Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack this shows O14 - IERESET.INF: START_PAGE...Trojan? [Solved]


  • Please log in to reply

#31
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Repair Install of Windows XP

It looks like either you on your own or with help from some other site have tried to do something with Windows that has corrupted the windows install.

In different posts you have a standard mbr and an unknown one and you have SP3 installed and then only SP2.


Step 1.

Please go into safe mode with networking and run the OTL fix in Post #18.

If you cannot run it then run RogueKiller again and click ProxyFix.

If neither one works boot into normal mode and set msconfig to boot into normal mode and see if OTL runs that way.

If not then you will have to reset msconfig as it currently is to get into normal mode to continue with the next steps.


Step 2.

Prepare for Repair Install

Collect:

Windows XP CD (Not a recovery disk but a true Windows XP disk) This must be a Home edition CD

Make sure you have your Windows XP CD_KEY. Most machines have it on a tag on the side or back of desktop computers or on the underside of laptops.

If you do not have the CD-Key, visit the keyfinder page to retrieve your CD-KEY by downloading and using Magical Jelly Bean Keyfinder.




Step 3.

Configuring Your Computer to Boot from CD

Many computers are not configured to boot from the CDROM. If you cannot boot from the CDROM, this is probably due to the boot order of your devices being incorrect. You can change this in the BIOS.

You enter the BIOS from the first screen you see when you turn your computer on. To enter your BIOS, most users here will press the DEL key.

Most Dell, Toshiba, Gateway, Sony & HP systems will press F2.

Compaq users will usually have to press F10.

IBM typically uses F1 or F2.

Other brands may have different keys to press to enter setup, F1, F2, Del, Tab and CTRL+S. If possible see the manual for your computer or motherboard. Also, the BIOS will usually display which button to press to "enter setup" during POST (if it flashes by too fast, press the Pause key).

When you enter the BIOS setup, you need to change the boot order. The CDROM should be setup before the Hard Drive. Each BIOS is different, but here is an example:

Posted Image


Step 4.

Now if you have copies of Avast and MalwareBytes' to install please keep them if not download fresh copies to your computer.

Next download the cleaners for both of these:

Avastclear

mbam clean

Now disconnect from the internet.

Uninstall both Avast and MalwareBytes' in Control Panel under Add/Remove Programs.

Then reboot into safe mode and run the two clearing tools one at a time rebooting into safe mode after each tool is run.


Step 5.

Repair Install of Windows XP

In previous versions of Windows, correcting an operating system error, or installing a new motherboard, usually meant formatting and reinstalling, resulting in loss of all data. Don't worry; Windows XP repair feature won't delete your data, installed programs, personal information, or settings. It just repairs the operating system!

Note: The system repair function will remove any updates you have previously installed that are not included on the CD. Drivers will also be reverted to their original XP versions, as well as some settings (network & performance settings may sometimes be reset to their defaults). It may be necessary to reactivate your Windows XP as well. When finished, you will have to download all of the updates from Microsoft Windows Update, because they are all replaced during repair.



Let's get started!

Step 1: Rule out hardware issues. Windows Repair will only fix software problems. Hardware issues can also cause boot problems (i.e. bad hard drive, memory, CPU, or power supply).

Step 2: Backup. It's always a good idea to backup your important data before making changes to Windows XP. Relax, if you follow these instructions your data will be perfectly safe.

Step 3: Boot from your Windows XP CD. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer. When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD. Can't boot from your CD? Please see the note at the bottom of this page (Configuring Your Computer to Boot from CD).

Step 4: A blue screen will appear and begin loading Windows XP Setup from the CD.

Note: RAID/SCSI/Unsupported UDMA users:
You will be prompted to "press F6 to install any third party SCSI or RAID drivers". Most users will not have to press F6, but if you are running RAID, SCSI or unsupported UDMA controllers, then you will have to have your controller drivers on a floppy disk. If you are unsure whether you have RAID/SCSI, then simply let the CD load without pressing F6.

When completed loading files, you will be presented with the following "Windows Setup" screen, and your first option. Select "To set up Windows XP now, press ENTER". DO NOT select Recovery Console

Posted Image

When presented with the screen below. press the F8 key to continue.

Posted Image

Next, Windows Setup will find existing Windows XP installations. You will be asked to repair an existing XP installation, or install a fresh copy of Windows XP.

If no installations are found, then you will not be given the option to repair. This may happen if the data or partition on your drive is too corrupted.

Note: If you install a fresh copy, all data on that partition will be lost!

Posted Image

Your almost finished! Windows XP will appear to be installing itself for the first time, but it will retain all of your data and settings. Just follow the prompts, and have your CD-KEY ready if needed.

Update: Due to the proliferation of the Blaster and Welchia Worm/Virus be aware that a Repair Install will leave your system vulnerable. You can get infected within seconds. Do not go on line until you have enabled XP's firewall first

If you have SP2 disk or SP3 go ahead and install them. If your version of windows had SP2 then you just need to update to SP3.

NOTE:
Install the Service Packs in order up to SP3 This is top priority once the repair install is complete.


Step 6.

Make sure you have the windows firewall enabled.

Antivirus software is a necessity. This is your primary line of defense against the type of malware that has infected your computer.

Install Avast! and once it installs continue.

Then reinstall/configure your Network Adapter following your manufacturer's directions if you need to in order to connect to the internet.

Once you have established an internet connection immediately update your Avast! and run a quick scan. Then go to Windows Update and install all remaining critical updates


Step 7.


Please post back with any issues after you have completed the reinstall. If you have questions along the way please let me know.

Most importantly please refrain from doing other steps without my knowledge, this can lead to a mistake that would make repair impossible.
  • 0

Advertisements


#32
ko57

ko57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I redownloaded OTL, said successful but didn't show on the desktop. Tried again, still no show. Went to Desktop folder, it was there, clicked it, the OTL window showed up. Copied-pasted the script, ran the fix. It rebooted-normal mode-I get just a blue screen and the Ooen File-security warning window for OTL.exe wuth the Run and Cancel buttons. Should I have reboot in safe mode?
  • 0

#33
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Should I have reboot in safe mode?

Does not matter as long as it ran.

Now you will need to take the steps to prepare for the XP reinstall.
  • 0

#34
ko57

ko57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
It did run, pressed cancel for re-running in normal mode. Win Updates was on, it showed some that had downloaded, lloked like an install window, with the restart showing. I should have shut that off earlier, having been in safe mode/networking, I usually have that set up to notify, not download those updates.

Meanwhile it had the SysConfigUtil window showing while this was done. It restarted, into normal mode, it didn't load up well. Taskbar, Start Button, no icons again. Could not shut down from start button, so shut it down.

I am in safe mode now, I have most everything backed up on a Seagate hard drive, noticing I can copy MWB or Avast to CD from safemode.

I do have the Operating System CD, WinXP with SP2, have the key. Fixing to start the repair install, understanding about it may not repair.
  • 0

#35
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK thanks for the update I think this is our best chance to get a well running computer!
  • 0

#36
ko57

ko57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Did the repair install, looks ok-desktop with icons-even the OTL.exe icon,, taskbar, quick launch buttons on taskbar, clock, startup icons near clock.

Balloon popped window popped up reminding about recent win update downloads.

Sys Config Ut window popped up also, dont show/launch this box unchecked.
  • 0

#37
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK we need to without the internet connected transfer over the new Avast to install. If you did not uninstall the current one, please do now and run the removal tool as well. Then reboot and install the good one.

If you still have the SP3 service pack install package on your machine run it next to install SP3, if not we can download it after updating and scanning with Avast.

For the msconfig you now should be able to clear it and just boot completely normal mode, if not reconfigure it back and come back to tell me.

Regards,

CompCav
  • 0

#38
ko57

ko57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Looks ok, WinFirewall and Win updates on, Avast re-installed-all up to date, SP2 updates then SP3 and updates ok-no more notices.

One thing-looks like IE won't open. (edit-I have IE8) I was able to go to the WinUpdate website (Avast, Firewall on), I've been using Mozilla-it is not the latest update. Mainly I use IE (I don't like IE8-prefer IE7), the program file is there.

I have Malwarebytes on CD, did not install that yet.

Edited by ko57, 18 May 2012 - 08:09 AM.

  • 0

#39
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Great job :thumbsup:

Now let's see where we are on malware:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#40
ko57

ko57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I have OTL.exe on the desktop-I downloaded from your post, it re-wrote. Should I delete it or rename it and then redownload? Tried running it from the desktop after the download-Avast sandbox is on-it went through that, didn't find malware. Shut off sandbox?
  • 0

Advertisements


#41
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Should I delete it or rename it and then redownload?

Please delete and redownload


Tried running it from the desktop after the download-Avast sandbox is on-it went through that, didn't find malware.

At the prompt for sandbox allow it to run outside the sandbox.

Shut off sandbox?

This should not be necessary.
  • 0

#42
ko57

ko57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here they are:

OTL logfile created on: 5/18/2012 10:08:18 AM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Kerry Owen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 77.78% Memory free
3.82 Gb Paging File | 3.57 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.25 Gb Free Space | 49.98% Space Free | Partition Type: NTFS

Computer Name: KERRYSPORTABLE | User Name: Kerry Owen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 10:04:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry Owen\Desktop\OTL.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/01/08 04:34:10 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/22 19:04:18 | 000,009,728 | ---- | M] (SDSD) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 06:49:15 | 001,760,768 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12051800\algo.dll
MOD - [2012/04/12 13:26:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/12 13:26:03 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
MOD - [2012/04/12 12:35:03 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/12 12:32:48 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/12 12:18:18 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/03/10 20:25:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/03/10 19:57:18 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/10 19:53:18 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/10 19:52:41 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2007/12/26 12:56:39 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Kodak.Automation\1.2.484.0__5cc7ad8abd921325\Kodak.Automation.dll
MOD - [2007/12/26 12:56:38 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Localization\1.2.484.0__5cc7ad8abd921325\Localization.dll
MOD - [2005/03/16 04:08:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/05 01:05:33 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/01/08 04:34:10 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/03/22 19:04:18 | 000,009,728 | ---- | M] (SDSD) [Auto | Running] -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KERRYO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/07/19 12:24:47 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/05 00:00:00 | 000,035,824 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/23 11:05:58 | 000,039,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/12/23 10:40:40 | 000,039,328 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2004/12/23 10:40:04 | 000,020,156 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/12/15 15:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/08 10:06:08 | 000,085,504 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/14 09:53:00 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/10/14 09:52:02 | 000,292,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/09/20 03:41:00 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/04/14 11:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/11/07 04:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/06/06 15:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/11/15 11:41:34 | 000,012,338 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000/06/02 14:27:20 | 000,013,806 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Stltrk2k.sys -- (Stltrk2k)
DRV - [2000/05/30 11:54:52 | 000,087,136 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\upatc.sys -- (UPATC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\..\SearchScopes,DefaultScope = {DD63F4D8-0584-48EC-A1D5-2AE2E607D84B}
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\..\SearchScopes\{2A5D7A09-2C95-40F5-B5FE-AB99F61462BD}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\..\SearchScopes\{7B961AC4-646D-42E5-B875-7E0465B084A8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\..\SearchScopes\{9F3082A1-B8D1-4AF0-B4B6-50B31387DB8C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\..\SearchScopes\{DD63F4D8-0584-48EC-A1D5-2AE2E607D84B}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\..\SearchScopes\{E4047AA4-8677-4BA1-9C6B-BBE15E944DA7}: "URL" = http://search.lycos....y={searchTerms}
IE - HKU\S-1-5-21-781878022-3114317985-875658923-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:msn.com"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.13
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Kerry Owen\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/05/18 00:05:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/09 07:29:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 08:29:00 | 000,000,000 | ---D | M]

[2010/01/18 08:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Extensions
[2011/07/01 13:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\4mjqpslu.No Flash\extensions
[2011/06/19 09:23:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\4mjqpslu.No Flash\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 08:12:27 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\4mjqpslu.No Flash\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/07/01 10:41:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\4mjqpslu.No Flash\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/14 14:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\ddzjx0i6.Yes Flash\extensions
[2011/07/14 14:58:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\ddzjx0i6.Yes Flash\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/18 08:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\p57dvynm.default\extensions
[2011/02/02 03:12:42 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\p57dvynm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/28 12:15:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\p57dvynm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 15:11:55 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\p57dvynm.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2012/05/17 18:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/18 00:05:09 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

O1 HOSTS File: ([2012/05/17 17:00:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-781878022-3114317985-875658923-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab40641.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....sa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...trl/tgctlsi.cab (Reg Error: Value error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...trl/tgctlsr.cab (Reg Error: Value error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1167849549312 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://olta.demon.co...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab36107.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....sa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab41227.cab (StadiumProxy Class)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} http://fdl.msn.com/p.../v13/ticker.cab (MSN Money Ticker)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92F0C6D3-7C96-4F5C-8F38-45066D69A224}: DhcpNameServer = 192.168.43.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kerry Owen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/11 02:30:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sprestrt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 10:03:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kerry Owen\Desktop\OTL.exe
[2012/05/18 05:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/05/18 03:58:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/05/18 03:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2012/05/18 01:29:42 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2012/05/18 01:28:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/05/18 01:28:53 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/05/18 01:28:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2012/05/18 01:27:43 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2012/05/18 01:27:03 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/05/18 00:31:02 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/05/18 00:30:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2012/05/18 00:29:10 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/05/18 00:28:56 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/05/18 00:28:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/05/18 00:27:21 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/05/18 00:27:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/05/18 00:27:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/05/18 00:26:55 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/05/18 00:26:51 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/05/18 00:26:47 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/05/18 00:12:43 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/05/18 00:05:22 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/17 23:55:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/05/17 22:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/17 22:00:37 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/17 22:00:37 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/17 22:00:34 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/17 22:00:31 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/17 22:00:28 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/17 22:00:28 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/17 22:00:28 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/17 21:59:34 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/17 21:39:17 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Kerry Owen\Desktop\mbam-clean.exe
[2012/05/17 21:13:04 | 000,324,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kerry Owen\Desktop\aswclear.exe
[2012/05/17 20:22:51 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/05/17 20:06:27 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/05/17 20:06:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/05/17 20:06:25 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/05/17 20:06:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/05/17 20:06:08 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/05/17 20:06:07 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/05/17 20:06:07 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/05/17 20:05:59 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/05/17 20:05:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/05/17 20:05:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/05/17 20:05:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/05/17 20:05:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/05/17 20:05:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/05/17 20:05:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/05/17 20:05:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/05/17 20:05:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/05/17 20:05:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/05/17 20:05:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/05/17 20:05:50 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/05/17 20:05:50 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/05/17 20:05:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/05/17 20:05:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/05/17 20:05:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/05/17 20:05:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/05/17 20:05:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/05/17 20:05:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/05/17 20:05:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/05/17 20:05:46 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/05/17 20:05:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/05/17 20:05:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/05/17 20:05:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/05/17 20:05:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/05/17 20:05:28 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/05/17 20:05:28 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/05/17 20:05:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/05/17 20:05:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/05/17 20:05:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/05/17 20:05:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/05/17 20:05:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/05/17 20:05:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/05/17 20:04:17 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/05/17 20:04:16 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/05/17 20:04:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/05/17 20:03:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/05/17 20:03:13 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/05/17 20:03:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/05/17 20:03:10 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/05/17 20:03:10 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/05/17 20:03:10 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/05/17 20:03:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/05/17 20:02:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/05/17 20:02:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/05/17 20:02:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/05/17 20:02:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/05/17 20:02:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/05/17 20:02:31 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/05/17 20:02:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/05/17 20:02:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/05/17 19:56:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/05/17 19:34:06 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/05/17 19:34:06 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/05/17 19:34:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/05/17 19:34:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/05/17 19:34:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cintlgnt.ime
[2012/05/17 19:34:05 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tintlgnt.ime
[2012/05/17 19:34:05 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/05/17 19:34:05 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/05/17 19:34:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/05/17 19:34:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/05/17 19:34:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/05/17 19:33:57 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pintlgnt.ime
[2012/05/17 19:33:57 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/05/17 19:33:57 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/05/17 19:33:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/05/17 19:33:52 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/05/17 19:32:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/05/17 19:32:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/05/17 19:32:41 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/05/17 19:32:41 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/05/17 16:59:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/15 22:53:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kerry Owen\Desktop\aswMBR.exe
[2012/05/14 18:58:26 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Kerry Owen\Desktop\esetsmartinstaller_enu.exe
[2012/05/12 17:07:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/11 02:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/05/10 08:12:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/09 20:29:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/09 20:29:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/09 20:29:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/09 20:29:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/09 20:23:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/09 20:05:05 | 004,489,176 | R--- | C] (Swearware) -- C:\Documents and Settings\Kerry Owen\Desktop\ComboFix.exe
[2012/05/09 13:35:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kerry Owen\Recent
[2012/05/09 12:25:58 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\WINDOWS\unhide.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 10:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/18 10:12:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A7D9F73D-0A0D-4E00-8E4A-12F300A9CE75}.job
[2012/05/18 10:04:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry Owen\Desktop\OTL.exe
[2012/05/18 08:58:56 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\Kerry Owen\Desktop\Videos.URL
[2012/05/18 08:37:35 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Kerry Owen\Desktop\Shortcut to Internet Explorer.lnk
[2012/05/18 08:28:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/18 08:17:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 08:16:04 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/05/18 08:14:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/18 08:07:31 | 000,494,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/18 08:07:31 | 000,086,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/18 08:00:24 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/18 05:38:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/05/18 00:05:22 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/17 22:00:39 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/17 21:39:18 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Kerry Owen\Desktop\mbam-clean.exe
[2012/05/17 21:13:05 | 000,324,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kerry Owen\Desktop\aswclear.exe
[2012/05/17 20:09:50 | 000,000,313 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/05/17 20:00:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/05/17 20:00:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/05/17 19:59:31 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/17 19:55:29 | 000,023,412 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/17 19:53:34 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/05/17 19:52:02 | 000,000,300 | -HS- | M] () -- C:\boot.ini
[2012/05/17 17:18:47 | 000,294,053 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012/05/17 17:00:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/16 19:46:12 | 001,420,288 | ---- | M] () -- C:\Documents and Settings\Kerry Owen\Desktop\RogueKiller.exe
[2012/05/15 23:00:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kerry Owen\Desktop\aswMBR.exe
[2012/05/14 19:03:53 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Kerry Owen\Desktop\esetsmartinstaller_enu.exe
[2012/05/11 02:30:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/05/11 02:30:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/05/10 07:31:52 | 004,489,176 | R--- | M] (Swearware) -- C:\Documents and Settings\Kerry Owen\Desktop\ComboFix.exe
[2012/05/09 12:25:59 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\WINDOWS\unhide.exe
[2012/04/29 23:53:21 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Kerry Owen\Desktop\Mail Login.url
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 08:58:56 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Kerry Owen\Desktop\Videos.URL
[2012/05/18 08:37:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Kerry Owen\Desktop\Shortcut to Internet Explorer.lnk
[2012/05/18 01:30:28 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/05/18 01:30:28 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/05/18 01:30:28 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/05/18 01:30:28 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/05/18 01:30:24 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/05/18 01:30:24 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/05/18 01:30:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/05/18 01:30:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/05/18 01:30:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/05/18 01:30:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/05/18 01:30:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/05/18 01:30:24 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/05/18 01:30:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/05/18 01:30:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/05/18 01:30:24 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/05/18 01:30:24 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/05/18 01:30:24 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/05/18 01:30:17 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/05/18 01:30:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/05/18 01:30:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/05/18 01:30:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/05/18 01:30:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/05/18 01:30:17 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/05/18 01:30:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/05/18 01:30:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/05/18 01:30:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/05/18 01:30:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/05/18 01:30:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/05/18 01:30:08 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/05/18 01:30:08 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/05/18 01:30:08 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/05/18 01:29:58 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/05/18 01:29:58 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/05/18 01:29:58 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/05/18 01:29:58 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/05/18 01:29:58 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/05/18 01:29:58 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/05/18 01:29:55 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/05/18 01:29:55 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/05/18 01:29:55 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/05/18 01:29:55 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/05/18 01:29:43 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/05/18 01:29:41 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/05/18 01:29:29 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/05/18 01:29:27 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/05/18 01:29:19 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/05/18 01:29:19 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/05/18 01:29:19 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/05/18 01:29:19 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/05/18 01:29:19 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/05/18 01:29:19 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/05/18 01:29:19 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/05/18 01:29:19 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/05/18 01:29:19 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/05/18 01:29:19 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/05/18 01:29:19 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/05/18 01:29:19 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/05/18 01:29:19 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/05/18 01:29:19 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/05/18 01:29:19 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/05/18 01:29:19 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/05/18 01:29:08 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/05/18 01:29:00 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/05/18 01:29:00 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/05/18 01:28:25 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/05/18 01:28:25 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/05/18 01:28:25 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/05/18 01:28:15 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/05/18 01:27:17 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/05/18 01:26:55 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/05/18 01:26:55 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/05/18 01:26:55 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/05/18 01:26:55 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/05/18 01:26:52 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/05/18 01:26:51 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/05/18 01:26:51 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/05/18 01:26:51 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/05/18 01:26:50 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/05/18 01:26:50 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/05/18 01:26:42 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/05/17 22:00:39 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/17 19:34:06 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/05/17 19:33:58 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/05/17 19:32:18 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/05/17 19:32:17 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/05/17 19:32:17 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/05/17 19:32:17 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/05/17 19:32:17 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/05/17 19:32:17 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/05/17 19:32:16 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012/05/16 19:46:09 | 001,420,288 | ---- | C] () -- C:\Documents and Settings\Kerry Owen\Desktop\RogueKiller.exe
[2012/05/11 02:30:20 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/05/11 02:30:20 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/05/11 01:48:52 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/05/11 01:45:19 | 000,294,053 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2012/05/09 20:29:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/09 20:29:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/09 20:29:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/09 20:29:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/09 20:29:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/15 15:25:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/25 03:12:01 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/06/28 11:29:43 | 000,000,482 | ---- | C] () -- C:\WINDOWS\CoverMaster.INI
[2010/06/08 19:59:10 | 000,000,074 | ---- | C] () -- C:\WINDOWS\DosHlpLnk.ini
[2010/06/08 19:53:33 | 000,002,762 | ---- | C] () -- C:\WINDOWS\LottoBuster.ini

========== LOP Check ==========

[2012/05/17 21:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/03 11:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/04/16 16:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/12/26 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/10/13 01:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2004/11/20 05:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/02/05 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2005/06/30 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2005/05/22 03:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/03/21 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/02 10:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\smartluck
[2009/09/07 22:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\Blitware
[2009/03/23 12:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\Canon
[2011/07/20 17:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\Data Solutions
[2009/08/16 13:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\EPSON
[2010/04/28 13:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\Facebook
[2005/05/31 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\InterVideo
[2005/11/07 11:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\Leadertech
[2005/09/09 08:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry Owen\Application Data\Template
[2007/12/26 12:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2012/05/18 10:12:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A7D9F73D-0A0D-4E00-8E4A-12F300A9CE75}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"EnableProxy" = 2 -- [2012/05/08 18:08:16 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0E725752-12C7-4CC7-8846-5C7C9977AFF4}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{66AB7DC7-78B0-4152-9559-5FAAF8ABFD1C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8A168154-61CB-44C8-A21E-831C5F8CB16A}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{92F0C6D3-7C96-4F5C-8F38-45066D69A224}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A5FB2ACA-5466-41E9-9955-D75F535024F5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B834D881-DE2E-43FF-B329-48562BC1D90D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C90AF7D6-FC8F-4526-A9BE-935C2B898968}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DBE3C768-0A8A-48D1-87FF-0E026F83EA45}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F10AE339-AE5C-4793-9074-737A3C21CD99}]
"NameServerList" = [binary data]
"RASFlags" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2 -- [2012/05/08 18:08:16 | 000,000,000 | ---D | M]
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 07 01 04 01 03 01 00 00 01 00 02 00 05 00 06 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/08/02 10:28:12 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/08/02 10:28:12 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/08/02 10:28:12 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/08/02 10:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/08/02 10:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/08/02 10:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/08/02 10:28:12 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/08/02 10:28:12 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/08/02 10:28:12 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/08/02 10:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/08/02 10:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/08/02 10:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: KERRYSPORTABLE
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 75 GB Healthy System

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\pkreader.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Copier.ini:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\4aea6bc7-ea59-4fb8-9b53-7337979f1192.cab:SummaryInformation

< End of report >




OTL Extras logfile created on: 5/18/2012 10:08:18 AM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Kerry Owen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 77.78% Memory free
3.82 Gb Paging File | 3.57 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.25 Gb Free Space | 49.98% Space Free | Partition Type: NTFS

Computer Name: KERRYSPORTABLE | User Name: Kerry Owen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" = C:\Program Files\Alwil Software\Avast5\AvastUI.exe:*:Enabled:avast! Free Antivirus -- (AVAST Software)
"C:\Program Files\Windows Lotto Pro 2000\lotpro2000.exe" = C:\Program Files\Windows Lotto Pro 2000\lotpro2000.exe:*:Enabled:Lotto Pro -- ()
"C:\Program Files\Windows Lotto Pro 2000\proupdt.exe" = C:\Program Files\Windows Lotto Pro 2000\proupdt.exe:*:Enabled:Update Lotto Drawing Files -- ()
"C:\Program Files\Windows Lotto Pro 2000\WiseUpdt.exe" = C:\Program Files\Windows Lotto Pro 2000\WiseUpdt.exe:*:Enabled:Update Lotto Pro -- ()
"C:\Program Files\VisualRoute\VisualRoute.exe" = C:\Program Files\VisualRoute\VisualRoute.exe:*:Enabled:VisualRoute 2007 -- ()
"C:\gh\lusetup.exe" = C:\gh\lusetup.exe:*:Enabled:lusetup -- (Smart Luck)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Adobe\Photoshop 5.0 LE\photosle.exe" = C:\Program Files\Adobe\Photoshop 5.0 LE\photosle.exe:*:Disabled:Adobe Photoshop 5.0 Limited Edition -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX680 Series Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F9EBA00-3E77-4884-B483-4933077C7754}" = BC_VUP
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47D357C6-2AC9-4AC6-A46C-9C8F14ABC734}_is1" = Smart Luck Wheel Gold™ Version 4.0.0.21
"{48E80C20-00B3-11D4-AA4A-00C0580802FD}" = USB Picture Card Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{5D6ECAC9-BDD9-4114-BA90-5254A3932114}" = BCD396T_ESN_Loader_V1_20_13
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735D7AC9-BC7B-4491-9D06-7F4642849E7C}" = P.I.M. II Plug-In
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BB562D40-13F5-11D5-B7C5-00105A645748}" = EPSON Copy Utility
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C569D686-A444-4AF0-A437-15CBB2816E34}" = TIxx21/x515
"{C89C4BEA-3B9A-414A-9392-9CE4EC5C63BF}" = Documents To Go
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E1F28CA8-7FE2-4B0D-A6B1-9C3F4D2F8533}" = BCD396T_UASD
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA9C2068-9144-426E-A0A1-E10E62B5DDB2}_is1" = Smart Luck History Editor Version 1.0.1.10
"{FD2D57B7-EB47-4D43-BE09-A1452861744C}_is1" = Filtering Full Wheel Generator Version 4.0.1.88
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Applet_App" = Applet_App
"Applet_Copy" = Applet_Copy
"Applet_Email" = Applet_Email
"Applet_Epp" = Applet_Epp
"Applet_File" = Applet_File
"Applet_OCR" = Applet_OCR
"Applet_Photoshop" = Applet_Photoshop
"Applet_Web" = Applet_Web
"AudibleManager" = AudibleManager
"Autostar Updater" = Autostar Updater
"avast" = avast! Free Antivirus
"BHODemon_is1" = BHODemon 2.0.0.23
"CadStd" = CadStd
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV90 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.3
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"FreeSCAN" = FreeSCAN
"getPlus®_ocx" = getPlus®_ocx
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{C569D686-A444-4AF0-A437-15CBB2816E34}" = Texas Instruments PCIxx21/x515 drivers.
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Lotto Pro" = Lotto Pro
"MGI PhotoSuite Mobile Edition" = MGI PhotoSuite Mobile Edition (Remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSNINST" = MSN
"MuVo Driver" = Creative Mass Storage Drivers
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Software Update Wizard (Redist)" = Software Update Wizard (Redist) 4.5
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"VisualRoute" = VisualRoute
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZENcast Organizer" = ZENcast Organizer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-781878022-3114317985-875658923-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2012 10:01:55 AM | Computer Name = KERRYSPORTABLE | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2012 10:04:27 AM | Computer Name = KERRYSPORTABLE | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/11/2012 4:48:30 AM | Computer Name = KERRYSPORTABLE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2012 2:53:31 AM | Computer Name = KERRYSPORTABLE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 5/14/2012 2:53:31 AM | Computer Name = KERRYSPORTABLE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 5/14/2012 2:53:46 AM | Computer Name = KERRYSPORTABLE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/14/2012 2:53:52 AM | Computer Name = KERRYSPORTABLE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 5/18/2012 9:34:10 AM | Computer Name = KERRYSPORTABLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5969, fault address 0x0003e59f.

Error - 5/18/2012 9:36:04 AM | Computer Name = KERRYSPORTABLE | Source = Application Error | ID = 1001
Description = Fault bucket 1903901229.

Error - 5/18/2012 9:36:46 AM | Computer Name = KERRYSPORTABLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5969, fault address 0x0003e59f.

[ System Events ]
Error - 5/18/2012 6:27:08 AM | Computer Name = KERRYSPORTABLE | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {A5FB2ACA-5466-41E9-9955-D75F535024F5}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 5/18/2012 7:47:02 AM | Computer Name = KERRYSPORTABLE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows XP (KB950974).

Error - 5/18/2012 7:58:30 AM | Computer Name = KERRYSPORTABLE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows XP (KB952954).

Error - 5/18/2012 9:02:53 AM | Computer Name = KERRYSPORTABLE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/18/2012 9:03:24 AM | Computer Name = KERRYSPORTABLE | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {A5FB2ACA-5466-41E9-9955-D75F535024F5}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 5/18/2012 9:18:28 AM | Computer Name = KERRYSPORTABLE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/18/2012 9:19:10 AM | Computer Name = KERRYSPORTABLE | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {A5FB2ACA-5466-41E9-9955-D75F535024F5}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 5/18/2012 9:35:49 AM | Computer Name = KERRYSPORTABLE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/18/2012 9:37:25 AM | Computer Name = KERRYSPORTABLE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/18/2012 10:30:26 AM | Computer Name = KERRYSPORTABLE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#43
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



Step 2.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

Please post:

ComboFix.txt
TDSSKiller log


Also give me an update on how the computer is running!
  • 0

#44
ko57

ko57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Just a heads up-sister in from Baton Rouge, meeting for lunch, will do all this after-app. 1:30pm or so start, if not sooner. (msg from cell). Internet coonection on pc off, leaving it on though. So far-thank you lots!
  • 0

#45
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Have a nice visit. No worries :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP