WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93122 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

spyware.spyeyes

Started by lthsinc , Oct 28 2010 05:40 PM

Page 5 of 12
3
4
5
6
7

Please log in to reply

177 replies to this topic

#61 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 23 November 2010 - 01:20 PM

Kept trying to download the scanner, but the site kept saying that it couldn't work on this computer. Then I realized that I was trying to download in Safari, and you'd said to use IE. Now scanner is downloading, will run and post results when done. Thanks for your patience!

Advertisements

Register to Remove

#62 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 23 November 2010 - 02:41 PM

Ok, new kink...scanner seemed to be working, it downloaded the program, then was updating the definitions, but then I keep getting an error message that says, "Update has failed. The program could not be started. Please cloe the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the INtertnet connection is established. [ERROR: License has expired] However, the internet connection has been consistent with no interruptions, so don't know that this applies. In any case, can't run the program. Any suggestions?

#63 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 24 November 2010 - 02:33 AM

Ok, let's try ESET then

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#64 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 25 November 2010 - 01:05 PM

This one worked just fine, here you go: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip Win32/Bagle.gen.zip worm C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip Win32/Bagle.gen.zip worm C:\Documents and Settings\TEST\Desktop\GooredFix Backups\C\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{672f6eb2-9731-4047-b5e4-02443f330fdf}\chrome\xulcache.jar JS/Agent.NCP trojan C:\Documents and Settings\TEST\Desktop\GooredFix Backups\C\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{84b0c4a5-dd4c-483f-a01c-d25d13733609}\chrome\xulcache.jar JS/Agent.NCP trojan C:\Documents and Settings\TEST\My Documents\Downloads\WinPE iso\WinPE.Iso multiple threats C:\Documents and Settings\TEST\My Documents\FrostWire\Saved\lenovo g530 vista windosw [ALIVETORRENTS.COM][xvolit].zip a variant of Win32/Kryptik.HRI trojan C:\Documents and Settings\TEST\My Documents\FrostWire\Saved\track001\play_mp3_setup.exe a variant of Win32/Kryptik.HRI trojan C:\Program Files\ABC Amber BlackBerry Converter\abcberry.exe probably unknown NewHeur_PE virus C:\Program Files\Creative Planet\Movie Magic Scheduling\MMS.exe a variant of Win32/Kryptik.AA trojan C:\Program Files\LimeWire\bible belt my cousin vinny.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C:\Program Files\LimeWire\bible belt my cousin vinny.wma WMA/TrojanDownloader.Wimad.N trojan C:\Program Files\LimeWire\could this be magic top billboard hits.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan C:\Program Files\LimeWire\MS Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project) w crack.iso probably a variant of Win32/Hupigon.DHMBFEX trojan C:\Program Files\LimeWire\sue me frank sinatra.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C:\Program Files\LimeWire\vasectomy family guy.wma WMA/TrojanDownloader.Wimad.N trojan C:\Program Files\Mozilla Firefox\components\tdwmsylcirtcbz.dll a variant of Win32/TrojanDownloader.Zlob.NCA trojan C:\WINDOWS\system32\u_tdwmsylcirtcbz.dll.exe Win32/Adware.GooochiBiz.AE.Gen application C:\WINDOWS\system32\VvCfPXbc.ini2 Win32/Adware.Virtumonde.NEO application C:\WINDOWS\system32\LocalService(2)\325.music.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan C:\WINDOWS\system32\LocalService(2)\326.music2.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan C:\WINDOWS\system32\LocalService(2)\327.music3.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan C:\WINDOWS\system32\LocalService(2)\328.music4.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan

#65 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 25 November 2010 - 10:15 PM

You forgot to run MBAM as well.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#66 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 26 November 2010 - 01:32 PM

Actually, oddly enough, I did, but just because I run those periodically anyway. I didn't realize you wanted that until I got your reply, and scrolled back up through the past response, when you told me to run the Kaspersky scanner, sorry I forgot, here you go: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5186 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 11/25/2010 11:01:48 AM mbam-log-2010-11-25 (11-01-48).txt Scan type: Full scan (C:\|) Objects scanned: 425184 Time elapsed: 7 hour(s), 57 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\TEST\My Documents\FrostWire\Saved\track001\play_mp3_setup.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully. C:\Program Files\ZipItFree\delayexec.exe (PUP.Joke) -> Quarantined and deleted successfully.

#67 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 27 November 2010 - 11:55 AM

Hi,

You have ( Frostwire and Limewire ), a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.internetw...cles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall it, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

You also have cracks and keygens on your computer. Cracks and keygen - a very good source for trojans, viruses, backdoors, keyloggers, rootkits and who knows what else. If you keep downloading these types of programs you will get infected again.

http://forums.whatth...boardrules.html

We will NOT help anyone we suspect of having obtained their software illegally.

http://forums.whatth...showtopic=92526

We do not support the use of illegal Pirated/Warez/Cracked software.

===================================================

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Files
C:\Documents and Settings\TEST\My Documents\FrostWire\Saved\lenovo g530 vista windosw [ALIVETORRENTS.COM][xvolit].zip
C:\Documents and Settings\TEST\My Documents\FrostWire\Saved\track001\play_mp3_setup.exe
C:\Program Files\LimeWire\bible belt my cousin vinny.mp3
C:\Program Files\LimeWire\bible belt my cousin vinny.wma
C:\Program Files\LimeWire\could this be magic top billboard hits.au
C:\Program Files\LimeWire\MS Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project) w crack.iso
C:\Program Files\LimeWire\sue me frank sinatra.mp3
C:\Program Files\LimeWire\vasectomy family guy.wma
C:\Program Files\Mozilla Firefox\components\tdwmsylcirtcbz.dll
C:\WINDOWS\system32\u_tdwmsylcirtcbz.dll.exe
C:\WINDOWS\system32\VvCfPXbc.ini2
C:\Program Files\ABC Amber BlackBerry Converter\abcberry.exe
C:\Program Files\Creative Planet\Movie Magic Scheduling\MMS.exe

:Commands
[emptyflash]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

===================================================

Please get a new OTL scan log. Please set OTL up this way for the scan.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
UNCheck the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
C:\WINDOWS\system32\LocalService(2)\*.*
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

===================================================

On your next reply please post :
OTL fix log
Fresh OTL log

Good Day!

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#68 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 29 November 2010 - 11:07 AM

Actually, just so you know, Frostwire was on my computer for all of about an hour, then it was removed. I guess there was something leftover. Limewire has been on the computer for about 3 years, but not used in probably a couple of those, I had a paid license for that. In fact I have paid licenses for all of my software, the only programs that were downloaded were older ones that I could not find the discs for when I had to reformat, or reinstall. Here is the OTL fix log:

All processes killed
========== FILES ==========
C:\Documents and Settings\TEST\My Documents\FrostWire\Saved\lenovo g530 vista windosw [ALIVETORRENTS.COM][xvolit].zip moved successfully.
File\Folder C:\Documents and Settings\TEST\My Documents\FrostWire\Saved\track001\play_mp3_setup.exe not found.
C:\Program Files\LimeWire\bible belt my cousin vinny.mp3 moved successfully.
C:\Program Files\LimeWire\bible belt my cousin vinny.wma moved successfully.
C:\Program Files\LimeWire\could this be magic top billboard hits.au moved successfully.
C:\Program Files\LimeWire\MS Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project) w crack.iso moved successfully.
C:\Program Files\LimeWire\sue me frank sinatra.mp3 moved successfully.
C:\Program Files\LimeWire\vasectomy family guy.wma moved successfully.
C:\Program Files\Mozilla Firefox\components\tdwmsylcirtcbz.dll moved successfully.
C:\WINDOWS\system32\u_tdwmsylcirtcbz.dll.exe moved successfully.
C:\WINDOWS\system32\VvCfPXbc.ini2 moved successfully.
C:\Program Files\ABC Amber BlackBerry Converter\abcberry.exe moved successfully.
C:\Program Files\Creative Planet\Movie Magic Scheduling\MMS.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 35 bytes

User: Default User

User: LocalService

User: Me

User: NetworkService

User: TEST
->Flash cache emptied: 12024 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Me

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TEST
->Temp folder emptied: 173651420 bytes
->Temporary Internet Files folder emptied: 79053373 bytes
->Java cache emptied: 128107 bytes
->FireFox cache emptied: 74627122 bytes
->Google Chrome cache emptied: 8413113 bytes
->Apple Safari cache emptied: 183866368 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3053824 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 499.00 mb

OTL by OldTimer - Version 3.2.17.2 log created on 11282010_105357

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

And here is the new OTL log:

OTL logfile created on: 11/28/2010 11:22:16 AM - Run 4
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 19.03 Gb Free Space | 13.04% Space Free | Partition Type: NTFS

Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\AOL 9.5\waol.exe (AOL Inc.)
PRC - C:\Program Files\AOL 9.5\shellmon.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File not found
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (MWLSvc) -- C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (McAfee, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 46 69 1D 58 56 7A 49 82 8B E7 F3 E0 9F 37 F7 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "raiders.com"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/06 22:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/28 10:54:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 12:42:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/10/06 19:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/23 11:45:59 | 000,000,000 | ---D | M]

[2008/10/15 08:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2010/11/23 16:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions
[2010/04/28 11:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/08 13:14:50 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/23 16:58:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/28 23:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\toolbar@ask.com
[2010/05/12 09:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\videodowloader@videodownloader.net
[2010/11/23 16:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/28 07:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/07 15:25:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/10/06 06:47:47 | 000,393,092 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.103 HP00187162F0E7
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101005205813.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Moviefone Toolbar Loader) - {cc40a9f8-4270-425e-972f-4140f0b6f71b} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Moviefone Toolbar) - {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Moviefone Toolbar) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [StartupBlaster] C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &Moviefone Toolbar Search - C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Reg Error: Value error.)
O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} http://www.callertun...eeting/CBRT.cab (HttpVoicePlay Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229971661671 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...127/qboax10.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://10.0.0.156/Ne...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.w...ort/ieatgpc.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23ff1cf0-f1f4-11dd-8e77-001e4c5eba48}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{4cd05f39-dcba-11df-904b-001e4c5eba48}\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O33 - MountPoints2\{620b704a-63f9-11dd-8e17-001d09b6e55c}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 20:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/23 11:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/11/09 12:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AOL Toolbar
[2010/11/08 13:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2010/11/08 09:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2010/11/08 09:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2010/11/08 09:28:50 | 000,065,536 | ---- | C] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2010/11/08 09:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2010/11/06 00:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\TEST\IECompatCache
[2010/11/06 00:14:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\TEST\UserData
[2010/11/05 09:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\GooredFix Backups
[2010/11/04 06:51:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/03 09:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\What the Tech tools
[2010/11/02 08:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\NumusDiskBuilder
[2010/11/02 08:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/11/02 08:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/11/02 08:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\Xenocode
[2010/11/02 08:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Numus Disk Builder and Burner
[2010/11/01 18:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AskToolbar
[2010/11/01 18:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NeoSmart_Technologies
[2010/11/01 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2010/11/01 11:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/17 23:33:25 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2008/04/30 13:04:31 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll

========== Files - Modified Within 30 Days ==========

[2010/11/28 11:18:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/28 11:16:08 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/11/28 11:10:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/28 11:09:31 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 11:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/28 10:47:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008UA.job
[2010/11/28 06:47:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008Core.job
[2010/11/27 20:47:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/11/24 20:30:57 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\esetsmartinstaller_enu.exe
[2010/11/23 17:03:04 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Microsoft Office Outlook.lnk
[2010/11/23 11:22:19 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\to contact.xls
[2010/11/15 10:47:48 | 000,461,764 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_8.pdf
[2010/11/15 10:01:02 | 000,385,211 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit_2.pdf
[2010/11/15 09:53:55 | 000,384,375 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit.pdf
[2010/11/15 09:44:45 | 000,625,482 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_7.pdf
[2010/11/15 09:39:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/11/15 09:37:30 | 000,475,220 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_6.pdf
[2010/11/15 09:31:00 | 000,436,015 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_5.pdf
[2010/11/15 09:21:53 | 000,416,131 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_92310 deposit.pdf
[2010/11/15 09:17:11 | 000,560,779 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_4.pdf
[2010/11/15 09:05:52 | 000,524,354 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_3.pdf
[2010/11/15 09:02:04 | 000,540,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_2.pdf
[2010/11/15 08:52:59 | 000,487,143 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_1.pdf
[2010/11/09 11:29:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/08 09:32:16 | 000,000,715 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/11/08 09:32:14 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.5.lnk
[2010/11/08 09:32:13 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2010/11/07 18:52:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/05 18:48:26 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 18:48:25 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Google Chrome.lnk
[2010/11/04 08:19:46 | 000,127,628 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/04 07:46:25 | 002,176,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 09:45:13 | 000,252,549 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/01 20:43:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/01 10:27:05 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/11/01 00:01:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

========== Files Created - No Company Name ==========

[2010/11/24 20:31:08 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\esetsmartinstaller_enu.exe
[2010/11/15 10:47:48 | 000,461,764 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_8.pdf
[2010/11/15 10:33:26 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\to contact.xls
[2010/11/15 10:01:02 | 000,385,211 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit_2.pdf
[2010/11/15 09:53:55 | 000,384,375 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit.pdf
[2010/11/15 09:44:45 | 000,625,482 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_7.pdf
[2010/11/15 09:37:30 | 000,475,220 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_6.pdf
[2010/11/15 09:31:00 | 000,436,015 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_5.pdf
[2010/11/15 09:21:53 | 000,416,131 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_92310 deposit.pdf
[2010/11/15 09:17:11 | 000,560,779 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_4.pdf
[2010/11/15 09:05:52 | 000,524,354 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_3.pdf
[2010/11/15 09:02:04 | 000,540,277 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_2.pdf
[2010/11/15 08:52:59 | 000,487,143 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_1.pdf
[2010/11/08 09:32:14 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.5.lnk
[2010/11/04 07:50:24 | 2011,213,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/03 09:45:13 | 000,252,549 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/01 17:34:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 10:27:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/08/26 13:24:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 15:30:29 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/12 10:24:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/04 10:32:09 | 000,002,828 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\HPCOM_48BitScanUpdate.log
[2010/05/04 10:32:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/15 08:30:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\imageCache8_UNI.db
[2009/11/23 11:10:06 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_audio.Cache
[2009/11/23 11:09:25 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image.Cache
[2009/11/05 19:34:47 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/09/10 20:48:59 | 000,000,127 | R--- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 07:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image32.Cache
[2009/06/23 20:01:17 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/06/19 16:51:31 | 000,023,932 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2009/02/20 22:09:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/12/31 12:21:49 | 000,032,469 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Tab Separated Values (Windows).ADR
[2008/11/23 22:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/11/23 22:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/11/23 22:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/23 22:41:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/23 22:41:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/20 10:58:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2008/09/30 23:48:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bdeecc8_d.dll
[2008/08/07 13:35:08 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.7486160831680234
[2008/05/19 16:53:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/06 19:21:48 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/27 20:27:34 | 000,001,920 | ---- | C] () -- C:\Program Files\MileageWiz.lnk
[2007/12/27 19:39:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2007/12/27 14:37:49 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/12/27 12:05:14 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/12/27 12:05:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/27 11:41:49 | 000,040,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/27 00:25:18 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/27 00:25:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/12/26 22:47:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(3).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(7).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(6).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(5).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(4).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(3).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(11)(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(9).sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(8).sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(10).sys
[2007/12/26 21:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/12/26 20:10:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/14 04:15:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/14 04:03:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/14 04:03:54 | 000,000,259 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/14 03:30:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/12/14 03:30:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/12/14 03:30:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 16:45:14 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\CBRT.dll
[2005/03/01 04:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 03:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 02:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/12/19 01:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========

< C:\WINDOWS\system32\LocalService(2)\*.* >
[2010/02/15 17:55:51 | 000,002,486 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\321.crack.zip
[2009/09/10 14:55:05 | 000,000,060 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\321.crack.zip.kwd
[2010/02/15 17:55:51 | 000,003,221 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\322.keygen.zip
[2009/08/20 21:10:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\322.keygen.zip.kwd
[2010/02/15 17:55:52 | 000,003,365 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\323.serial.zip
[2009/10/22 11:28:30 | 000,000,173 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\323.serial.zip.kwd
[2010/02/15 17:55:52 | 000,001,265 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\324.setup.zip
[2009/08/20 21:09:26 | 000,000,206 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\324.setup.zip.kwd
[2009/10/22 12:01:46 | 005,159,273 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\325.music.au
[2009/09/18 06:57:21 | 000,000,137 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\325.music.au.kwd
[2009/10/22 12:03:06 | 005,545,150 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\326.music2.au
[2009/10/22 11:35:07 | 000,000,006 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\326.music2.au.kwd
[2009/10/22 12:03:33 | 005,846,215 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\327.music3.au
[2009/09/18 06:56:39 | 000,000,005 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\327.music3.au.kwd
[2009/10/22 12:03:57 | 005,101,457 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\328.music4.au
[2009/10/22 11:39:16 | 000,000,114 | ---- | M] () -- C:\WINDOWS\system32\LocalService(2)\328.music4.au.kwd

========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks, please le'me know if you need anything else. Talk w/you soon.

#69 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 30 November 2010 - 03:52 AM

Hi,

Did you add this line yourself?
O1 - Hosts: 192.168.0.103 HP00187162F0E7

===================================================

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

:Files
C:\WINDOWS\system32\LocalService(2)

:Commands
[emptyflash]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

===================================================

On your next reply please post :
Fresh OTL log
OTL fix log
How is it running now?

Good Day!

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#70 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 01 December 2010 - 04:11 AM

Sorry, no clue what that line is, as the saying goes, it's all Greek to me. Believe me, do not have the understanding to add anything other than exactly what you tell me to do.

Anyway,. am running the OTL fix, then will run a fresh OTL scan and post both shortly. Thanks, talk w/you soon.

Advertisements

Register to Remove

#71 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 01 December 2010 - 04:57 AM

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#72 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 01 December 2010 - 08:48 AM

Computer is running most definitely better. Only two new problems, first is that every time I start or restart the computer, it goes twice before loading up Windows. It starts to load, the starts again and completes. The other problem is that whatever we did really messes with AOL, it wouldn't work at all, no matter what I did, so then I reinstalled, and got the same problem, but after 2 or 3 restarts it began working again, but now it loads every time I start the computer. I'm trying a couple of options to see if I can make it stop. In the meantime I am running the new OTL scan, will upload those when done. Thanks as always, talk w/you soon.

#73 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 01 December 2010 - 09:06 AM

Ok, a couple of things to clarify. At which point that the load up restarts itself? On the loading screen before the welcome screen then it happens? AOL, as in AOL browser? I'm not familiar with AOL so sorry about that.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#74 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 01 December 2010 - 09:16 AM

Here is the OTL repair log:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\WINDOWS\system32\LocalService(2) folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 36 bytes

User: Default User

User: LocalService

User: Me

User: NetworkService

User: TEST
->Flash cache emptied: 2471 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Me

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TEST
->Temp folder emptied: 46810 bytes
->Temporary Internet Files folder emptied: 5635158 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 594288 bytes
->Apple Safari cache emptied: 135394304 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2567625 bytes
RecycleBin emptied: 19217315 bytes

Total Files Cleaned = 156.00 mb

OTL by OldTimer - Version 3.2.17.2 log created on 12012010_023328

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
And here is the fresh OTL scan:

OTL logfile created on: 12/1/2010 6:42:58 AM - Run 5
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 18.14 Gb Free Space | 12.43% Space Free | Partition Type: NTFS

Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File not found
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (MWLSvc) -- C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (McAfee, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://raiders.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 46 69 1D 58 56 7A 49 82 8B E7 F3 E0 9F 37 F7 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/06 22:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/28 10:54:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 12:42:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/10/06 19:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/23 11:45:59 | 000,000,000 | ---D | M]

[2008/10/15 08:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2010/11/30 11:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions
[2010/04/28 11:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/30 11:55:58 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/06/08 13:14:50 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/23 16:58:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/28 23:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\toolbar@ask.com
[2010/05/12 09:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\videodowloader@videodownloader.net
[2010/11/23 16:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/28 07:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/07 15:25:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/10/06 06:47:47 | 000,393,092 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.103 HP00187162F0E7
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101005205813.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Moviefone Toolbar Loader) - {cc40a9f8-4270-425e-972f-4140f0b6f71b} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Moviefone Toolbar) - {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Moviefone Toolbar) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [StartupBlaster] C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &Moviefone Toolbar Search - C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Reg Error: Value error.)
O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} http://www.callertun...eeting/CBRT.cab (HttpVoicePlay Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229971661671 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...127/qboax10.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://10.0.0.156/Ne...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.w...ort/ieatgpc.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23ff1cf0-f1f4-11dd-8e77-001e4c5eba48}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{4cd05f39-dcba-11df-904b-001e4c5eba48}\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O33 - MountPoints2\{620b704a-63f9-11dd-8e17-001d09b6e55c}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/30 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/11/30 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5a
[2010/11/24 20:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/09 12:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AOL Toolbar
[2010/11/08 13:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2010/11/08 09:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2010/11/08 09:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2010/11/08 09:28:50 | 000,065,536 | ---- | C] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2010/11/08 09:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2010/11/06 00:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\TEST\IECompatCache
[2010/11/06 00:14:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\TEST\UserData
[2010/11/05 09:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\GooredFix Backups
[2010/11/04 06:51:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/03 09:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\What the Tech tools
[2010/11/02 08:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\NumusDiskBuilder
[2010/11/02 08:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/11/02 08:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/11/02 08:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\Xenocode
[2010/11/02 08:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Numus Disk Builder and Burner
[2010/11/01 18:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AskToolbar
[2010/11/01 18:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NeoSmart_Technologies
[2010/11/01 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2010/11/01 11:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/17 23:33:25 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2008/04/30 13:04:31 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll

========== Files - Modified Within 30 Days ==========

[2010/12/01 06:47:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008UA.job
[2010/12/01 06:47:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008Core.job
[2010/12/01 06:15:05 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/12/01 02:37:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 02:37:05 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 02:35:15 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/12/01 01:11:54 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/12/01 01:00:58 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/11/30 20:47:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/11/30 16:29:54 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Microsoft Office Outlook.lnk
[2010/11/30 12:43:27 | 000,060,881 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Roast_Chicken_with_Herb_Butter,_Onions_and_Garlic.pdf
[2010/11/30 11:57:43 | 000,000,715 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/11/30 11:57:41 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.5.lnk
[2010/11/30 11:57:41 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2010/11/30 11:12:53 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/11/29 10:47:15 | 000,007,200 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\smiley-chores015.gif
[2010/11/23 11:22:19 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\to contact.xls
[2010/11/15 10:47:48 | 000,461,764 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_8.pdf
[2010/11/15 10:01:02 | 000,385,211 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit_2.pdf
[2010/11/15 09:53:55 | 000,384,375 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit.pdf
[2010/11/15 09:44:45 | 000,625,482 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_7.pdf
[2010/11/15 09:39:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/11/15 09:37:30 | 000,475,220 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_6.pdf
[2010/11/15 09:31:00 | 000,436,015 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_5.pdf
[2010/11/15 09:21:53 | 000,416,131 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_92310 deposit.pdf
[2010/11/15 09:17:11 | 000,560,779 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_4.pdf
[2010/11/15 09:05:52 | 000,524,354 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_3.pdf
[2010/11/15 09:02:04 | 000,540,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_2.pdf
[2010/11/15 08:52:59 | 000,487,143 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Chase_1.pdf
[2010/11/09 11:29:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/07 18:52:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/05 18:48:26 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 18:48:25 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Google Chrome.lnk
[2010/11/04 08:19:46 | 000,127,628 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/04 07:46:25 | 002,176,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 09:45:13 | 000,252,549 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/01 20:43:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

========== Files Created - No Company Name ==========

[2010/12/01 01:11:54 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/11/30 23:36:02 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/11/30 12:43:25 | 000,060,881 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Roast_Chicken_with_Herb_Butter,_Onions_and_Garlic.pdf
[2010/11/29 10:47:15 | 000,007,200 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\smiley-chores015.gif
[2010/11/15 10:47:48 | 000,461,764 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_8.pdf
[2010/11/15 10:33:26 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\to contact.xls
[2010/11/15 10:01:02 | 000,385,211 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit_2.pdf
[2010/11/15 09:53:55 | 000,384,375 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_90210 deposit.pdf
[2010/11/15 09:44:45 | 000,625,482 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_7.pdf
[2010/11/15 09:37:30 | 000,475,220 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_6.pdf
[2010/11/15 09:31:00 | 000,436,015 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_5.pdf
[2010/11/15 09:21:53 | 000,416,131 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_92310 deposit.pdf
[2010/11/15 09:17:11 | 000,560,779 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_4.pdf
[2010/11/15 09:05:52 | 000,524,354 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_3.pdf
[2010/11/15 09:02:04 | 000,540,277 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_2.pdf
[2010/11/15 08:52:59 | 000,487,143 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Chase_1.pdf
[2010/11/08 09:32:14 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.5.lnk
[2010/11/04 07:50:24 | 2011,213,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/03 09:45:13 | 000,252,549 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/01 17:34:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/08/26 13:24:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 15:30:29 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/12 10:24:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/04 10:32:09 | 000,002,828 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\HPCOM_48BitScanUpdate.log
[2010/05/04 10:32:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/15 08:30:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\imageCache8_UNI.db
[2009/11/23 11:10:06 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_audio.Cache
[2009/11/23 11:09:25 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image.Cache
[2009/11/05 19:34:47 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/09/10 20:48:59 | 000,000,127 | R--- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 07:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image32.Cache
[2009/06/23 20:01:17 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/06/19 16:51:31 | 000,023,932 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2009/02/20 22:09:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/12/31 12:21:49 | 000,032,469 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Tab Separated Values (Windows).ADR
[2008/11/23 22:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/11/23 22:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/11/23 22:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/23 22:41:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/23 22:41:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/20 10:58:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2008/09/30 23:48:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bdeecc8_d.dll
[2008/08/07 13:35:08 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.7486160831680234
[2008/05/19 16:53:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/06 19:21:48 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/27 20:27:34 | 000,001,920 | ---- | C] () -- C:\Program Files\MileageWiz.lnk
[2007/12/27 19:39:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2007/12/27 14:37:49 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/12/27 12:05:14 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/12/27 12:05:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/27 11:41:49 | 000,040,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/27 00:25:18 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/27 00:25:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/12/26 22:47:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(3).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(7).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(6).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(5).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(4).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(3).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(11)(2).sys
[2007/12/26 22:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(9).sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(8).sys
[2007/12/26 22:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(10).sys
[2007/12/26 21:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/12/26 20:10:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/14 04:15:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/14 04:03:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/14 04:03:54 | 000,000,259 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/14 03:30:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/12/14 03:30:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/12/14 03:30:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 16:45:14 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\CBRT.dll
[2005/03/01 04:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 03:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 02:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/12/19 01:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >

#75 lthsinc

Authentic Member

Authentic Member
103 posts

Posted 01 December 2010 - 09:51 AM

Update: I was able to get AOL to stop loading when starting the computer, but am still having the start twice thing, which may or may not mean anything.

Body Background

skin color theme