End of report >
I ran the spysweeper clean up and here is the OTL log.
OTL logfile created on: 5/31/2010 11:39:11 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.59 Gb Free Space | 18.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
========== Driver Services (SafeList) ==========
DRV - [2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/29 15:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 21:02:40 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/05/31 23:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/05/31 21:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 21:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/31 21:32:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/05/31 22:38:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (Lsa) - File not found
O30 - LSA: Security Packages - (ity Packages settings...) - File not found
O30 - LSA: Security Packages - (or) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/05/31 22:25:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 22:25:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 22:25:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 22:25:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 22:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 21:34:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/31 21:32:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\.SunDownloadManager
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:24:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/31 22:51:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 22:39:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 22:38:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/31 22:23:57 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/05/31 21:38:45 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/05/31 21:38:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/31 21:37:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/31 21:37:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/31 21:37:17 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 21:35:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/05/31 21:32:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/31 21:32:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/31 21:32:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/31 21:32:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 21:21:16 | 000,245,103 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\JavaRa.def
[2010/05/31 21:21:16 | 000,157,696 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Loren\Desktop\JavaRa.exe
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/30 23:46:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/05/26 11:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/25 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/31 22:25:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 22:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 22:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 22:25:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 22:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
< End of report >
#11
Posted 31 May 2010 - 11:08 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Juan1959,
Pesky thing. Might actually be malware... the removal tool hasn't done the job.
Let's do this:
Please run OTL.exe
You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.
If you no-longer have Malwarebytes please download from Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Next
Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.
Kaspersky works with Internet Explorer and Firefox 3.
Go to Kaspersky website and perform an online antivirus scan.
Note: you will need to turn off your security programs to allow Kaspersky to do its job.
So when you return please post
Pesky thing. Might actually be malware... the removal tool hasn't done the job.
Let's do this:
Please run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD) :Commands [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- It will produce a log for you on reboot, please post that log in your next reply.
You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.
If you no-longer have Malwarebytes please download from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Next
Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.
Kaspersky works with Internet Explorer and Firefox 3.
Go to Kaspersky website and perform an online antivirus scan.
Note: you will need to turn off your security programs to allow Kaspersky to do its job.
- Read through the requirements and privacy statement and click on Accept button.
- It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
So when you return please post
- OTL fix log
- MBAM log
- Kaspersky scan results
- and tell me how your computer is performing now
#12
Posted 02 June 2010 - 08:34 PM
Juan1959
- Topic Starter
-
- Member
-
- 33 posts
Member
Hi emeraldnzl,
========== OTL ==========
Service SSKBFD stopped successfully!
Service SSKBFD deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.5.0 log created on 06012010_063101
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4162
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/2/2010 12:30:48 AM
mbam-log-2010-06-02 (00-30-48).txt
Scan type: Quick scan
Objects scanned: 153929
Time elapsed: 47 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Kaspersky process did not complete. I received a few script errors and the need for an uninterrupted internet access referencing Java
Script: http://www.kaspersky...t/script.js:123 (last numbers varied) I selected "continue" and it loaded. But hung up with a script error and a blank error screen. It ran all day without completing.
========== OTL ==========
Service SSKBFD stopped successfully!
Service SSKBFD deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.5.0 log created on 06012010_063101
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4162
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/2/2010 12:30:48 AM
mbam-log-2010-06-02 (00-30-48).txt
Scan type: Quick scan
Objects scanned: 153929
Time elapsed: 47 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Kaspersky process did not complete. I received a few script errors and the need for an uninterrupted internet access referencing Java
Script: http://www.kaspersky...t/script.js:123 (last numbers varied) I selected "continue" and it loaded. But hung up with a script error and a blank error screen. It ran all day without completing.
#13
Posted 02 June 2010 - 09:07 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Juan1959,
Usually caused by some anti-malware program getting in the way but Kaspersky is notoriously sensitive.
Try this:
Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
Kaspersky process did not complete
Usually caused by some anti-malware program getting in the way but Kaspersky is notoriously sensitive.
Try this:
Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
- Click the green ESET Online Scanner box
- Tick the box next to YES, I accept the Terms of Use
- You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
- Click Start and if your security program asks you if you want to allow the program, click yes.
- If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
- Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
- Copy and paste that log as a reply to this topic
#14
Posted 03 June 2010 - 10:26 PM
Juan1959
- Topic Starter
-
- Member
-
- 33 posts
Member
Hi emeraldnzl
I ran the ESET program and it found and deleted one potential program. When closing the program, I did the auto delete and it looks like it deleted the .txt log file as there wasn't one when I looked. I am including an OTL in case that helps.
OTL logfile created on: 6/3/2010 11:22:12 PM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 438.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.36 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
========== Driver Services (SafeList) ==========
DRV - [2010/06/03 06:53:14 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/01 15:19:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 21:02:40 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/06/03 07:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/06/03 07:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 21:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/31 21:32:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/05/31 22:38:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (PTEC SHARED\SYSTEM) - File not found
O30 - LSA: Security Packages - (.) - . [2010/06/01 06:53:56 | 000,000,000 | R--D | M]
O30 - LSA: Security Packages - (urity Pack) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/06/03 07:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/01 06:53:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/01 06:53:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/01 06:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Malwarebytes' Anti-Malware
[2010/05/31 22:25:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 22:25:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 22:25:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 22:25:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 22:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 21:34:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/31 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\.SunDownloadManager
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[2010/04/27 01:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\josghvtwl
[2010/04/18 08:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/18 08:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/04/18 08:37:57 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/04/18 07:48:01 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/18 07:47:13 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/18 07:47:13 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/18 07:47:13 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/18 07:47:12 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/18 07:47:12 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/18 07:47:11 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/18 07:47:10 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/17 23:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\Download Manager
[2010/04/17 23:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2010/04/13 21:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Real
[2010/04/13 21:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/21 21:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\My Documents\Cucusoft
[2010/03/21 21:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Cucusoft
[2010/03/13 21:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling_files
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/06/03 06:53:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/03 06:53:14 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/06/03 06:53:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/06/03 06:53:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 06:52:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/03 06:52:50 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 06:51:44 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/06/03 06:51:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/06/02 23:46:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/06/02 11:21:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/01 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/06/01 06:54:01 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 22:39:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 22:38:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/31 21:21:16 | 000,245,103 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\JavaRa.def
[2010/05/31 21:21:16 | 000,157,696 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Loren\Desktop\JavaRa.exe
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/18 01:16:10 | 2214,896,284 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:49 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:01:41 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/21 21:43:25 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Cucusoft iPod Video Converter Suite.lnk
[2010/03/20 05:45:03 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\My Sharing Folders.lnk
[2010/03/13 21:14:16 | 000,027,298 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:14 | 000,052,792 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2010/03/11 04:15:38 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/01 06:54:01 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 06:39:25 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/31 22:25:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 22:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 22:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 22:25:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 22:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/01 09:47:44 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/04/17 23:35:06 | 2214,896,284 | ---- | C] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/04/13 21:09:49 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:09:47 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/03/21 21:12:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/13 21:13:58 | 000,027,298 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:04 | 000,052,792 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== LOP Check ==========
[2009/05/08 21:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/08 21:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2006/09/29 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2003/01/04 17:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/12/30 01:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/18 08:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2005/02/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0137
[2008/11/15 11:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/11 16:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/17 22:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/05/08 21:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/18 19:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/09 21:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 08:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/18 03:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2003/02/21 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\InterTrust
[2004/01/06 20:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Leadertech
[2007/06/26 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller
[2006/08/27 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(2)
[2006/11/19 16:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(3)
[2006/08/22 22:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Tenebril
[2010/06/02 23:46:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
< End of report >
I ran the ESET program and it found and deleted one potential program. When closing the program, I did the auto delete and it looks like it deleted the .txt log file as there wasn't one when I looked. I am including an OTL in case that helps.
OTL logfile created on: 6/3/2010 11:22:12 PM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 438.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 10.36 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NUMBER1
Current User Name: Loren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
PRC - [2010/04/13 21:01:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/09/01 19:48:40 | 000,204,800 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/11/16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/12/17 14:21:02 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
========== Driver Services (SafeList) ==========
DRV - [2010/06/03 06:53:14 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/12/10 17:50:58 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 15:54:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 08:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com"
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.1.0.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/01 15:19:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\MediaImpression Downloader\Plugin_FireFox [2009/12/26 08:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/26 21:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 13:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 21:02:40 | 000,000,000 | ---D | M]
[2008/09/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Extensions
[2010/06/03 07:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions
[2010/04/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2007/08/15 20:27:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\searchplugins\siteadvisor.xml
[2010/06/03 07:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 21:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/31 21:32:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/05/31 22:38:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MediaImpression Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (Tenebril Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4426.1630\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ArcSoft MediaImpression Downloader.lnk = C:\Program Files\ArcSoft\MediaImpression Downloader\MediaImpressionDownloader.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...598/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (PTEC SHARED\SYSTEM) - File not found
O30 - LSA: Security Packages - (.) - . [2010/06/01 06:53:56 | 000,000,000 | R--D | M]
O30 - LSA: Security Packages - (urity Pack) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autochec) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/06/03 07:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/01 06:53:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/01 06:53:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/01 06:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Malwarebytes' Anti-Malware
[2010/05/31 22:25:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 22:25:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 22:25:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 22:25:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 22:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 21:34:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/31 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\.SunDownloadManager
[2010/05/31 07:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\GMER
[2010/05/31 07:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Logs 5-31-10
[2010/05/24 23:33:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/21 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 09:38:45 | 000,000,000 | ---D | C] -- C:\Webroot
[2010/04/27 01:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\josghvtwl
[2010/04/18 08:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/18 08:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/04/18 08:37:57 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/04/18 07:48:01 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/18 07:47:13 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/18 07:47:13 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/18 07:47:13 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/18 07:47:12 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/18 07:47:12 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/18 07:47:11 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/18 07:47:10 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/17 23:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\Download Manager
[2010/04/17 23:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2010/04/13 21:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Real
[2010/04/13 21:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/21 21:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\My Documents\Cucusoft
[2010/03/21 21:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Local Settings\Application Data\Cucusoft
[2010/03/13 21:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling_files
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/06/03 06:53:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/03 06:53:14 | 000,018,688 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/06/03 06:53:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/06/03 06:53:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 06:52:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/03 06:52:50 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 06:51:44 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Loren\ntuser.dat
[2010/06/03 06:51:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loren\NTUSER.INI
[2010/06/02 23:46:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
[2010/06/02 11:21:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/01 18:34:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/06/01 06:54:01 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 22:39:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 22:38:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/31 21:21:16 | 000,245,103 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\JavaRa.def
[2010/05/31 21:21:16 | 000,157,696 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Loren\Desktop\JavaRa.exe
[2010/05/31 07:29:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\gmer.exe
[2010/05/25 13:26:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Loren\default.pls
[2010/05/25 13:24:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/24 23:56:18 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\NTREGOPT.lnk
[2010/05/24 23:56:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\ERUNT.lnk
[2010/05/24 23:33:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Loren\Desktop\erunt_setup.exe
[2010/05/24 23:33:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\TFC.exe
[2010/05/24 23:24:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loren\Desktop\OTL.exe
[2010/05/22 00:00:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 23:53:54 | 000,345,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/21 23:53:53 | 000,404,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 23:53:53 | 000,053,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/21 22:47:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/12 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 13:49:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 21:32:15 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/18 01:16:10 | 2214,896,284 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:49 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:01:41 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/21 21:43:25 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Cucusoft iPod Video Converter Suite.lnk
[2010/03/20 05:45:03 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Loren\My Documents\My Sharing Folders.lnk
[2010/03/13 21:14:16 | 000,027,298 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:14 | 000,052,792 | ---- | M] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2010/03/11 04:15:38 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[4 C:\Documents and Settings\Loren\My Documents\*.tmp files -> C:\Documents and Settings\Loren\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/01 06:54:01 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 06:39:25 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/31 22:25:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 22:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 22:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 22:25:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 22:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/01 09:47:44 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/04/17 23:35:06 | 2214,896,284 | ---- | C] () -- C:\Documents and Settings\Loren\My Documents\garmin_rmu_cnnant2010_40.exe
[2010/04/13 21:09:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/04/13 21:09:49 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/13 21:09:47 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3056337734-3483860200-2171920022-1006.job
[2010/03/21 21:12:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/13 21:13:58 | 000,027,298 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\year_round_education.html
[2010/03/13 21:05:04 | 000,052,792 | ---- | C] () -- C:\Documents and Settings\Loren\Desktop\Research Center Year-Round Schooling.htm
[2009/02/06 00:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/06 00:47:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/26 19:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/04/29 19:45:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/03 11:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/02 17:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/02 17:09:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/02 17:09:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/02 17:09:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/02 17:09:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/02/02 16:16:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/22 11:31:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 09:08:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/10 09:08:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/08 09:43:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 12:13:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/11 20:23:36 | 000,000,477 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/22 13:55:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2005/03/27 20:35:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/03/27 20:35:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/11 09:37:21 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/04/13 11:53:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2004/04/10 22:07:24 | 000,000,603 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/04/02 14:55:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/03/05 16:36:59 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/03/05 16:36:59 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/03/05 16:36:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/03/05 16:36:21 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/07 21:10:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/06 20:48:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 21:36:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cgspell.ini
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/09/23 18:03:37 | 000,001,742 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/09/21 10:09:43 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/08/20 18:54:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/04/06 18:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/30 19:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/04 17:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/04 17:13:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/04 17:13:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/04 17:08:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/04 16:47:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
========== LOP Check ==========
[2009/05/08 21:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/08 21:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2006/09/29 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2003/01/04 17:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/12/30 01:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/18 08:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2005/02/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0137
[2008/11/15 11:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/11 16:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/17 22:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/05/08 21:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/18 19:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/09 21:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 08:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/18 03:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\GARMIN
[2003/02/21 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\InterTrust
[2004/01/06 20:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Leadertech
[2007/06/26 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller
[2006/08/27 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(2)
[2006/11/19 16:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\MSNInstaller(3)
[2006/08/22 22:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loren\Application Data\Tenebril
[2010/06/02 23:46:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1257486127.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2009/11/06 00:45:52 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2009/11/06 00:45:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2008/11/15 12:23:13 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮浸l
[2008/11/15 12:23:09 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌敲屮灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
< End of report >
#15
Posted 04 June 2010 - 12:36 AM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
How is your machine now?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
