Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

GDUjiwcDlsMLa Trojan


  • This topic is locked This topic is locked

#1
turkeestalker

turkeestalker

    Member

  • Member
  • PipPip
  • 35 posts
Good People,
I've picked up a trojan that I can not seem to remove. This topic title indicates what I believe the name of this trojan is. It has hidden my program files, my desktop icons, my quick launch icons, and so on and so on. Not certain exactly when I got it, but know that I was using YSupra when I picked it up. I'm used to using Newbie.org, luckily have not had to in some time, however it seems thier forum is down at present. Any assistance would be greatly appreciated.
Many thanks in advance,
Jim

XP Professional, 2002 sp3
McAfee Security Center powered by AT&T/Yahoo

I've tried using Panda ActiveScan in safemode, which seemed ineffectual.
I've tried MalwareBytes, which seems to have been neutred, even in safe mode.
My McAffee had been shut off, and seems to be running normally after having turned it back on, yet I'm guessing its been neutred as well.
I've surfed for some help, and found some ideas, none of which have fixed the problem completely, but a tool called Trojan Remover did aid me in getting my desktop icons back. Though they are still seemingly hidden.


OK, I've done something wrong in posting?

Edited by turkeestalker, 05 June 2011 - 12:31 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello turkeestalker and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%temp%\smtmp\*.* /s
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#3
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Maliprog,
Thank you for your assistance. I downloaded both programs as you instructed. Ran them in the order you indicated, yet OTL only provided one notepad log. I am posting it here and will wait for further instructions.
Thank you,
Turkeestalker


OTL logfile created on: 6/5/2011 2:57:43 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\JDA.MINE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.57% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 81.84 Gb Free Space | 73.21% Space Free | Partition Type: NTFS

Computer Name: MINE | User Name: JDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 14:55:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 14:55:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/10/06 10:18:06 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2003/01/10 13:07:32 | 000,102,400 | ---- | M] (Intel Corp.) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe -- (imonNT) Intel®
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 22:53:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2008/04/13 21:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 17:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam PTZ(UVC)
DRV - [2006/06/22 17:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 17:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 17:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/06/22 17:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2004/02/24 21:47:04 | 000,679,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/17 17:38:56 | 000,035,012 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2003/05/08 23:00:56 | 000,033,248 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2003/01/10 13:05:10 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2003/01/10 13:04:46 | 000,016,480 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iSMBIOS.SYS -- (iSMBIOS)
DRV - [2002/10/23 10:05:06 | 000,021,963 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smb.sys -- (smbusp) Intel®
DRV - [2002/09/20 12:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/05 13:46:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/04 13:29:59 | 000,000,949 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110513121300.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker...230999680000000 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\bw+0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {4b04c7f3-ea44-43de-89e9-07e6c2c7c399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {4B04C7F3-EA44-43DE-89E9-07E6C2C7C399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (maliprog @ Geekstogo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\JDA.MINE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JDA.MINE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 16:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 14:55:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
[2011/06/05 14:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/05 14:48:46 | 000,746,899 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\JDA.MINE\Desktop\explorer.exe
[2011/06/04 13:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JDA.MINE\Application Data\Simply Super Software
[2011/06/04 13:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JDA.MINE\My Documents\Simply Super Software
[2011/06/04 13:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/04 13:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011/06/04 13:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/06/04 13:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/06/04 01:12:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JDA.MINE\Recent
[2011/05/27 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/05/24 17:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/05/17 17:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/05/17 17:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/05/17 17:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PrivacyS (2)
[2011/05/17 17:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ModelDat (2)
[2011/05/17 16:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
[2011/05/14 22:06:25 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/05/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JDA.MINE\Application Data\InstallShield
[2008/11/04 19:57:16 | 000,037,973 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GnStor2K.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 14:56:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2011/06/05 14:55:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
[2011/06/05 14:54:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/05 14:48:50 | 000,746,899 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\JDA.MINE\Desktop\explorer.exe
[2011/06/05 14:27:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/05 13:47:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/06/05 13:47:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 13:46:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 13:29:59 | 000,000,949 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/04 08:29:08 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cunn.sys
[2011/05/31 05:24:21 | 000,028,535 | ---- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\Explanation.odt
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/17 17:22:10 | 000,118,784 | R--- | M] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2011/05/17 16:53:39 | 000,432,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 16:53:39 | 000,067,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/13 17:57:51 | 004,894,115 | ---- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\Round and Round.wma
[2011/05/13 17:57:07 | 000,010,213 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\Folder.jpg
[2011/05/13 17:57:07 | 000,010,213 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Desktop\Folder.jpg
[2011/05/13 17:57:07 | 000,010,213 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Large.jpg
[2011/05/13 17:57:07 | 000,010,213 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Desktop\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Large.jpg
[2011/05/13 17:57:04 | 000,002,297 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArtSmall.jpg
[2011/05/13 17:57:04 | 000,002,297 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Desktop\AlbumArtSmall.jpg
[2011/05/13 17:57:04 | 000,002,297 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Small.jpg
[2011/05/13 17:57:04 | 000,002,297 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Desktop\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Small.jpg
[2011/05/13 16:04:29 | 000,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 13:10:23 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/06/04 13:10:23 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/06/04 13:10:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/06/04 13:10:23 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/06/04 08:29:08 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cunn.sys
[2011/05/27 15:41:28 | 000,028,535 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\Explanation.odt
[2011/05/24 17:27:15 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/17 17:24:36 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/05/17 17:24:36 | 000,004,770 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2011/05/17 17:22:13 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2011/05/17 16:43:32 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2011/05/17 16:42:49 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2011/05/17 16:42:49 | 000,005,110 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2011/05/13 19:12:13 | 000,010,213 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\Desktop\Folder.jpg
[2011/05/13 19:12:13 | 000,010,213 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\Desktop\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Large.jpg
[2011/05/13 19:12:13 | 000,002,297 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\Desktop\AlbumArtSmall.jpg
[2011/05/13 19:12:13 | 000,002,297 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\Desktop\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Small.jpg
[2011/05/13 17:57:11 | 000,010,213 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Large.jpg
[2011/05/13 17:57:11 | 000,002,297 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Small.jpg
[2011/05/08 13:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/08 13:40:18 | 004,894,115 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\Round and Round.wma
[2010/08/01 12:57:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nmozamodetakobi.dat
[2010/08/01 12:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rcayitixe.bin
[2010/08/01 08:00:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/03 23:29:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\yacsui.dll
[2009/08/29 16:29:53 | 000,000,147 | ---- | C] () -- C:\WINDOWS\YAHELITE_IGNORE.INI
[2009/08/29 16:29:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\YAHVOX_ignore.ini
[2009/08/29 16:26:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2009/08/21 05:31:17 | 000,002,167 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2009/08/21 05:29:41 | 000,006,382 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2009/07/26 19:03:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2009/04/05 09:58:59 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/04 11:12:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/03/21 14:42:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/26 10:44:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/11/08 10:35:34 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/05 16:42:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/05 16:35:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/05 10:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/05 10:25:12 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/04 20:04:06 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/11/04 20:04:06 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2008/11/04 19:59:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxalih.exe
[2008/11/04 19:59:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/11/04 19:59:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxallcnp.dll
[2008/11/04 19:57:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2008/11/04 19:57:20 | 000,000,716 | ---- | C] () -- C:\WINDOWS\GNFORMAT.INI
[2008/11/04 19:57:17 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2008/11/04 19:57:17 | 000,008,576 | ---- | C] () -- C:\WINDOWS\gncache.ini
[2008/11/04 19:57:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2008/11/04 19:57:16 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2008/11/04 19:57:15 | 000,004,567 | ---- | C] () -- C:\WINDOWS\System32\GNUSBPDR.INI
[2008/11/04 17:48:09 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2008/11/04 17:26:44 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2008/11/04 17:26:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2008/11/04 17:26:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2008/11/04 17:26:41 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2008/04/14 03:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 03:00:00 | 000,432,664 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 03:00:00 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 03:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/02/24 21:45:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/02/24 21:45:28 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(9).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(8).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(7).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(31).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(30).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(29).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(28).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(27).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(26).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(25).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(24).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(23).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(22).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(21).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(20).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(19).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(18).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(17).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(16).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(15).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(14).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(13).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(12).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(11).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(10).dll
[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/06/04 18:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2011/01/21 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/02/24 22:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oBiKkOf09000
[2011/06/04 13:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/06/04 13:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/04 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ACD Systems
[2008/11/04 17:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ACDInTouch
[2008/11/05 17:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ATTToolbar
[2008/11/07 07:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/13 21:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\EPSON
[2011/06/02 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\FrostWire
[2009/01/28 08:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ieSpell
[2011/01/21 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\iolo
[2008/12/13 15:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\LimeWire
[2008/11/10 06:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\OpenOffice.org
[2011/06/04 13:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\Simply Super Software
[2010/02/06 13:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\SmartDraw
[2010/11/01 17:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\Y!Supra
[2011/06/05 14:54:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/05 14:56:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %temp%\smtmp\*.* /s >
[2008/11/05 16:39:25 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\desktop.ini
[2009/03/01 02:00:01 | 000,001,607 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2008/11/05 16:39:25 | 000,000,680 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2008/11/04 17:54:03 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2008/11/07 07:49:01 | 000,000,740 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
[2011/03/27 22:05:08 | 000,002,347 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2008/11/05 16:37:43 | 000,000,150 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\desktop.ini
[2008/11/05 16:35:21 | 000,001,986 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
[2011/05/24 17:24:10 | 000,000,955 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
[2008/11/05 16:35:49 | 000,000,609 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2008/11/05 16:37:43 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2009/07/28 16:09:06 | 000,000,876 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yazak.exe.lnk
[2009/03/01 02:00:01 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2011/05/17 17:24:46 | 000,000,332 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/03/01 02:00:01 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2009/03/01 02:00:01 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2011/05/17 17:24:46 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2008/11/05 16:35:48 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2008/12/01 02:00:03 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2008/11/05 16:35:48 | 000,000,090 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2008/11/05 16:39:25 | 000,000,448 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2008/11/05 16:35:48 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2008/12/01 02:00:03 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2008/12/01 02:00:03 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2008/12/01 02:00:03 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/12/01 02:00:03 | 000,001,700 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2008/11/05 16:35:48 | 000,000,146 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2009/03/01 02:00:01 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2008/12/01 02:00:03 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2008/12/01 02:00:03 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2009/03/01 02:00:01 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2008/11/05 16:39:25 | 000,000,757 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2008/11/04 19:47:51 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2009/02/09 19:49:36 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2010/09/01 01:00:05 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2008/12/01 02:00:03 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2009/03/01 02:00:01 | 000,001,583 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.lnk
[2008/11/05 16:37:37 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2010/09/01 01:00:05 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2008/11/06 18:47:22 | 000,001,769 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] ISO Burner\[email protected] ISO Burner 1.1.lnk
[2008/11/06 18:47:22 | 000,001,826 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] ISO Burner\[email protected] ISO Burner Help.lnk
[2008/11/06 18:47:22 | 000,001,686 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] ISO Burner\Uninstall Software.lnk
[2011/01/21 18:58:14 | 000,000,866 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Read Me (List of Files).lnk
[2011/01/21 18:58:14 | 000,001,797 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Uninstall Software.lnk
[2011/01/21 18:58:14 | 000,002,095 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\[email protected] KillDisk for DOS (Real-mode).lnk
[2011/01/21 18:58:14 | 000,001,961 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\[email protected] KillDisk for DOS User's Manual.lnk
[2011/01/21 18:58:14 | 000,002,093 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\[email protected] KillDisk for DOS.lnk
[2011/01/21 18:58:14 | 000,000,823 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\Bootable CD ISO File.lnk
[2011/01/21 18:58:14 | 000,001,961 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for Windows\[email protected] KillDisk for Windows User's Manual.lnk
[2011/01/21 18:58:14 | 000,001,961 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for Windows\[email protected] KillDisk for Windows.lnk
[2011/01/21 18:58:14 | 000,002,092 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Bootable Disk Creators\Bootable DOS CD Disk Creator.lnk
[2011/01/21 18:58:14 | 000,001,945 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Bootable Disk Creators\Bootable DOS Floppy or USB Disk Creator.lnk
[2008/11/05 16:35:30 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2009/03/01 02:00:02 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2009/03/01 02:00:02 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2008/11/05 16:39:25 | 000,000,545 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2009/03/01 02:00:02 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2009/03/01 02:00:02 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2009/03/01 02:00:02 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2009/03/01 02:00:02 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2008/11/04 20:11:50 | 000,001,696 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\PowerDVD Help.lnk
[2008/11/04 20:11:50 | 000,001,696 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\PowerDVD.lnk
[2008/11/04 20:11:50 | 000,001,452 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\Readme.lnk
[2008/11/04 20:11:50 | 000,001,717 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\Uninstall PowerDVD.lnk
[2009/02/27 18:39:18 | 000,000,559 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Deer Avenger 4\Deer Avenger 4.lnk
[2009/02/27 18:39:18 | 000,000,487 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Deer Avenger 4\Read Me.lnk
[2009/02/27 18:39:18 | 000,000,594 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Deer Avenger 4\Uninstall.lnk
[2009/02/09 16:56:24 | 000,000,670 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan Settings.lnk
[2009/02/09 16:56:24 | 000,000,677 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan.lnk
[2011/01/29 20:19:53 | 000,001,731 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Printer Software Uninstall.lnk
[2011/01/29 20:19:29 | 000,000,114 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX4800 Series Online Support.url
[2008/11/05 16:35:48 | 000,000,798 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Games\desktop.ini
[2009/03/01 02:00:02 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2008/12/01 02:00:05 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2008/11/05 16:35:48 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2008/11/05 16:35:48 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2008/11/05 16:35:48 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2008/11/05 16:35:48 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2008/11/05 16:35:48 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2009/03/01 02:00:02 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2008/11/05 16:35:48 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2009/03/01 02:00:02 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2008/12/01 02:00:06 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2009/03/29 20:34:16 | 000,001,881 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Bird Hunter 2003 Help.lnk
[2009/03/29 20:34:16 | 000,001,784 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Bird Hunter 2003.lnk
[2009/03/29 20:34:16 | 000,001,858 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Hunting Trilogy Video.lnk
[2009/03/29 20:34:15 | 000,001,767 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Infogrames Support Web Page.lnk
[2009/03/29 20:34:15 | 000,001,801 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Infogrames Web Page.lnk
[2009/03/29 20:34:16 | 000,001,781 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Read Me.lnk
[2009/03/29 20:34:16 | 000,001,791 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Sunstorm Web Page.lnk
[2009/03/29 20:34:16 | 000,001,803 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\SunstormCentral Web Page.lnk
[2009/03/29 20:34:16 | 000,001,637 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Uninstall.lnk
[2009/03/29 20:34:15 | 000,001,817 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Tools\Projectile Editor.lnk
[2009/03/29 20:34:16 | 000,001,822 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Tools\SeriousEditor.lnk
[2009/03/29 20:34:15 | 000,001,837 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Tools\SeriousSkaStudio.lnk
[2008/11/04 18:38:18 | 000,000,889 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Intel\Intel Active Monitor\Intel Active Monitor Help.lnk
[2008/11/04 18:38:18 | 000,000,889 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Intel\Intel Active Monitor\Intel Active Monitor.lnk
[2008/11/04 18:38:18 | 000,000,783 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Intel\Intel Active Monitor\Read Me.lnk
[2010/05/14 14:10:37 | 000,001,696 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Java Web Start\Java Web Start.lnk
[2008/11/04 20:00:35 | 000,000,933 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Z65\Lexmark Z65 Solution Center.lnk
[2008/11/04 20:00:35 | 000,000,529 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Z65\Readme.lnk
[2008/11/04 20:00:36 | 000,000,921 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Z65\Uninstall Lexmark Z65.lnk
[2011/05/17 17:22:20 | 000,001,871 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Desktop Messenger.lnk
[2011/05/17 17:19:17 | 000,001,909 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech QuickCam 10.0.lnk
[2008/11/05 19:50:34 | 000,000,583 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Majestic Chess\Majestic Chess.lnk
[2008/11/05 19:50:34 | 000,001,220 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Majestic Chess\Uninstall Majestic Chess.lnk
[2008/11/05 19:50:34 | 000,000,663 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Majestic Chess\User Guide.lnk
[2010/11/30 20:38:20 | 000,000,796 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
[2010/11/30 20:38:20 | 000,000,796 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
[2010/11/30 20:38:20 | 000,000,820 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
[2011/05/27 17:04:46 | 000,001,607 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\McAfee\McAfee SecurityCenter.lnk
[2008/12/23 10:11:30 | 000,001,946 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\AMV Converter.lnk
[2008/12/23 10:19:56 | 000,002,465 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\AMV Player.lnk
[2008/12/23 10:23:45 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\Media Manager.lnk
[2008/12/23 10:29:42 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\MP3 Player Disk Manager.lnk
[2008/12/23 10:20:10 | 000,002,485 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\MP3 Player Upgrade Tool.lnk
[2008/12/23 10:11:30 | 000,000,513 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\Uninstall.lnk
[2008/11/04 20:04:45 | 000,001,933 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\FileCD.lnk
[2008/11/04 20:04:45 | 000,001,845 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\JewelCase Maker.lnk
[2008/11/04 20:04:45 | 000,001,852 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Music Cafe.lnk
[2008/11/04 20:04:45 | 000,001,845 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\NTI CD-Maker Gold.lnk
[2008/11/04 20:05:51 | 000,001,923 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\QuickStart Guide.lnk
[2008/11/04 20:04:45 | 000,001,738 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Read Me.lnk
[2008/11/04 20:04:45 | 000,001,745 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Trouble Shooting Guide.lnk
[2008/11/04 20:05:51 | 000,001,903 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\User's Guide.lnk
[2008/11/04 20:05:51 | 000,001,918 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Utility Guide.lnk
[2008/11/04 20:04:45 | 000,001,852 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Wave Editor.lnk
[2008/11/04 18:30:57 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\OpenOffice.org 3.0\Desktop.ini
[2008/11/04 18:30:47 | 000,000,857 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Base.lnk
[2008/11/04 18:30:47 | 000,000,841 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Calc.lnk
[2008/11/04 18:30:47 | 000,000,791 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Draw.lnk
[2008/11/04 18:30:47 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Impress.lnk
[2008/11/04 18:30:47 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Math.lnk
[2008/11/04 18:30:47 | 000,000,865 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Writer.lnk
[2008/11/04 18:30:47 | 000,000,917 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org.lnk
[2010/08/09 19:57:54 | 000,000,485 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\Lexun Freeware.lnk
[2010/08/09 19:57:53 | 000,000,662 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\RegScrubXP User's Guide.lnk
[2010/08/09 19:57:53 | 000,000,662 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\RegScrubXP.lnk
[2010/08/09 19:57:54 | 000,000,652 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\Uninstall RegScrubXP.lnk
[2010/08/09 19:57:53 | 000,000,692 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\XP Tips & Tweaks.lnk
[2011/05/17 16:47:00 | 000,001,473 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\AudioWizard.lnk
[2011/05/17 16:46:52 | 000,001,459 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\DLS Loader.lnk
[2011/05/17 16:46:54 | 000,001,451 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\SoundMAX Control Panel.lnk
[2011/05/17 16:47:00 | 000,000,619 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\SoundMAX Help.lnk
[2008/11/05 16:39:25 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\1\Programs\Startup\desktop.ini
[2011/05/17 17:22:20 | 000,001,885 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Startup\Logitech Desktop Messenger.lnk
[2008/11/04 19:57:22 | 000,000,722 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\USB Card Reader\Digital Media Formatter.lnk
[2008/11/04 19:57:28 | 000,000,705 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\USB Card Reader\Remove USB Card Reader.lnk
[2009/07/06 21:44:54 | 000,000,884 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\VBRunDLL\Uninstall VBRunDLL.lnk
[2009/07/23 17:54:56 | 000,000,685 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
[2009/07/23 17:54:56 | 000,000,704 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
[2009/07/23 17:54:56 | 000,000,704 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
[2011/02/19 07:21:23 | 000,000,685 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Y!Supra\Uninstall Y!Supra.lnk
[2011/02/19 07:21:23 | 000,000,678 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Y!Supra\Y!Supra.lnk
[2009/09/24 21:27:41 | 000,000,714 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Uninstall Yahaven!.lnk
[2009/09/24 21:27:41 | 000,000,845 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven Features!.lnk
[2009/09/24 21:27:41 | 000,000,072 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven! Official Forum.url
[2009/09/24 21:27:41 | 000,000,053 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven! Official Website.url
[2009/09/24 21:27:41 | 000,001,647 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven! Updater.lnk
[2009/09/24 21:27:41 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven!.lnk
[2009/08/21 05:29:34 | 000,001,553 | R--- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\YahELite\mirror.html.lnk
[2009/08/21 05:29:34 | 000,001,560 | R--- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\YahELite\_README!.txt.lnk
[2010/08/01 16:32:27 | 000,000,812 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk
[2009/07/28 16:09:06 | 000,000,898 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yazak Chat\Uninstall Yazak Chat.lnk
[2009/07/28 16:09:06 | 000,000,882 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yazak Chat\Yazak.exe.lnk
[2010/03/11 19:03:21 | 000,001,333 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\AT&T Yahoo! Mail (wyattwirp).url
[2008/11/05 16:47:03 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Temp\smtmp\2\desktop.ini
[2011/04/29 18:01:00 | 000,000,880 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\FrostWire 4.21.3.lnk
[2009/08/14 21:54:03 | 000,000,763 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\IE8 InPrivate.lnk
[2011/02/19 07:21:25 | 000,000,684 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\Y!Supra.lnk
[2010/08/01 16:32:27 | 000,000,818 | ---- | M] () -- C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\Yahoo! Messenger.lnk


< MD5 for: EXPLORER.EXE >
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/06/05 14:48:50 | 000,746,899 | ---- | M] (maliprog @ Geekstogo) MD5=63D3E5DF5649944E98479274F9245203 -- C:\Documents and Settings\JDA.MINE\Desktop\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi turkeestalker,

Please test your system after these two steps.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/02/24 22:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oBiKkOf09000
    [2011/06/05 14:56:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#5
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Maliprog,
Here is the OTL fix log:

========== OTL ==========
Folder C:\Documents and Settings\All Users\Application Data\oBiKkOf09000\ not found.
C:\WINDOWS\Tasks\Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\JDA.MINE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JDA.MINE\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yazak.exe.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] ISO Burner\[email protected] ISO Burner 1.1.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] ISO Burner\[email protected] ISO Burner Help.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] ISO Burner\Uninstall Software.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Read Me (List of Files).lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Uninstall Software.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\[email protected] KillDisk for DOS (Real-mode).lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\[email protected] KillDisk for DOS User's Manual.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\[email protected] KillDisk for DOS.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for DOS\Bootable CD ISO File.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for Windows\[email protected] KillDisk for Windows User's Manual.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\[email protected] KillDisk for Windows\[email protected] KillDisk for Windows.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Bootable Disk Creators\Bootable DOS CD Disk Creator.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\[email protected] KillDisk FREE Suite\Bootable Disk Creators\Bootable DOS Floppy or USB Disk Creator.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\PowerDVD Help.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\PowerDVD.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\Readme.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\CyberLink PowerDVD\Uninstall PowerDVD.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Deer Avenger 4\Deer Avenger 4.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Deer Avenger 4\Read Me.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Deer Avenger 4\Uninstall.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Printer Software Uninstall.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX4800 Series Online Support.url
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan Settings.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Bird Hunter 2003 Help.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Bird Hunter 2003.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Hunting Trilogy Video.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Infogrames Support Web Page.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Infogrames Web Page.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Read Me.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Sunstorm Web Page.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\SunstormCentral Web Page.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Uninstall.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Tools\Projectile Editor.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Tools\SeriousEditor.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Infogrames\Bird Hunter 2003\Tools\SeriousSkaStudio.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Intel\Intel Active Monitor\Intel Active Monitor Help.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Intel\Intel Active Monitor\Intel Active Monitor.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Intel\Intel Active Monitor\Read Me.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Java Web Start\Java Web Start.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Z65\Lexmark Z65 Solution Center.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Z65\Readme.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Z65\Uninstall Lexmark Z65.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Desktop Messenger.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech QuickCam 10.0.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Majestic Chess\Majestic Chess.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Majestic Chess\Uninstall Majestic Chess.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Majestic Chess\User Guide.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\McAfee\McAfee SecurityCenter.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\AMV Converter.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\AMV Player.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\Media Manager.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\MP3 Player Disk Manager.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\MP3 Player Upgrade Tool.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\MP3 Player Utilities 4.18\Uninstall.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\FileCD.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\JewelCase Maker.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Music Cafe.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\NTI CD-Maker Gold.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\QuickStart Guide.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Read Me.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Trouble Shooting Guide.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\User's Guide.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Utility Guide.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\NTI CD-Maker\Wave Editor.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\Desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Base.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Calc.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Draw.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Impress.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Math.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org Writer.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.0\OpenOffice.org.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\Lexun Freeware.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\RegScrubXP User's Guide.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\RegScrubXP.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\Uninstall RegScrubXP.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\RegScrubXP\XP Tips & Tweaks.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\AudioWizard.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\DLS Loader.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\SoundMAX Control Panel.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\SoundMAX Help.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Startup\Logitech Desktop Messenger.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\USB Card Reader\Digital Media Formatter.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\USB Card Reader\Remove USB Card Reader.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\VBRunDLL\Uninstall VBRunDLL.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Y!Supra\Uninstall Y!Supra.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Y!Supra\Y!Supra.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Uninstall Yahaven!.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven Features!.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven! Official Forum.url
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven! Official Website.url
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven! Updater.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahaven!\Yahaven!.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\YahELite\mirror.html.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\YahELite\_README!.txt.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yazak Chat\Uninstall Yazak Chat.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\1\Programs\Yazak Chat\Yazak.exe.lnk
165 File(s) copied
C:\Documents and Settings\JDA.MINE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JDA.MINE\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\AT&T Yahoo! Mail (wyattwirp).url
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\FrostWire 4.21.3.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\IE8 InPrivate.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\Y!Supra.lnk
C:\DOCUME~1\JDA~1.MIN\LOCALS~1\Temp\smtmp\2\Yahoo! Messenger.lnk
6 File(s) copied
C:\Documents and Settings\JDA.MINE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JDA.MINE\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\JDA.MINE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JDA.MINE\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\JDA.MINE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JDA.MINE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_054354
  • 0

#6
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
... and here is the Mbam log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6785

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2011 6:07:45 AM
mbam-log-2011-06-06 (06-07-45).txt

Scan type: Quick scan
Objects scanned: 187040
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\jda.mine\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Problems?
  • 0

#8
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Maliprg,
No, at this point there do not seem to be any problems. Some things have been rearranged obviously, but these things I can correct easily enough. I do appreciate your guidance greatly, thank you.
Turkeestalker
  • 0

#9
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Enjoy the coffee!
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi turkeestalker,

Thank you for your donation! It really helps a lot! Coffee keeps me up and running :)

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

Advertisements


#11
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you Maliprog, I'll do that. I did notice that system restore still says 'can not protect your system, please restart and try again', when I navigate to it.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi turkeestalker,

Do you have Windows XP installation disk? I'm afraid we can't repair this without it.

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    C:\notepad.* /s
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

  • 0

#13
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I do, but it is a copy, however its the copy I used to install the validated copy on this machine.

OTL logfile created on: 6/6/2011 2:47:51 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\JDA.MINE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.25% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 84.01 Gb Free Space | 75.15% Space Free | Partition Type: NTFS

Computer Name: MINE | User Name: JDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 14:45:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/06/26 10:34:58 | 000,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2006/06/26 10:34:40 | 000,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/26 10:33:32 | 000,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/26 09:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2003/05/29 16:28:32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2003/01/10 13:08:46 | 000,032,768 | ---- | M] () -- C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
PRC - [2003/01/10 13:07:32 | 000,102,400 | ---- | M] (Intel Corp.) -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 14:45:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2006/06/26 10:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/10/06 10:18:06 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2003/01/10 13:07:32 | 000,102,400 | ---- | M] (Intel Corp.) [Auto | Running] -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe -- (imonNT) Intel®
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 22:53:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2008/04/13 21:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 17:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam PTZ(UVC)
DRV - [2006/06/22 17:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 17:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 17:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/06/22 17:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2004/02/24 21:47:04 | 000,679,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/17 17:38:56 | 000,035,012 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2003/05/08 23:00:56 | 000,033,248 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2003/01/10 13:05:10 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2003/01/10 13:04:46 | 000,016,480 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iSMBIOS.SYS -- (iSMBIOS)
DRV - [2002/10/23 10:05:06 | 000,021,963 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smb.sys -- (smbusp) Intel®
DRV - [2002/09/20 12:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/06 12:21:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/04 13:29:59 | 000,000,949 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110513121300.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker...230999680000000 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\JDA.MINE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JDA.MINE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 16:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 14:45:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
[2011/06/06 12:21:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/06 09:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/06 09:10:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\TFC.exe
[2011/06/06 05:57:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/06 05:56:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/06 05:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/04 13:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JDA.MINE\Application Data\Simply Super Software
[2011/06/04 13:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JDA.MINE\My Documents\Simply Super Software
[2011/06/04 13:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/04 01:12:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JDA.MINE\Recent
[2011/05/27 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/05/24 17:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/05/17 17:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/05/17 17:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/05/17 17:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PrivacyS (2)
[2011/05/17 17:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ModelDat (2)
[2011/05/17 16:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
[2011/05/14 22:06:25 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/05/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JDA.MINE\Application Data\InstallShield
[2008/11/04 19:57:16 | 000,037,973 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GnStor2K.sys

========== Files - Modified Within 30 Days ==========

[2011/06/06 14:45:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\OTL.scr
[2011/06/06 09:18:38 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/06 09:16:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/06/06 09:15:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 09:15:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 09:10:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDA.MINE\Desktop\TFC.exe
[2011/06/06 09:08:43 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\JDA.MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Pandora.url
[2011/06/06 09:07:24 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/05 14:27:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/04 13:29:59 | 000,000,949 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/04 08:29:08 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cunn.sys
[2011/05/31 05:24:21 | 000,028,535 | ---- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\Explanation.odt
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/17 17:22:10 | 000,118,784 | ---- | M] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2011/05/17 16:53:39 | 000,432,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 16:53:39 | 000,067,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/13 17:57:51 | 004,894,115 | ---- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\Round and Round.wma
[2011/05/13 17:57:07 | 000,010,213 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\Folder.jpg
[2011/05/13 17:57:07 | 000,010,213 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Large.jpg
[2011/05/13 17:57:04 | 000,002,297 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArtSmall.jpg
[2011/05/13 17:57:04 | 000,002,297 | -HS- | M] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Small.jpg
[2011/05/13 16:04:29 | 000,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI

========== Files Created - No Company Name ==========

[2011/06/06 09:08:43 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Pandora.url
[2011/06/06 05:43:58 | 000,001,333 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Yahoo! Mail (wyattwirp).url
[2011/06/06 05:43:58 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.3.lnk
[2011/06/06 05:43:58 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/06 05:43:58 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\IE8 InPrivate.lnk
[2011/06/06 05:43:58 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Y!Supra.lnk
[2011/06/06 05:43:55 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/06 05:43:55 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/06 05:43:55 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/06/06 05:43:55 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Yazak.exe.lnk
[2011/06/06 05:43:55 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/06 05:43:55 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/06 05:43:55 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/04 08:29:08 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cunn.sys
[2011/05/27 15:41:28 | 000,028,535 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\Explanation.odt
[2011/05/24 17:27:15 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/17 17:24:36 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/05/17 17:24:36 | 000,004,770 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2011/05/17 17:22:13 | 000,118,784 | ---- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2011/05/17 16:43:32 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2011/05/17 16:42:49 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2011/05/17 16:42:49 | 000,005,110 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2011/05/13 17:57:11 | 000,010,213 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Large.jpg
[2011/05/13 17:57:11 | 000,002,297 | -HS- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\AlbumArt_{7375455D-8833-4C5F-BB84-046B87CA936D}_Small.jpg
[2011/05/08 13:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/08 13:40:18 | 004,894,115 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\My Documents\Round and Round.wma
[2010/08/01 12:57:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nmozamodetakobi.dat
[2010/08/01 12:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rcayitixe.bin
[2010/08/01 08:00:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/03 23:29:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\yacsui.dll
[2009/08/29 16:29:53 | 000,000,147 | ---- | C] () -- C:\WINDOWS\YAHELITE_IGNORE.INI
[2009/08/29 16:29:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\YAHVOX_ignore.ini
[2009/08/29 16:26:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2009/08/21 05:31:17 | 000,002,167 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2009/08/21 05:29:41 | 000,006,382 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2009/07/26 19:03:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2009/04/05 09:58:59 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/04 11:12:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/03/21 14:42:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/26 10:44:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/11/08 10:35:34 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\JDA.MINE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/05 16:42:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/05 16:35:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/05 10:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/05 10:25:12 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/04 20:04:06 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/11/04 20:04:06 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2008/11/04 19:59:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxalih.exe
[2008/11/04 19:59:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/11/04 19:59:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxallcnp.dll
[2008/11/04 19:57:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2008/11/04 19:57:20 | 000,000,716 | ---- | C] () -- C:\WINDOWS\GNFORMAT.INI
[2008/11/04 19:57:17 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2008/11/04 19:57:17 | 000,008,576 | ---- | C] () -- C:\WINDOWS\gncache.ini
[2008/11/04 19:57:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2008/11/04 19:57:16 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2008/11/04 19:57:15 | 000,004,567 | ---- | C] () -- C:\WINDOWS\System32\GNUSBPDR.INI
[2008/11/04 17:48:09 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2008/11/04 17:26:44 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2008/11/04 17:26:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2008/11/04 17:26:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2008/11/04 17:26:41 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2008/04/14 03:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 03:00:00 | 000,432,664 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 03:00:00 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 03:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/02/24 21:45:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/02/24 21:45:28 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(9).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(8).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(7).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(31).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(30).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(29).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(28).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(27).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(26).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(25).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(24).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(23).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(22).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(21).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(20).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(19).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(18).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(17).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(16).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(15).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(14).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(13).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(12).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(11).dll
[2003/09/12 09:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(10).dll
[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/06/04 18:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2011/01/21 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/02/24 22:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oBiKkOf09000
[2011/06/04 13:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/04 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ACD Systems
[2008/11/04 17:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ACDInTouch
[2008/11/05 17:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ATTToolbar
[2008/11/07 07:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/13 21:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\EPSON
[2011/06/02 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\FrostWire
[2009/01/28 08:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\ieSpell
[2011/01/21 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\iolo
[2008/12/13 15:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\LimeWire
[2008/11/10 06:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\OpenOffice.org
[2011/06/04 13:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\Simply Super Software
[2010/02/06 13:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\SmartDraw
[2010/11/01 17:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDA.MINE\Application Data\Y!Supra
[2011/06/06 09:18:38 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< C:\notepad.* /s >
[2008/11/05 16:39:24 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk
[2008/11/05 16:39:24 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk
[2008/12/01 02:00:02 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\JDA.MINE\Start Menu\Programs\Accessories\Notepad.lnk
[2008/11/05 16:39:24 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\JDA\Start Menu\Programs\Accessories\Notepad.lnk
[2008/04/14 03:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2008/04/14 03:00:00 | 000,025,236 | ---- | M] () -- C:\WINDOWS\Help\notepad.chm
[2008/04/14 03:00:00 | 000,012,521 | ---- | M] () -- C:\WINDOWS\Help\notepad.hlp
[2011/06/06 06:24:50 | 000,072,136 | ---- | M] () -- C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
[2008/04/14 03:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/11/05 16:39:24 | 000,001,519 | ---- | M] () -- C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk
[2008/04/14 03:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\notepad.exe

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please download

Attached File  repair_system_restore.zip   834bytes   101 downloads

to your desktop. UnZip it and run repair_system_restore.reg. Confirm entering information to your registry. Restart your system and test System Restore now.
  • 0

#15
turkeestalker

turkeestalker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you, I'll do just that.

OTL Extras logfile created on: 6/6/2011 2:47:51 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\JDA.MINE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.25% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 84.01 Gb Free Space | 75.15% Space Free | Partition Type: NTFS

Computer Name: MINE | User Name: JDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe" = C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe:*:Enabled:yazak -- (ZakFromAnotherPlanet)
"C:\Program Files\Dream\Yahaven!\Yahaven!.exe" = C:\Program Files\Dream\Yahaven!\Yahaven!.exe:*:Enabled:Yahaven! - Yahoo! Chat Client -- (Dreams Software.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\YahELite\YahVox.exe" = C:\Program Files\YahELite\YahVox.exe:*:Disabled:Yahoo! voice chat for YahELite -- (David J. Binette)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}" = Intel® Active Monitor
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A25DAEDA-5558-4E1D-931A-5D57053FDFED}" = Majestic Chess
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker
"{C9090D9D-AE80-4E15-8E74-EDE04FC41BF7}" = Bird Hunter 2003
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F491018F-5B58-4F43-8253-544967F6A45A}_is1" = Y!Supra version 1.0.0.63
"ACDSee" = ACDSee
"[email protected] ISO Burner v 1.1" = [email protected] ISO Burner v 1.1
"[email protected] KillDisk FREE Suite" = [email protected] KillDisk FREE Suite
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ATTToolbar" = AT&T Toolbar
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Deer Avenger 4" = Deer Avenger 4
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FrostWire" = FrostWire 4.21.3
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker Gold
"InstallShield_{C9090D9D-AE80-4E15-8E74-EDE04FC41BF7}" = Bird Hunter 2003
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z65" = Lexmark Z65
"LimeWire" = LimeWire PRO 4.12.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MSC" = McAfee SecurityCenter
"Panda ActiveScan Pro" = Panda ActiveScan Pro
"PROSet" = Intel® PRO Network Adapters and Drivers
"QcDrv" = Logitech® Camera Driver
"RegScrubXP_is1" = RegScrubXP 3.25
"USB Card Reader V1.07" = USB Card Reader
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinRAR archiver" = WinRAR archiver
"Yahaven!_is1" = Yahaven! 2.7.6
"YahELite" = YahELite 330.1
"Yahoo! Messenger" = Yahoo! Messenger
"Yazak Chat" = Yazak Chat 8.87.06

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2011 12:58:49 PM | Computer Name = MINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/4/2011 12:58:49 PM | Computer Name = MINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/4/2011 12:58:50 PM | Computer Name = MINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/4/2011 12:58:50 PM | Computer Name = MINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/4/2011 12:58:50 PM | Computer Name = MINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/4/2011 12:58:50 PM | Computer Name = MINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/4/2011 1:01:37 PM | Computer Name = MINE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 1:01:39 PM | Computer Name = MINE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/5/2011 2:43:06 PM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 6/5/2011 2:43:24 PM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

[ System Events ]
Error - 6/6/2011 10:11:46 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/6/2011 10:11:46 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/6/2011 10:12:47 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7034
Description = The McAfee Validation Trust Protection Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 6/6/2011 10:15:51 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7000
Description = The System Restore Service service failed to start due to the following
error: %%3

Error - 6/6/2011 10:15:58 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sr

Error - 6/6/2011 10:21:46 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7000
Description = The System Restore Service service failed to start due to the following
error: %%3

Error - 6/6/2011 11:13:01 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7000
Description = The System Restore Service service failed to start due to the following
error: %%3

Error - 6/6/2011 11:13:33 AM | Computer Name = MINE | Source = Service Control Manager | ID = 7000
Description = The System Restore Service service failed to start due to the following
error: %%3

Error - 6/6/2011 12:27:48 PM | Computer Name = MINE | Source = Service Control Manager | ID = 7000
Description = The System Restore Service service failed to start due to the following
error: %%3

Error - 6/6/2011 12:55:21 PM | Computer Name = MINE | Source = Service Control Manager | ID = 7000
Description = The System Restore Service service failed to start due to the following
error: %%3


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP