OTL logfile created on: 1/16/2012 11:49:37 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ricky\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.00 Mb Total Physical Memory | 292.06 Mb Available Physical Memory | 58.06% Memory free 4.37 Gb Paging File | 4.19 Gb Available in Paging File | 96.03% Paging File free Paging file location(s): C:\pagefile.sys 4000 4025 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 34.04 Gb Total Space | 7.68 Gb Free Space | 22.56% Space Free | Partition Type: NTFS Drive E: | 959.22 Mb Total Space | 894.92 Mb Free Space | 93.30% Space Free | Partition Type: FAT Computer Name: FAMILY | User Name: Ricky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- C:\WINDOWS\3949259467:873831188.exe PRC - [2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe PRC - [2011/06/27 14:25:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/12/16 17:38:20 | 000,377,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/06/27 14:25:22 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2008/06/20 12:41:10 | 000,245,248 | ---- | M] () -- C:\WINDOWS\system32\mswsock.dll MOD - [2008/06/20 12:41:10 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Windows Overlay Components) SRV - File not found [Auto | Stopped] -- -- (Network Monitor) SRV - File not found [Auto | Stopped] -- -- (DomainService) SRV - File not found [Auto | Stopped] -- -- (cmdService) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2009/12/16 17:38:20 | 000,377,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2008/06/20 12:41:10 | 000,245,248 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA) SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2008/06/18 10:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2005/07/14 07:28:30 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/07/15 21:20:46 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/08 19:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DS IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32 File not found IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=634471" FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig" FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Ricky\Application Data\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 19:45:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 14:25:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/11/20 16:08:55 | 000,000,000 | ---D | M] [2009/11/20 08:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Extensions [2011/04/15 23:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\w6omdj8q.default\extensions [2009/11/20 12:47:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\w6omdj8q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/10 20:42:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\w6omdj8q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/08/26 18:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007/12/17 19:24:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/07/30 02:53:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/08/13 09:29:43 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\PROGRAM FILES\SEARCH SETTINGS\FF [2009/07/17 18:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {21652878-587A-466C-987A-C31EC6E38803} - C:\Program Files\ComPlus Applications\holenu4444.dll File not found O2 - BHO: (RXResultTracker Class) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll File not found O2 - BHO: (no name) - {664E992D-7D84-47A5-90E7-470D398D4B1F} - C:\Program Files\ComPlus Applications\holenu83122.dll File not found O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found O2 - BHO: (no name) - Software - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found. O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe (MP2P Technologies.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - Startup: C:\Documents and Settings\Ricky\Start Menu\Programs\Startup\Skype.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm832YYUS File not found O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Ricky\Application Data\Dealio\kb124\res\DealioSearch.html File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found O15 - HKLM\..Trusted Domains: getmirar.com ([click] http in Trusted sites) O15 - HKLM\..Trusted Domains: getmirar.com ([click] https in Trusted sites) O15 - HKLM\..Trusted Domains: mirarsearch.com ([click] http in Trusted sites) O15 - HKLM\..Trusted Domains: mirarsearch.com ([click] https in Trusted sites) O15 - HKLM\..Trusted Domains: mirarsearch.com ([redirect] http in Trusted sites) O15 - HKLM\..Trusted Domains: mirarsearch.com ([redirect] https in Trusted sites) O15 - HKLM\..Trusted Domains: net-nucleus.com ([awbeta] http in Trusted sites) O15 - HKLM\..Trusted Domains: net-nucleus.com ([awbeta] https in Trusted sites) O15 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab (Reg Error: Key error.) O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab (Reg Error: Key error.) O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject) O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2) O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer) O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab (Reg Error: Key error.) O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O16 - DPF: ActiveGS.cab http://www.virtualapple.org/gs.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.149,93.188.160.29 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3}: NameServer = 93.188.162.149,93.188.160.29 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/10/28 13:21:56 | 000,000,794 | -H-- | M] () - E:\Autorun.inf -- [ FAT ] O32 - AutoRun File - [2007/03/12 23:50:16 | 000,362,264 | -H-- | M] (Ceedo Technologies Ltd.) - E:\AutoDetect.exe -- [ FAT ] O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: pxcppsrv - (C:\WINDOWS\system32\audiinst.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: Nla - C:\WINDOWS\system32\mswsock.dll () NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Error creating restore point. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/01/16 11:19:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe [2012/01/16 10:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Desktop\RK_Quarantine [2012/01/09 20:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/09/10 04:03:53 | 000,842,240 | ---- | C] (Heaventools Software) -- C:\Documents and Settings\All Users\Application Data\defender [2011/08/31 14:54:19 | 000,842,240 | ---- | C] (Heaventools Software) -- C:\Documents and Settings\All Users\Application Data\defender.exe [2009/02/16 18:25:01 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/01/16 10:49:01 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/01/16 10:41:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/16 10:41:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/16 10:41:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3949259467 [2012/01/16 10:41:29 | 527,503,360 | -HS- | M] () -- C:\hiberfil.sys [2012/01/16 10:38:12 | 000,787,456 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\RogueKiller.exe [2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe [2012/01/11 09:43:30 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\eXplorer.exe [2012/01/11 09:39:48 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\rkill.com [2012/01/11 09:21:40 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\rk-proxy.reg [2012/01/10 08:26:01 | 000,492,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/10 08:26:01 | 000,090,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/16 10:48:19 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/01/16 10:47:55 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\RogueKiller.exe [2012/01/11 09:21:40 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\rk-proxy.reg [2012/01/11 09:19:41 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\eXplorer.exe [2012/01/11 09:19:18 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\rkill.com [2012/01/11 09:14:37 | 527,503,360 | -HS- | C] () -- C:\hiberfil.sys [2011/08/31 14:54:28 | 004,194,304 | ---- | C] () -- C:\WINDOWS\System32\odetmngk.dll [2011/06/15 05:18:58 | 000,016,806 | -HS- | C] () -- C:\Documents and Settings\Ricky\Local Settings\Application Data\rn18yk600c1cco7vj4 [2011/06/15 05:18:58 | 000,016,806 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rn18yk600c1cco7vj4 [2010/07/30 02:54:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/03/05 14:28:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Ricky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/03 07:37:02 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\kungsflrpumxts.sys [2009/05/02 07:37:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/02/13 20:22:46 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2008/02/13 20:15:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2007/07/23 22:22:24 | 000,022,661 | ---- | C] () -- C:\WINDOWS\cookies.ini [2007/07/16 21:18:01 | 000,000,353 | ---- | C] () -- C:\WINDOWS\retadpu.exe.bin [2007/07/11 02:05:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/07/07 07:39:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wcpicomsv.exe [2007/06/27 05:15:19 | 000,000,932 | ---- | C] () -- C:\WINDOWS\System32\winpfz32.sys [2007/06/27 05:14:28 | 000,016,591 | ---- | C] () -- C:\WINDOWS\cs_cache.ini [2006/11/08 19:07:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/10/26 18:19:20 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys [2006/02/01 19:34:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ricky\Application Data\PFP120JPR.{PB [2006/02/01 19:34:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ricky\Application Data\PFP120JCM.{PB [2006/01/04 18:40:45 | 000,000,881 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2005/12/30 11:37:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2005/12/03 21:39:06 | 000,000,010 | ---- | C] () -- C:\WINDOWS\smdat32m.sys [2005/12/03 21:39:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\smdat32a.sys [2005/12/01 21:25:15 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/12/01 21:25:15 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0A354710AB.sys [2005/11/29 14:28:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini [2005/11/29 14:24:14 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2005/11/29 14:24:14 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin [2005/11/29 14:24:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2005/11/29 14:21:20 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2005/11/29 14:20:05 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini [2005/07/14 07:44:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/07/14 07:29:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/07/14 07:27:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/07/14 06:58:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2005/07/14 06:57:20 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 12:57:15 | 000,352,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 12:51:20 | 000,492,506 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 12:51:20 | 000,090,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/10 12:51:15 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\mswsock.dll [2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 12:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll [color=#E56717]========== LOP Check ==========[/color] [2009/12/25 19:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\201CC [2009/11/20 16:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2012/01/09 20:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2007/06/27 05:36:01 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Application Data\SalesMonitor [2008/05/04 11:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2008/12/03 13:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/06/27 05:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 [2007/07/07 07:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\NetMon [2009/12/25 20:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Dealio [2005/12/01 21:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Earthlink [2005/12/05 21:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EarthLink Toolbar [2006/09/13 13:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EPSON [2007/10/28 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\FUJIFILM [2005/11/29 14:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Leadertech [2011/08/12 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Search Settings [2007/07/29 20:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Slide [2006/04/04 17:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Smart Panel [2006/10/21 16:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SmartDraw [2007/09/27 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Snapfish [2007/02/09 19:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlocker [2007/01/21 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlockerUtility_Icons [2008/05/31 12:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\TAIT3 [2008/02/13 20:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Ulead Systems [2007/04/18 07:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Viewpoint [2006/10/18 18:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\WinAntiSpyware 2006 [2007/06/27 05:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\WinAntiSpyware 2007 [2009/12/28 19:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\bearsharetb [2010/03/05 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\EPSON [2010/10/28 21:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\FUJIFILM [2010/07/08 23:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Ifsun [2005/11/29 20:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Leadertech [2010/07/14 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Nyigyw [2011/08/31 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Search Settings [2007/04/30 20:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Smart Panel [2010/07/21 03:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Smilebox [2007/01/31 21:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\SpamBlockerUtility_Icons [2007/08/09 16:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Viewpoint [2006/10/23 14:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\WinAntiSpyware 2006 [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2005/12/05 21:52:28 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe [2012/01/11 09:43:30 | 001,008,141 | ---- | M] () MD5=28C253A0212B221E96F6A17499B91651 -- C:\Documents and Settings\Ricky\Desktop\eXplorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX0\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX1\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX2\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX3\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX4\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX5\procs\explorer.exe [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX0\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX1\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX2\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX3\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX4\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX5\h\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe [2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX0\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX1\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX2\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX3\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX4\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX5\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX0\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX1\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX2\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX3\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX4\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Ricky\Local Settings\Temp\RarSFX5\winlogon.exe [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >[/color] "Type" = 1 "Start" = 1 "ErrorControl" = 1 "Tag" = 5 "ImagePath" = system32\DRIVERS\netbt.sys -- [2004/08/04 05:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) "DisplayName" = NetBios over Tcpip "Group" = PNP_TDI "DependOnService" = Tcpip [binary data] "DependOnGroup" = [binary data] "Description" = NetBios over Tcpip [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage] "OtherDependencies" = Tcpip [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters] "NbProvider" = _tcp "NameServerPort" = 137 "CacheTimeout" = 600000 "BcastNameQueryCount" = 3 "BcastQueryTimeout" = 750 "NameSrvQueryCount" = 3 "NameSrvQueryTimeout" = 1500 "Size/Small/Medium/Large" = 1 "SessionKeepAlive" = 3600000 "TransportBindName" = \Device\ "EnableLMHOSTS" = 1 "DhcpNodeType" = 8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{078510B6-55D8-4A81-AADB-FD5B2CD38B3A}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3}] "NameServerList" = [binary data] "NetbiosOptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F9490C3D-B287-44DF-9035-70B6801B4E9A}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security] "Security" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum] "0" = Root\LEGACY_NETBT\0000 "Count" = 1 "NextInstance" = 1 [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >[/color] "Type" = 2 "Start" = 1 "ErrorControl" = 1 "Tag" = 1 "ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/04 05:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) "DisplayName" = NetBIOS Interface "Group" = NetBIOSGroup "Description" = NetBIOS Interface [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage] "LanaMap" = 01 00 00 01 00 02 00 03 00 04 [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters] "MaxLana" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock] "HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) "MaxSockAddrLength" = 20 "MinSockAddrLength" = 20 "Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security] "Security" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum] "0" = Root\LEGACY_NETBIOS\0000 "Count" = 1 "NextInstance" = 1 [color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] [color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2007/07/09 18:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Mary Kay\Application Data\?ystem) -- C:\Documents and Settings\Mary Kay\Application Data\ѕystem [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 816 bytes -> C:\WINDOWS\3949259467:873831188.exe < End of report >