Solved Keyboard not responding in IE8/Facebook

[Resolved] Keyboard not responding in IE8/Facebook

I'm having an issue with my keyboard not responding when logged into facebook using IE8. This issue is only happening in facebook. I downloaded and installed Google Chrome and the keyboard works fine without any issues. When I first noticed the issue I ran Malwarebytes and two issues were detected so I am posted that scan. Today's scan showed nothing.

Having trouble with the size of this post so I am splitting it up. Your assistance is greatly appreciated!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8178

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/16/2011 6:01:14 PM
mbam-log-2011-11-16 (18-01-14).txt

Scan type: Quick scan
Objects scanned: 208515
Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ( "%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 13:35:09
-----------------------------
13:35:09.406 OS Version: Windows 5.1.2600 Service Pack 3
13:35:09.406 Number of processors: 1 586 0x209
13:35:09.406 ComputerName: HOME-1GQ90OUW1V UserName: Owner
13:35:10.906 Initialize success
13:35:48.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:35:48.359 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
13:35:48.390 Disk 0 MBR read successfully
13:35:48.390 Disk 0 MBR scan
13:35:48.390 Disk 0 Windows XP default MBR code
13:35:48.406 Disk 0 scanning sectors +156232125
13:35:48.515 Disk 0 scanning C:\WINDOWS\system32\drivers
13:37:01.593 Service scanning
13:37:04.203 Modules scanning
13:38:48.468 Disk 0 trace - called modules:
13:38:48.531 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
13:38:48.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad06ab8]
13:38:48.531 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad5ab00]
13:38:48.531 Scan finished successfully
13:39:21.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat "
13:39:21.953 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt "


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Owner at 14:21:31 on 2011-12-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1814 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Linksys\WMP300N\WMP300N.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\SIW\siw.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uWindow Title =
mWindow Title =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: {013BC7FF-08C6-4397-84FF-81C308FE7DAd} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0A561DEE-5FBF-B7B7-89D3-283AC22678B5} - No File
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111110083414.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
mRun: [LXCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCCtime.dll,_RunDLLEntry@16
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe "
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\HotSync Manager.lnk.disabled
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\Secunia PSI.lnk.disabled
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WinZip Quick Pick.lnk.disabled
IE: &Search - ?p=GR
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217097203656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217097109531
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941}
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{89F03F0B-9D19-42D9-ACE2-5E9369D793CE} : DhcpNameServer = 71.243.0.12 68.237.161.12
TCP: Interfaces\{A72EF7CD-70FE-4E14-9107-0DD99ADBA819} : DhcpNameServer = 192.168.1.1 71.243.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-19 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-19 89792]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-3-16 47504]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 151552]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-9-4 722616]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-19 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-19 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-19 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-19 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-19 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-19 150856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-7 24652]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2006-4-9 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-3-16 673872]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-19 57600]
R3 cpuz135;cpuz135;\??\c:\docume~1\owner\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2006-4-9 2235760]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-19 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-19 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-19 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-19 83856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2011-4-17 822400]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]
S2 WMP300NSvc;WMP300NSvc;c:\program files\linksys\wmp300n\WLService.exe [2011-4-17 53307]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-19 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-19 87656]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2007-12-1 72576]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-12-04 18:51:06 -------- d-----w- c:\documents and settings\all users\Uniblue
2011-12-04 18:50:34 -------- d-----w- c:\documents and settings\owner\application data\Uniblue
2011-12-04 18:50:09 -------- d-----w- c:\program files\Uniblue
2011-12-04 18:49:42 -------- d-----w- c:\documents and settings\owner\application data\OpenCandy
2011-12-04 18:49:41 -------- d-----w- c:\program files\SIW
2011-12-02 16:07:09 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d996d4ee-bbce-473d-9c64-1ab5b267c30e}\offreg.dll
2011-12-02 16:07:06 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d996d4ee-bbce-473d-9c64-1ab5b267c30e}\mpengine.dll
2011-11-19 17:34:55 -------- d-----w- c:\program files\iPod
2011-11-17 00:16:29 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
.
==================== Find3M ====================
.
2011-11-16 18:18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 16:33:35 203776 --sh--w- c:\windows\system32\unrar.exe
.
============= FINISH: 14:23:23.03 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/18/2007 5:09:31 PM
System Uptime: 11/16/2011 5:56:38 PM (429 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 33.368 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02\3&172E68DD&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02\3&172E68DD&0&FD
Service:
.
==== System Restore Points ===================
.
RP474: 9/30/2011 3:16:16 AM - System Checkpoint
RP475: 9/30/2011 5:10:17 PM - Software Distribution Service 3.0
RP476: 10/1/2011 6:06:17 PM - System Checkpoint
RP477: 10/2/2011 7:00:52 PM - System Checkpoint
RP478: 10/3/2011 8:19:18 PM - System Checkpoint
RP479: 10/4/2011 5:03:42 AM - Software Distribution Service 3.0
RP480: 10/5/2011 5:59:02 AM - System Checkpoint
RP481: 10/6/2011 6:29:13 AM - System Checkpoint
RP482: 10/7/2011 7:10:29 AM - System Checkpoint
RP483: 10/7/2011 12:41:26 PM - Software Distribution Service 3.0
RP484: 10/8/2011 1:39:19 PM - System Checkpoint
RP485: 10/9/2011 1:57:28 PM - System Checkpoint
RP486: 10/10/2011 3:09:31 PM - System Checkpoint
RP487: 10/11/2011 4:46:46 PM - System Checkpoint
RP488: 10/12/2011 1:40:21 AM - Software Distribution Service 3.0
RP489: 10/13/2011 4:17:02 AM - System Checkpoint
RP490: 10/14/2011 3:00:48 AM - Software Distribution Service 3.0
RP491: 10/14/2011 3:27:59 AM - Software Distribution Service 3.0
RP492: 10/15/2011 3:38:03 AM - System Checkpoint
RP493: 10/16/2011 3:44:23 AM - System Checkpoint
RP494: 10/17/2011 3:46:07 AM - System Checkpoint
RP495: 10/18/2011 4:16:30 AM - System Checkpoint
RP496: 10/18/2011 9:10:25 AM - Software Distribution Service 3.0
RP497: 10/19/2011 9:56:00 AM - System Checkpoint
RP498: 10/20/2011 11:12:22 AM - System Checkpoint
RP499: 10/21/2011 11:17:00 AM - System Checkpoint
RP500: 10/21/2011 12:57:56 PM - Software Distribution Service 3.0
RP501: 10/22/2011 1:10:53 PM - System Checkpoint
RP502: 10/23/2011 1:49:07 PM - System Checkpoint
RP503: 10/24/2011 2:31:22 PM - System Checkpoint
RP504: 10/25/2011 3:35:23 PM - System Checkpoint
RP505: 10/25/2011 4:40:04 PM - Software Distribution Service 3.0
RP506: 10/26/2011 6:06:16 PM - System Checkpoint
RP507: 10/27/2011 7:27:56 PM - System Checkpoint
RP508: 10/28/2011 6:50:24 PM - Software Distribution Service 3.0
RP509: 10/29/2011 6:53:23 PM - System Checkpoint
RP510: 10/30/2011 7:03:39 PM - System Checkpoint
RP511: 10/31/2011 9:18:44 PM - System Checkpoint
RP512: 11/1/2011 5:47:45 PM - Software Distribution Service 3.0
RP513: 11/2/2011 7:09:19 PM - System Checkpoint
RP514: 11/3/2011 10:37:08 PM - System Checkpoint
RP515: 11/4/2011 8:38:05 PM - Software Distribution Service 3.0
RP516: 11/5/2011 9:18:55 PM - System Checkpoint
RP517: 11/6/2011 8:49:18 PM - System Checkpoint
RP518: 11/7/2011 10:41:16 PM - System Checkpoint
RP519: 11/8/2011 3:53:17 AM - Software Distribution Service 3.0
RP520: 11/9/2011 5:31:38 AM - System Checkpoint
RP521: 11/10/2011 3:00:39 AM - Software Distribution Service 3.0
RP522: 11/11/2011 3:00:25 AM - Software Distribution Service 3.0
RP523: 11/11/2011 10:25:40 AM - Software Distribution Service 3.0
RP524: 11/12/2011 11:14:22 AM - System Checkpoint
RP525: 11/13/2011 12:31:19 PM - System Checkpoint
RP526: 11/14/2011 1:02:01 PM - System Checkpoint
RP527: 11/15/2011 11:51:34 AM - Software Distribution Service 3.0
RP528: 11/16/2011 12:14:01 PM - System Checkpoint
RP529: 11/17/2011 1:22:45 PM - System Checkpoint
RP530: 11/18/2011 6:04:16 PM - System Checkpoint
RP531: 11/18/2011 7:53:11 PM - Software Distribution Service 3.0
RP532: 11/19/2011 8:20:40 PM - System Checkpoint
RP533: 11/20/2011 8:38:36 PM - System Checkpoint
RP534: 11/21/2011 8:56:56 PM - System Checkpoint
RP535: 11/22/2011 7:26:30 AM - Software Distribution Service 3.0
RP536: 11/23/2011 4:44:14 AM - Windows Defender Checkpoint
RP537: 11/24/2011 5:58:27 AM - System Checkpoint
RP538: 11/25/2011 7:51:33 AM - System Checkpoint
RP539: 11/25/2011 5:56:55 PM - Software Distribution Service 3.0
RP540: 11/26/2011 6:56:54 PM - System Checkpoint
RP541: 11/27/2011 7:04:22 PM - System Checkpoint
RP542: 11/28/2011 7:34:43 PM - System Checkpoint
RP543: 11/29/2011 5:16:59 AM - Software Distribution Service 3.0
RP544: 11/30/2011 5:26:50 AM - System Checkpoint
RP545: 12/1/2011 5:43:47 AM - System Checkpoint
RP546: 12/2/2011 7:36:17 AM - System Checkpoint
RP547: 12/2/2011 11:06:48 AM - Software Distribution Service 3.0
RP548: 12/3/2011 11:13:23 AM - System Checkpoint
RP549: 12/4/2011 1:32:35 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe® Photoshop® Album Starter Edition 3.2
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browntech Image Plugin 2.02
CCleaner
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Comcast Toolbar
Creative Mass Storage Drivers
Creative MediaSource 5
Critical Update for Windows Media Player 11 (KB959772)
Dell DataSafe Online
Dell ResourceCD
Drivers Install For Linksys Easylink Advisor
Facebook Plug-In
Family Tree Maker Version 16
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IHA_MessageCenter
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 14.0.40.0
Intel(R) PRO Network Connections Drivers
Internet Explorer (Enable DEP)
iolo technologies' System Mechanic
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Lexmark 3300 Series
Lexmark Fax Solutions
Linksys Wireless-N PCI Adapter WMP300N
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Internet Security
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB933579)
OpenOffice.org 3.0
Palm Desktop
PowerDVD
QuickTime
Redist
RPS CRT
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SIW version 2011.10.29
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.4
System Checkup 3.0
System Requirements Lab for Intel
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmaiper
TurboTax 2008 wrapper
TurboTax 2008 wriiper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmaiper
TurboTax 2009 wrapper
TurboTax 2009 wriiper
TurboTax 2010
TurboTax 2010 waliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmaiper
TurboTax 2010 wrapper
TurboTax 2010 wriiper
Uniblue DriverScanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Broadband Toolbar (IE only)
Verizon Help and Support Tool
Verizon Servicepoint 1.5.22
Viewpoint Media Player
VoiceOver Kit
Vz In Home Agent
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip 14.5
XML Paper Specification Shared Components Pack 1.0
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/4/2011 10:35:15 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/4/2011 10:33:58 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
12/4/2011 10:33:41 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/4/2011 10:33:28 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WMP300NSvc service.
12/4/2011 1:45:31 PM, error: FW1 [1] - FW1: FW-1: last packet seen 11554 seconds ago, assumi-->
12/4/2011 1:45:31 PM, error: FW1 [1] - FW1: -->ng clock change.
12/3/2011 9:00:22 AM, error: FW1 [1] - FW1: FW-1: last packet seen -75 seconds ago, assuming-->
12/2/2011 9:04:08 PM, error: FW1 [1] - FW1: FW-1: last packet seen -72 seconds ago, assuming-->
12/2/2011 1:10:27 AM, error: FW1 [1] - FW1: FW-1: last packet seen -74 seconds ago, assuming-->
12/2/2011 1:06:42 PM, error: FW1 [1] - FW1: FW-1: last packet seen -70 seconds ago, assuming-->
11/30/2011 8:52:13 AM, error: Print [6161] - The document http://mail.aol.com/34945-111/aol-6/en-us/Lite/MsgRead.aspx?fol owned by Owner failed to print on printer Lexmark 3300 Series. Data type: LEMF. Size of the spool file in bytes: 15285647. Number of bytes printed: 0. Total number of pages in the document: 10. Number of pages printed: 3. Client machine: \\HOME-1GQ90OUW1V. Win32 error code returned by the print processor: 0 (0x0).
11/30/2011 7:21:09 AM, error: FW1 [1] - FW1: FW-1: last packet seen -63 seconds ago, assuming-->
11/30/2011 5:27:45 PM, error: FW1 [1] - FW1: FW-1: last packet seen -241 seconds ago, assumin-->
11/30/2011 5:27:45 PM, error: FW1 [1] - FW1: -->g clock change.
11/30/2011 2:22:23 AM, error: FW1 [1] - FW1: FW-1: last packet seen -59 seconds ago, assuming-->
11/29/2011 9:23:28 PM, error: FW1 [1] - FW1: FW-1: last packet seen -62 seconds ago, assuming-->
11/29/2011 6:26:51 AM, error: FW1 [1] - FW1: FW-1: last packet seen -64 seconds ago, assuming-->
11/28/2011 8:29:06 PM, error: FW1 [1] - FW1: FW-1: last packet seen -65 seconds ago, assuming-->
11/28/2011 8:29:06 PM, error: FW1 [1] - FW1: --> clock change.
11/28/2011 3:30:12 PM, error: FW1 [1] - FW1: FW-1: last packet seen -66 seconds ago, assuming-->
11/28/2011 2:17:39 PM, error: Print [6161] - The document http://www.amazon.com/BONGO-Womens-BG147-White-Bracelet/dp/B002 owned by Owner failed to print on printer Lexmark 3300 Series. Data type: LEMF. Size of the spool file in bytes: 5399162. Number of bytes printed: 0. Total number of pages in the document: 6. Number of pages printed: 2. Client machine: \\HOME-1GQ90OUW1V. Win32 error code returned by the print processor: 0 (0x0).
11/28/2011 2:16:04 PM, error: Print [6161] - The document http://www.amazon.com/XOXO-Womens-XO114-Rhinestone-Bracelet/dp/ owned by Owner failed to print on printer Lexmark 3300 Series. Data type: LEMF. Size of the spool file in bytes: 5497759. Number of bytes printed: 0. Total number of pages in the document: 6. Number of pages printed: 1. Client machine: \\HOME-1GQ90OUW1V. Win32 error code returned by the print processor: 0 (0x0).
11/28/2011 12:33:36 AM, error: FW1 [1] - FW1: FW-1: last packet seen -67 seconds ago, assuming-->
11/28/2011 10:31:25 AM, error: FW1 [1] - FW1: FW-1: last packet seen -61 seconds ago, assuming-->
11/27/2011 9:37:05 AM, error: FW1 [1] - FW1: FW-1: last packet seen -60 seconds ago, assuming-->
11/27/2011 7:34:44 PM, error: FW1 [1] - FW1: FW-1: last packet seen -68 seconds ago, assuming-->
.
==== End Of File ===========================

 

GMER log is too long - will split into two posts

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-04 13:33:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.16
Running: fbyxu7ti.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ffnorfob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF745F4C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF745F4D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF745F500]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF745F556]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF745F4AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF745F484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF745F498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF745F4EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF745F52C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF745F516]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF745F580]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF745F56C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF745F540]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03440FEF
.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03440FCD
.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03440FDE
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0351000A
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03510FCA
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 035100BF
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03510FDB
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03510098
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03510062
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03510F99
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 035100EB
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03510132
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03510121
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03510143
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0351007D
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03510025
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 035100D0
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03510051
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03510036
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 035100FC
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03500FB9
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0350004A
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0350000A
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03500FD4
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03500039
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03500FE5
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03500F8D
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [70, 8B] {JO 0xffffffffffffff8d}
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03500F9E
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 034F0F97
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!system 77C293C7 5 Bytes JMP 034F0FB2
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 034F0FDE
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 034F000C
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 034F0FCD
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 034F0FEF
.text C:\WINDOWS\System32\svchost.exe[252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 034E0FEF
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 027C0FEF
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 027C0014
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 027C0025
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 027C0040
.text C:\WINDOWS\Explorer.EXE[360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 017B0000
.text C:\WINDOWS\Explorer.EXE[360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 017B0FDB
.text C:\WINDOWS\Explorer.EXE[360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 017B0011
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017F0FEF
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 017F0F88
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 017F007D
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 017F0FA3
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 017F0FC0
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 017F0047
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017F0F5C
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017F0098
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017F00F5
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017F00DA
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017F011A
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 017F0058
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 017F0000
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 017F0F6D
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 017F002C
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 017F0011
.text C:\WINDOWS\Explorer.EXE[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017F00BF
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 017E0FCA
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 017E0076
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 017E001B
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 017E0000
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 017E0FAF
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 017E0FE5
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 017E0047
.text C:\WINDOWS\Explorer.EXE[360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 017E0036
.text C:\WINDOWS\Explorer.EXE[360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 017D0064
.text C:\WINDOWS\Explorer.EXE[360] msvcrt.dll!system 77C293C7 5 Bytes JMP 017D0FE3
.text C:\WINDOWS\Explorer.EXE[360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 017D0038
.text C:\WINDOWS\Explorer.EXE[360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 017D0000
.text C:\WINDOWS\Explorer.EXE[360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 017D0049
.text C:\WINDOWS\Explorer.EXE[360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 017D001D
.text C:\WINDOWS\Explorer.EXE[360] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 017C0000
.text C:\WINDOWS\Explorer.EXE[360] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 017C0FEF
.text C:\WINDOWS\Explorer.EXE[360] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 017C001B
.text C:\WINDOWS\Explorer.EXE[360] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 017C0FCA
.text C:\WINDOWS\Explorer.EXE[360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02470000
.text C:\WINDOWS\System32\svchost.exe[580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0011
.text C:\WINDOWS\System32\svchost.exe[580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D5006C
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D50051
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D50040
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D50025
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50F9E
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D50F3A
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D50F4B
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D50F0E
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D50F29
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D500B8
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D50F83
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D50FDE
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D50F5C
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D50FB9
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D5000A
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D500A7
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D0005B
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D0000A
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D00F94
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D0002C
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D0001B
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0FC8
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0053
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF001D
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0000
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF002E
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF0FE3
.text C:\WINDOWS\System32\svchost.exe[580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\System32\svchost.exe[604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990000
.text C:\WINDOWS\System32\svchost.exe[604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990036
.text C:\WINDOWS\System32\svchost.exe[604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00990025
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D005D
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D004C
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0F72
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0F8D
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0FAF
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F2B
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F3C
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0084
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0EF5
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D0EDA
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0F9E
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D000A
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F57
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D001B
.text C:\WINDOWS\System32\svchost.exe[604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F10
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F7C
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C000A
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0F8D
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0F9E
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\System32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0025
.text C:\WINDOWS\System32\svchost.exe[604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\System32\svchost.exe[604] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0055
.text C:\WINDOWS\System32\svchost.exe[604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B000C
.text C:\WINDOWS\System32\svchost.exe[604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0044
.text C:\WINDOWS\System32\svchost.exe[604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B001D
.text C:\WINDOWS\System32\svchost.exe[604] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900FCA
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900FE5
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0089
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB006C
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB002C
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00BF
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00AE
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00EB
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F5C
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F37
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0051
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F83
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB001B
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00DA
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA0F57
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BA0F8D
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DA, 88]
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0FA8
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930047
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 0093002C
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FC6
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0093001B
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FD7
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00910000
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0091001B
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0091002C
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 0091003D
.text C:\WINDOWS\System32\svchost.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\services.exe[1608] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1608] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040FD4

 

.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F9E
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0087
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0076
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0051
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F55
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F72
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F04
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF0F1F
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0EE9
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FCA
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0F8D
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\services.exe[1608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F3A
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070F61
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0007001E
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00070F7C
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [27, 88]
.text C:\WINDOWS\system32\services.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[1608] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[1608] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[1608] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1608] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1608] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[1608] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[1608] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[1620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[1620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00ED001B
.text C:\WINDOWS\system32\lsass.exe[1620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F10F79
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F1006E
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F10047
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F10036
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F10FAF
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F10090
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F1007F
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F10EF7
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F10F12
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F10EE6
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F10F94
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F10F54
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F10FCA
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\lsass.exe[1620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F10F37
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F00FB2
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F00F6B
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F00FC3
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F00F7C
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F00F8D
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [10, 89]
.text C:\WINDOWS\system32\lsass.exe[1620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F00014
.text C:\WINDOWS\system32\lsass.exe[1620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EF0FB0
.text C:\WINDOWS\system32\lsass.exe[1620] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EF0FC1
.text C:\WINDOWS\system32\lsass.exe[1620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EF0016
.text C:\WINDOWS\system32\lsass.exe[1620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\lsass.exe[1620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EF0031
.text C:\WINDOWS\system32\lsass.exe[1620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\lsass.exe[1620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EE0FE5
.text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F30022
.text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F700A4
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70FA5
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70073
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70FB6
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70058
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700B5
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F79
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700D0
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F37
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70F1C
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FD1
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F7003D
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F7002C
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F52
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F6006C
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6005B
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60040
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F6002F
.text C:\WINDOWS\system32\svchost.exe[1804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F5005D
.text C:\WINDOWS\system32\svchost.exe[1804] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F5004C
.text C:\WINDOWS\system32\svchost.exe[1804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FE3
.text C:\WINDOWS\system32\svchost.exe[1804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[1804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FD2
.text C:\WINDOWS\system32\svchost.exe[1804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F5001D
.text C:\WINDOWS\system32\svchost.exe[1804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[1868] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1868] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CA0025
.text C:\WINDOWS\system32\svchost.exe[1868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0058
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0047
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F6D
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0025
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0069
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F21
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE009F
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE007A
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE00B0
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0F9E
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0F3E
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0F06
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0FCD
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD006C
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD005B
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CD004A
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0039
.text C:\WINDOWS\system32\svchost.exe[1868] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0F9F
.text C:\WINDOWS\system32\svchost.exe[1868] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0FB0
.text C:\WINDOWS\system32\svchost.exe[1868] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FC1
.text C:\WINDOWS\system32\svchost.exe[1868] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0FE3
.text C:\WINDOWS\system32\svchost.exe[1868] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0016
.text C:\WINDOWS\system32\svchost.exe[1868] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0FD2
.text C:\WINDOWS\system32\svchost.exe[1868] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[2188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0FC0
.text C:\WINDOWS\System32\svchost.exe[2188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F79
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D0006E
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00F94
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00047
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00FCA
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F54
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D0009C
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000D9
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000C8
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00F25
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00FAF
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00000
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D0007F
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D0002C
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00011
.text C:\WINDOWS\System32\svchost.exe[2188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D000B7
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0036
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF005B
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF0025
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF000A
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0F94
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CF0FA5
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EF, 88]
.text C:\WINDOWS\System32\svchost.exe[2188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\System32\svchost.exe[2188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\System32\svchost.exe[2188] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0055
.text C:\WINDOWS\System32\svchost.exe[2188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0029
.text C:\WINDOWS\System32\svchost.exe[2188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\System32\svchost.exe[2188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0044
.text C:\WINDOWS\System32\svchost.exe[2188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE000C
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FD4
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280000
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00280F5E
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00280053
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00280F79
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00280F94
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280025
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0028009F
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00280084
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00280F21
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00280F32
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00280F06
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00280036
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00280FEF
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00280F4D
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280FC3
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00280FD4
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002800B0
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370025
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370F8D
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0037000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FD4
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370FA8
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FEF
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00370FB9
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [57, 88]
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370040
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FAB
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380FBC
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380011
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380000
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0038002C
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FD7
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 009A0FEF
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 009A000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 009A001B
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 009A0036
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3060] ws2_32.dll!socket 71AB4211 5 Bytes JMP 0295000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[292] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

 

I reset and restarted IE, still having the same issue.

 

ComboFix 11-12-04.04 - Owner 12/04/2011 20:40:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1923 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}
C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest
C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar
C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\defaults\preferences\xulcache.js
C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\install.rdf
C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}
C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest
C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar
C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\defaults\preferences\xulcache.js
C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\install.rdf
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\defaults\preferences\xulcache.js
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\install.rdf
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\searchplugins\bing-zugo.xml
C:\Program Files\Search Toolbar
C:\Program Files\Search Toolbar\icon.ico
C:\Program Files\Search Toolbar\SearchToolbar.dll
C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe
C:\WINDOWS\system32\1246575054


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))


2011-12-05 01:55:27 . 2011-12-05 01:55:27 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D996D4EE-BBCE-473D-9C64-1AB5B267C30E}\offreg.dll
2011-12-04 18:51:06 . 2011-12-04 18:51:06 -------- d-----w- C:\Documents and Settings\All Users\Uniblue
2011-12-04 18:50:34 . 2011-12-04 18:50:34 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Uniblue
2011-12-04 18:50:09 . 2011-12-04 18:50:09 -------- d-----w- C:\Program Files\Uniblue
2011-12-04 18:49:42 . 2011-12-04 18:49:53 -------- d-----w- C:\Documents and Settings\Owner\Application Data\OpenCandy
2011-12-04 18:49:41 . 2011-12-04 18:49:45 -------- d-----w- C:\Program Files\SIW
2011-12-02 16:07:06 . 2011-11-21 10:47:38 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D996D4EE-BBCE-473D-9C64-1AB5B267C30E}\mpengine.dll
2011-11-19 17:34:55 . 2011-11-19 17:34:57 -------- d-----w- C:\Program Files\iPod
2011-11-17 00:16:29 . 2011-11-17 00:16:26 205072 ----a-w- C:\WINDOWS\system32\drivers\tmcomm.sys
2011-11-16 18:17:48 . 2011-11-16 18:17:48 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Solid State Networks
2011-11-07 14:35:21 . 2011-11-07 14:35:21 -------- d-----w- C:\Documents and Settings\Guest\Application Data\iolo
2011-11-07 14:18:36 . 2011-11-07 14:18:36 -------- d-sh--w- C:\Documents and Settings\Default User\IETldCache
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-16 18:18:35 . 2011-05-15 20:58:45 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 . 2011-10-24 18:29:02 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 . 2011-10-24 18:29:02 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts
2011-10-15 18:16:16 . 2010-04-19 16:10:40 9608 ----a-w- C:\WINDOWS\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 89792 ----a-w- C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 87656 ----a-w- C:\WINDOWS\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 83856 ----a-w- C:\WINDOWS\system32\drivers\mfendisk.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 59456 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 57600 ----a-w- C:\WINDOWS\system32\drivers\cfwids.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 464176 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 338176 ----a-w- C:\WINDOWS\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 180816 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 . 2010-04-19 16:10:26 121256 ----a-w- C:\WINDOWS\system32\drivers\mfeapfk.sys
2011-10-10 14:22:41 . 2007-09-18 21:02:42 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-10-07 03:48:07 . 2008-08-06 22:46:23 6668624 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06:50 . 2003-03-20 20:18:10 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-26 15:41:20 . 2007-10-09 17:03:08 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 15:41:20 . 2003-07-16 20:40:34 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 15:41:14 . 2003-07-16 20:40:34 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2011-09-06 13:20:51 . 2003-07-16 20:51:25 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-08-13 16:33:35 203776 --sh--w- C:\WINDOWS\system32\unrar.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner "= "C:\Program Files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 16:22:26 338296]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 13:44:12 73728]
"Verizon_McciTrayApp "= "C:\Program Files\Verizon\McciTrayApp.exe" [2010-03-17 20:55:42 1565696]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 13:32:24 77824]
"mcui_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-09-16 22:38:10 1318552]
"APSDaemon "= "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 11:22:28 59240]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2011-10-24 18:28:52 421888]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-13 05:24:58 421736]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk.disabled [2007-11-18 1490]
Secunia PSI.lnk.disabled [2009-9-5 720]
ZooskMessenger.lnk - C:\Program Files\ZooskMessenger\ZooskMessenger.exe [2011-10-14 142848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
WinZip Quick Pick.lnk.disabled [2010-5-16 1660]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2008-03-16 17:41:24 24681 ----a-w- C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk]
backup=C:\WINDOWS\pss\ZooskMessenger.lnkStartup
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09:58 63712 ----a-w- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57:22 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 05:01:00 135264 ----a-w- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2005-07-12 09:36:32 299008 ----a-w- C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-07-21 00:16:16 192512 ----a-w- C:\Program Files\Lexmark 3300 Series\LXCCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-09-16 22:38:10 1318552 ----a-w- C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-01 04:14:15 68856 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6 "=
"Sonic RecordNow! "=
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" /background
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"FaxCenterServer "= "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
"lxccmon.exe "= "C:\Program Files\Lexmark 3300 Series\lxccmon.exe "
"LXCCCATS "=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"Verizon_McciTrayApp "=C:\Program Files\Verizon\McciTrayApp.exe
"Adobe ARM "= "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"SunJavaUpdateSched "= "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe
"Dell DataSafe Online "= "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE "=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE "=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SCC.EXE "=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE "=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP "= 50000:UDP:IHA_MessageCenter

R1 mfetdi2k;McAfee Inc. mfetdi2k;C:\WINDOWS\system32\drivers\mfetdi2k.sys [4/19/2010 11:10:26 AM 89792]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [3/16/2008 12:43:08 PM 47504]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 2:01:18 PM 151552]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [9/4/2011 10:57:44 AM 722616]
R2 McMPFSvc;McAfee Personal Firewall Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/19/2010 11:10:00 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/19/2010 11:10:00 AM 214904]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [4/19/2010 11:10:51 AM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [4/19/2010 11:10:30 AM 150856]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files\Secunia\PSI\psia.exe [1/10/2011 9:24:20 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files\Secunia\PSI\sua.exe [1/10/2011 9:24:20 AM 399416]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\drivers\vnasc.sys [4/9/2006 9:24:04 PM 121136]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [3/16/2008 12:43:00 PM 673872]
R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 6:19:58 PM 13592]
R2 WMP300NSvc;WMP300NSvc;C:\Program Files\Linksys\WMP300N\WLService.exe [4/17/2011 2:21:06 PM 53307]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\system32\drivers\cfwids.sys [4/19/2010 11:10:26 AM 57600]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\drivers\fw.sys [4/9/2006 8:24:16 PM 2235760]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\system32\drivers\mfefirek.sys [4/19/2010 11:10:26 AM 338176]
R3 mfendiskmp;mfendiskmp;C:\WINDOWS\system32\drivers\mfendisk.sys [4/19/2010 11:10:26 AM 83856]
R3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [9/1/2010 3:30:58 AM 15544]
R3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;C:\WINDOWS\system32\drivers\WMP300Nv1.sys [4/17/2011 2:21:35 PM 822400]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [1/29/2011 8:46:44 PM 136176]
S3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58:52 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [1/29/2011 8:46:44 PM 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 12:10:14 AM 267568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;C:\WINDOWS\system32\drivers\mfendisk.sys [4/19/2010 11:10:26 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\system32\drivers\mferkdet.sys [4/19/2010 11:10:26 AM 87656]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\drivers\netusbxp.sys [12/1/2007 2:33:51 PM 72576]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

Contents of the 'Scheduled Tasks' folder

2011-12-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57:16 . 2011-06-01 21:57:16]

2011-12-05 C:\WINDOWS\Tasks\DriverScanner.job
- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2011-12-04 18:50:11 . 2011-05-16 16:22:26]

2011-12-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-30 01:46:44 . 2011-01-30 01:46:20]

2011-12-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-30 01:46:44 . 2011-01-30 01:46:20]

2011-12-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003Core.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 21:57:53 . 2011-10-18 02:14:40]

2011-12-05 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003UA.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 21:57:53 . 2011-10-18 02:14:40]

2011-12-05 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20:06 . 2006-11-03 23:20:06]


------- Supplementary Scan -------

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB


------- File Associations -------

JSEFile=NOTEPAD.EXE %1

- - - - ORPHANS REMOVED - - - -

BHO-{013BC7FF-08C6-4397-84FF-81C308FE7DAd} - (no file)
BHO-{0A561DEE-5FBF-B7B7-89D3-283AC22678B5} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

Thanks for the info on System Mechanic, I will definitely uninstall. I don't know what happened to the combofix log but what I posted was all there was - Not sure if a new scan helps but I reran combofix.

ComboFix 11-12-05.01 - Owner 12/05/2011 9:38.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1948 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\install.rdf
c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest
c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar
c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\defaults\preferences\xulcache.js
c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\searchplugins\bing-zugo.xml
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 08:00 . 2011-12-05 08:00 -------- d-----w- c:\windows\LastGood
2011-12-05 01:55 . 2011-12-05 01:55 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D996D4EE-BBCE-473D-9C64-1AB5B267C30E}\offreg.dll
2011-12-04 18:51 . 2011-12-04 18:51 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-12-04 18:50 . 2011-12-04 18:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2011-12-04 18:50 . 2011-12-04 18:50 -------- d-----w- c:\program files\Uniblue
2011-12-04 18:49 . 2011-12-04 18:49 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenCandy
2011-12-04 18:49 . 2011-12-04 18:49 -------- d-----w- c:\program files\SIW
2011-12-02 16:07 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D996D4EE-BBCE-473D-9C64-1AB5B267C30E}\mpengine.dll
2011-11-19 17:34 . 2011-11-19 17:34 -------- d-----w- c:\program files\iPod
2011-11-17 00:16 . 2011-11-17 00:16 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-16 18:17 . 2011-11-16 18:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Solid State Networks
2011-11-07 14:35 . 2011-11-07 14:35 -------- d-----w- c:\documents and settings\Guest\Application Data\iolo
2011-11-07 14:18 . 2011-11-07 14:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 18:18 . 2011-05-15 20:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 18:16 . 2010-04-19 16:10 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2010-04-19 16:10 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 18:16 . 2010-04-19 16:10 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16 . 2010-04-19 16:10 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 18:16 . 2010-04-19 16:10 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16 . 2010-04-19 16:10 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2010-04-19 16:10 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2010-04-19 16:10 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2010-04-19 16:10 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2010-04-19 16:10 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-10 14:22 . 2007-09-18 21:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2008-08-06 22:46 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2003-03-20 20:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-07-16 20:40 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2003-07-16 20:40 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-13 16:33 203776 --sh--w- c:\windows\system32\unrar.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-05_01.56.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-18 21:09 . 2011-12-05 12:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-09-18 21:09 . 2011-12-04 20:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-09-18 21:09 . 2011-12-05 12:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-09-18 21:09 . 2011-12-04 20:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-05 19:43 . 2011-12-05 12:13 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-04-05 19:43 . 2011-12-04 20:27 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner "= "c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"Verizon_McciTrayApp "= "c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk.disabled [2007-11-18 1490]
Secunia PSI.lnk.disabled [2009-9-5 720]
ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [2011-10-14 142848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
WinZip Quick Pick.lnk.disabled [2010-5-16 1660]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2008-03-16 17:41 24681 ----a-w- c:\windows\system32\ckpNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk]
backup=c:\windows\pss\ZooskMessenger.lnkStartup
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 05:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2005-07-12 09:36 299008 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-07-21 00:16 192512 ----a-w- c:\program files\Lexmark 3300 Series\LXCCmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-09-16 22:38 1318552 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-01 04:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6 "=
"Sonic RecordNow! "=
"swg "=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe "=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"FaxCenterServer "= "c:\program files\Lexmark Fax Solutions\fm3032.exe" /s
"lxccmon.exe "= "c:\program files\Lexmark 3300 Series\lxccmon.exe "
"LXCCCATS "=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"Verizon_McciTrayApp "=c:\program files\Verizon\McciTrayApp.exe
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe "
"igfxpers "=c:\windows\system32\igfxpers.exe
"igfxtray "=c:\windows\system32\igfxtray.exe
"Dell DataSafe Online "= "c:\program files\Dell DataSafe Online\DataSafeOnline.exe" /m
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE "=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE "=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SCC.EXE "=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE "=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP "= 50000:UDP:IHA_MessageCenter
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/19/2010 11:10 AM 89792]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [3/16/2008 12:43 PM 47504]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 2:01 PM 151552]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/4/2011 10:57 AM 722616]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/19/2010 11:10 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/19/2010 11:10 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/19/2010 11:10 AM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/19/2010 11:10 AM 150856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 9:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 9:24 AM 399416]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [4/9/2006 9:24 PM 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [3/16/2008 12:43 PM 673872]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R2 WMP300NSvc;WMP300NSvc;c:\program files\Linksys\WMP300N\WLService.exe [4/17/2011 2:21 PM 53307]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/19/2010 11:10 AM 57600]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [4/9/2006 8:24 PM 2235760]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/19/2010 11:10 AM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/19/2010 11:10 AM 83856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
R3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [4/17/2011 2:21 PM 822400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2011 8:46 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2011 8:46 PM 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 12:10 AM 267568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/19/2010 11:10 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/19/2010 11:10 AM 87656]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [12/1/2007 2:33 PM 72576]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-05 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-12-04 16:22]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 01:46]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 01:46]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 02:14]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 02:14]
.
2011-12-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{013BC7FF-08C6-4397-84FF-81C308FE7DAd} - (no file)
BHO-{0A561DEE-5FBF-B7B7-89D3-283AC22678B5} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-05 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1632)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-05 09:54:29
ComboFix-quarantined-files.txt 2011-12-05 14:54
.
Pre-Run: 35,812,958,208 bytes free
Post-Run: 35,793,514,496 bytes free
.
- - End Of File - - 966E96C1EB88D74F10E83B4CF65C29C3

 

Splitting into two posts

OTL logfile created on: 12/5/2011 9:01:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.94% Memory free
3.10 Gb Paging File | 2.44 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.36 Gb Free Space | 44.78% Space Free | Partition Type: NTFS

Computer Name: HOME-1GQ90OUW1V | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 20:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/08/08 13:15:42 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/05/16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/16 12:42:58 | 000,036,971 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2007/08/19 22:22:00 | 005,306,368 | R--- | M] (Linksys) -- C:\Program Files\Linksys\WMP300N\WMP300N.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/07/06 09:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcccoms.exe
PRC - [2005/07/04 00:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WMP300N\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 02:35:10 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/14 02:34:12 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\be23c163048bbb0f72cfa339ef0eb193\log4net.ni.dll
MOD - [2011/10/14 02:26:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 02:26:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 02:26:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 02:25:46 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 02:25:07 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 02:22:42 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/07/23 14:18:02 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/03/21 19:19:26 | 000,045,056 | R--- | M] () -- C:\Program Files\Linksys\WMP300N\Security.dll
MOD - [2005/07/20 16:37:34 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcchpec.dll
MOD - [2005/07/20 16:37:30 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxccflib.dll
MOD - [2005/07/12 04:33:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2005/04/01 06:44:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 3300 Series\lxcccnv4.dll
MOD - [2003/10/12 23:30:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Linksys\WMP300N\GTW32N50.dll
MOD - [2002/04/23 08:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys\WMP300N\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP300NSvc)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/08 13:15:42 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/03/17 15:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/16 00:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/03/16 12:42:58 | 000,036,971 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2008/03/16 12:42:56 | 000,106,602 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/07/06 09:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/16 12:43:08 | 000,047,504 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2008/03/16 12:43:06 | 002,235,760 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2008/03/16 12:43:00 | 000,673,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2008/03/16 12:43:00 | 000,121,136 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2007/10/18 05:17:22 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WMP300Nv1.sys -- (WMP300Nv1)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/07/07 13:24:24 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/03/01 19:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005/05/06 13:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 13:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 13:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/09/25 06:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Linksys\WMP300N\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 11:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2002/02/19 13:34:18 | 000,072,576 | R--- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netusbxp.sys -- (USBNET_XP)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A AA 09 BC 6E B3 CC 01 [binary data]
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b2c65c52-65e4-4164-a095-b34ac4941549}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= "


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/04 21:12:29 | 000,000,000 | ---D | M]

[2009/03/02 19:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/02 19:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/22 14:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions
[2010/06/14 18:16:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/14 18:16:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/02 14:51:39 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\searchtoolbar@zugo.com
[2009/09/12 11:47:51 | 000,001,727 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\searchplugins\causes-search.xml
[2011/04/23 15:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/20 09:41:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/28 19:47:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 14:30:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 09:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W9I2XYO2.DEFAULT\EXTENSIONS\{B2C65C52-65E4-4164-A095-B34AC4941549}
[2010/06/20 09:40:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Poppit Stress Buster = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mohjjmefnkbafiajlccpfglfpdfdemmj\1.2_0\

O1 HOSTS File: ([2011/12/04 20:56:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111110083414.dll (McAfee, Inc.)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-515967899-2077806209-839522115-1003..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217097203656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1217097109531 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F03F0B-9D19-42D9-ACE2-5E9369D793CE}: DhcpNameServer = 71.243.0.12 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A72EF7CD-70FE-4E14-9107-0DD99ADBA819}: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - (ckpNotify.dll) - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/18 16:04:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 20:58:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/05 20:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/05 10:54:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/05 03:00:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/04 20:36:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/04 20:02:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/04 20:02:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/04 20:02:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/04 20:02:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/04 20:02:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/04 20:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/04 19:56:03 | 004,327,724 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/12/04 13:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/12/04 13:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2011/12/04 13:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/12/04 13:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/12/04 13:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SIW
[2011/12/04 13:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/12/04 13:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2011/12/04 10:02:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/04 10:00:40 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/11/19 12:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/19 12:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 16:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/11/16 19:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TrendMicro
[2011/11/16 19:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\TMRBLog
[2011/11/16 19:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\log
[2011/11/16 19:26:29 | 008,570,384 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2011/11/16 19:16:29 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/16 18:30:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/11/16 13:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Solid State Networks

 

========== Files - Modified Within 30 Days ==========

[2011/12/05 21:02:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003UA.job
[2011/12/05 20:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/05 20:20:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/05 20:02:21 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/12/05 17:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003Core.job
[2011/12/05 09:54:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/12/05 09:34:34 | 004,327,724 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/12/04 22:20:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/04 20:59:56 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/04 20:59:54 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/04 20:58:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/04 20:58:37 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2011/12/04 20:56:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/04 20:54:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/04 20:54:36 | 2682,310,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 20:36:48 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2011/12/04 13:57:24 | 000,009,387 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SIW_FREEWARE_HOME-1GQ90OUW1V_20111204_135708.html
[2011/12/04 13:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/04 13:50:30 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/12/04 13:50:29 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/12/04 13:49:47 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2011/12/04 13:39:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MBR.dat
[2011/12/04 10:02:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/04 10:00:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/04 09:58:40 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fbyxu7ti.exe
[2011/12/03 07:53:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/19 12:37:12 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/18 16:58:47 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/11/18 16:58:47 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/16 19:26:29 | 008,570,384 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2011/11/16 19:16:26 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/16 18:06:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/12/04 20:36:48 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2011/12/04 20:36:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/04 20:02:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/04 20:02:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/04 20:02:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/04 20:02:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/04 20:02:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/04 13:57:18 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SIW_FREEWARE_HOME-1GQ90OUW1V_20111204_135708.html
[2011/12/04 13:50:37 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/12/04 13:50:29 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/12/04 13:50:29 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/12/04 13:49:47 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2011/12/04 13:39:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MBR.dat
[2011/12/04 09:58:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fbyxu7ti.exe
[2011/11/19 12:37:12 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/18 16:58:47 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/11/18 16:58:47 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 16:57:55 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003UA.job
[2011/11/18 16:57:54 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003Core.job
[2011/11/18 07:54:38 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2011/11/03 14:42:54 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/09/04 10:56:17 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/06/15 06:01:14 | 004,544,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/17 14:21:37 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/04/17 14:21:35 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/04/17 14:21:35 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/04/17 14:20:22 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/02/08 20:19:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 13:57:14 | 000,111,920 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2011/01/26 13:57:14 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2010/11/24 15:26:26 | 000,042,304 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 12:39:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/13 13:44:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/08/13 11:33:35 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2008/12/06 19:14:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/12/05 20:41:59 | 000,001,825 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/05 19:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/01 13:56:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/10/18 15:22:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/10/10 11:43:10 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\EventStore.xml
[2008/10/10 11:43:10 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\UpdateStore.xml
[2008/10/10 11:43:09 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CampaignStore.xml
[2008/10/10 11:32:43 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SoftwarePackageStore.xml
[2008/10/10 11:32:43 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ConfigurationStore.xml
[2008/10/10 11:32:42 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2008/10/05 12:43:31 | 000,301,088 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/05 12:43:31 | 000,022,304 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/09/28 15:12:29 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/16 12:43:14 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/12/02 14:29:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2007/12/01 11:28:14 | 000,001,557 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/11/18 10:28:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/11/10 20:06:34 | 000,005,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/07 10:13:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/10/03 07:09:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2007/10/03 07:09:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2007/09/24 18:37:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 19:50:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/09/20 19:50:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/19 19:20:22 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/09/19 19:20:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2007/09/19 19:20:06 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2007/09/19 19:20:06 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2007/09/19 19:20:06 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/18 16:09:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/09/18 16:02:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/18 11:51:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/18 11:50:07 | 000,214,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/09 20:24:24 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/04 19:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 15:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 15:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 15:41:25 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 15:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 15:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 15:41:21 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 15:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 15:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 15:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 15:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 15:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/11/16 19:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/09/19 20:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2011/09/04 15:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/04 18:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/16 14:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/29 11:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/08/07 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/05 15:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/02/01 14:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\acccore
[2011/08/22 15:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\COMCASTTOOLBAR
[2011/11/07 09:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\iolo
[2007/10/07 10:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\acccore
[2010/10/26 12:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AskToolbar
[2009/11/15 20:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\COMCASTTOOLBAR
[2011/03/12 10:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\FrostWire
[2011/09/05 09:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\iolo
[2010/01/14 18:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ISIS Drivers
[2010/11/22 20:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\kikin
[2008/03/04 11:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Leadertech
[2010/11/15 13:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\LimeWire
[2010/11/21 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\OpenCandy
[2008/10/11 16:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\SoftwareDetectionScripts
[2007/10/08 14:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Viewpoint
[2009/01/17 17:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
[2011/09/04 10:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/01/17 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/10/22 14:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2011/03/15 14:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/08/27 17:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ComcastToolbar
[2010/05/07 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2011/10/23 09:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2009/10/01 15:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ISIS Drivers
[2007/11/10 20:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/06 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com
[2011/12/04 13:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2009/02/14 11:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2008/10/10 17:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftwareDetectionScripts
[2010/04/19 16:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2011/12/04 13:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2011/09/04 16:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/12/05 09:54:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2011/12/04 20:58:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/09/18 16:04:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/03/22 12:33:38 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2011/12/04 20:36:48 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2007/12/02 14:29:07 | 000,000,242 | ---- | M] () -- C:\CDFE.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/05 09:54:31 | 000,020,160 | ---- | M] () -- C:\ComboFix.txt
[2007/09/18 16:04:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/23 12:11:04 | 000,002,825 | ---- | M] () -- C:\DxSysChk_Log.txt
[2010/09/13 12:28:08 | 000,000,270 | ---- | M] () -- C:\file_list.txt
[2011/12/04 20:54:36 | 2682,310,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/21 13:54:33 | 000,348,587 | ---- | M] () -- C:\immudebug.log
[2007/09/18 16:04:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/10/07 10:14:27 | 000,000,947 | -H-- | M] () -- C:\IPH.PH
[2011/02/17 17:18:53 | 000,001,203 | ---- | M] () -- C:\lxcc.log
[2007/12/02 14:28:59 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv
[2007/12/02 14:29:48 | 000,000,867 | ---- | M] () -- C:\LXCCINST.csv
[2011/09/10 10:26:56 | 000,013,155 | ---- | M] () -- C:\lxccscan.log
[2007/12/02 10:04:17 | 000,591,020 | ---- | M] () -- C:\lxccUNST.000
[2007/12/02 12:00:00 | 000,202,236 | ---- | M] () -- C:\lxccUNST.csv
[2010/06/12 08:54:09 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/09/18 16:04:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/04 17:10:28 | 000,001,691 | ---- | M] () -- C:\NTDClient.log
[2007/09/19 16:15:13 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/22 15:55:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/04 20:54:24 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/05/13 08:18:34 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\setupSNK.exe
[2007/12/01 11:32:51 | 000,000,000 | ---- | M] () -- C:\wizard.txt
[2008/08/02 10:51:18 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/09/18 16:04:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/07/24 19:59:04 | 000,072,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxccpp5c.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/09/04 07:18:17 | 000,001,706 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/09/18 11:49:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/09/18 11:49:25 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/09/18 11:49:25 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/22 16:01:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/09/19 16:28:09 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/09/18 16:11:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/04 10:00:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/05 09:34:34 | 004,327,724 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/17 08:31:25 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Owner\Desktop\cwshredder.exe
[2011/12/04 09:58:40 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fbyxu7ti.exe
[2011/12/05 20:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/16 19:26:29 | 008,570,384 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2011/03/27 08:48:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 22:23:26 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
[2011/06/13 20:13:08 | 000,000,786 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/09/19 16:28:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/05 11:55:15 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\desktop.ini
[2011/12/05 20:58:56 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/07/16 15:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 11:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/07/16 15:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 15:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 15:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 10:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >


OTL Extras logfile created on: 12/5/2011 9:01:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.94% Memory free
3.10 Gb Paging File | 2.44 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.36 Gb Free Space | 44.78% Space Free | Partition Type: NTFS

Computer Name: HOME-1GQ90OUW1V | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_DIAGNOSTICS.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_DIAGNOSTICS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_DIAGNOSTICS.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_DIAGNOSTICS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D97612-D7EF-41E7-B0DD-761389A59FAF}" = TurboTax 2008 wriiper
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2B59AB31-EBD0-45E4-A725-7112904DA605}" = Family Tree Maker Version 16
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{395AD660-EAA2-012B-ADE3-000000000000}" = TurboTax 2009 wmaiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C7005A0-EAA2-012B-AEA5-000000000000}" = TurboTax 2009 wriiper
"{3CD82671-261B-45DA-B2BE-D197BD12A97C}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4FBF0E59-7BEC-4F6D-B594-FD617F9AC0AC}" = RPS CRT
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{65AF6E26-80A7-45F2-A7DA-9FBF407398BE}" = TurboTax 2010 wriiper
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68658FCB-01BB-4980-A7C3-6ADB1E4E0C66}" = Browntech Image Plugin 2.02
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{888019C0-54D4-40C2-9274-27B9DAB17017}" = Intel(R) Network Connections 14.0.40.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9D459B94-7E90-46A5-B76B-5A712E7A3529}" = TurboTax 2010 waliper
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA20E409-BDB4-439B-B75B-D5B193546779}" = Linksys Wireless-N PCI Adapter WMP300N
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C383CBAD-61FA-417E-B784-2E9F1E843DF2}" = TurboTax 2010 wmaiper
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDA49267-9767-983E-42E9-1C5FCB57E768}" = Zoosk Messenger
"{E3B5D92A-94E3-4F48-AA38-83317662116B}" = TurboTax 2008 wmaiper
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"CCleaner" = CCleaner
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"ComcastToolbar" = Comcast Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"Lexmark 3300 Series" = Lexmark 3300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuVo Driver" = Creative Mass Storage Drivers
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.22
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/23/2011 5:11:11 AM | Computer Name = HOME-1GQ90OUW1V | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/23/2011 5:11:12 AM | Computer Name = HOME-1GQ90OUW1V | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/23/2011 5:11:12 AM | Computer Name = HOME-1GQ90OUW1V | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/23/2011 5:11:12 AM | Computer Name = HOME-1GQ90OUW1V | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/23/2011 5:11:12 AM | Computer Name = HOME-1GQ90OUW1V | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/30/2011 12:59:24 AM | Computer Name = HOME-1GQ90OUW1V | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/4/2011 9:13:29 PM | Computer Name = HOME-1GQ90OUW1V | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 12/4/2011 9:23:02 PM | Computer Name = HOME-1GQ90OUW1V | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: HOME-1GQ90OUW1V\Owner Checkpoint ID: 1 Error Code: 0x80070005

Error
description: Access is denied.

Error - 12/4/2011 9:23:03 PM | Computer Name = HOME-1GQ90OUW1V | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: HOME-1GQ90OUW1V\Owner Checkpoint ID: 1 Error Code: 0x8000ffff

Error
description: Catastrophic failure

Error - 12/4/2011 10:03:13 PM | Computer Name = HOME-1GQ90OUW1V | Source = Application Error | ID = 1000
Description = Faulting application driverscanner.exe, version 4.0.1.6, faulting
module cwebpage.dll, version 0.0.0.0, fault address 0x00001e3d.

[ System Events ]
Error - 12/4/2011 9:20:43 PM | Computer Name = HOME-1GQ90OUW1V | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 12/4/2011 9:22:50 PM | Computer Name = HOME-1GQ90OUW1V | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 88ea00c0, parameter3
00000000, parameter4 00000000.

Error - 12/4/2011 9:39:58 PM | Computer Name = HOME-1GQ90OUW1V | Source = Service Control Manager | ID = 7034
Description = The Broadcom Wireless LAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/4/2011 9:55:20 PM | Computer Name = HOME-1GQ90OUW1V | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 12/4/2011 9:58:37 PM | Computer Name = HOME-1GQ90OUW1V | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 12/5/2011 10:38:15 AM | Computer Name = HOME-1GQ90OUW1V | Source = Service Control Manager | ID = 7034
Description = The Broadcom Wireless LAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/5/2011 3:51:49 PM | Computer Name = HOME-1GQ90OUW1V | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen -65 seconds ago, assuming-->

Error - 12/5/2011 3:51:49 PM | Computer Name = HOME-1GQ90OUW1V | Source = FW1 | ID = 1
Description = FW1: --> clock change.

Error - 12/5/2011 7:50:53 PM | Computer Name = HOME-1GQ90OUW1V | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen -53 seconds ago, assuming-->

Error - 12/5/2011 7:50:53 PM | Computer Name = HOME-1GQ90OUW1V | Source = FW1 | ID = 1
Description = FW1: --> clock change.


< End of report >

 

Breaking up into two posts:

OTL logfile created on: 12/6/2011 7:50:02 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 80.83% Memory free
3.10 Gb Paging File | 2.52 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.32 Gb Free Space | 44.73% Space Free | Partition Type: NTFS

Computer Name: HOME-1GQ90OUW1V | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 20:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/16 12:43:04 | 002,691,174 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2008/03/16 12:42:58 | 000,036,971 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2008/03/16 12:42:56 | 000,106,602 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
PRC - [2007/08/19 22:22:00 | 005,306,368 | R--- | M] (Linksys) -- C:\Program Files\Linksys\WMP300N\WMP300N.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/07/04 00:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WMP300N\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 02:35:10 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/14 02:34:12 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\be23c163048bbb0f72cfa339ef0eb193\log4net.ni.dll
MOD - [2011/10/14 02:26:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 02:26:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 02:26:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 02:25:46 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 02:25:07 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 02:22:42 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/16 12:43:00 | 000,073,808 | ---- | M] () -- C:\Program Files\CheckPoint\SecuRemote\bin\Bind82.dll
MOD - [2007/07/23 14:18:02 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/03/21 19:19:26 | 000,045,056 | R--- | M] () -- C:\Program Files\Linksys\WMP300N\Security.dll
MOD - [2005/07/12 04:33:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2005/04/01 06:44:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 3300 Series\lxcccnv4.dll
MOD - [2003/10/12 23:30:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Linksys\WMP300N\GTW32N50.dll
MOD - [2002/04/23 08:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys\WMP300N\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP300NSvc)
SRV - File not found [Auto | Stopped] -- -- (ioloSystemService)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/03/17 15:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/16 00:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/03/16 12:42:58 | 000,036,971 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2008/03/16 12:42:56 | 000,106,602 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/07/06 09:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/16 12:43:08 | 000,047,504 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2008/03/16 12:43:06 | 002,235,760 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2008/03/16 12:43:00 | 000,673,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2008/03/16 12:43:00 | 000,121,136 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2007/10/18 05:17:22 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WMP300Nv1.sys -- (WMP300Nv1)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/07/07 13:24:24 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/03/01 19:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005/05/06 13:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 13:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 13:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/09/25 06:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Linksys\WMP300N\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 11:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2002/02/19 13:34:18 | 000,072,576 | R--- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netusbxp.sys -- (USBNET_XP)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF C7 3B 01 C6 08 97 43 84 FF 81 C3 08 FE 7D AD [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A AA 09 BC 6E B3 CC 01 [binary data]
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b2c65c52-65e4-4164-a095-b34ac4941549}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= "


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/06 19:42:14 | 000,000,000 | ---D | M]

[2009/03/02 19:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/02 19:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/22 14:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions
[2010/06/14 18:16:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/14 18:16:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/02 14:51:39 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\searchtoolbar@zugo.com
[2009/09/12 11:47:51 | 000,001,727 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\searchplugins\causes-search.xml
[2011/04/23 15:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/20 09:41:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/28 19:47:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 14:30:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 09:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W9I2XYO2.DEFAULT\EXTENSIONS\{B2C65C52-65E4-4164-A095-B34AC4941549}
[2010/06/20 09:40:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Poppit Stress Buster = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mohjjmefnkbafiajlccpfglfpdfdemmj\1.2_0\

O1 HOSTS File: ([2011/12/04 20:56:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111110083414.dll (McAfee, Inc.)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-515967899-2077806209-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217097203656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1217097109531 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F03F0B-9D19-42D9-ACE2-5E9369D793CE}: DhcpNameServer = 71.243.0.12 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A72EF7CD-70FE-4E14-9107-0DD99ADBA819}: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - (ckpNotify.dll) - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/18 16:04:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 19:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/05 20:58:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/05 10:54:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/04 20:36:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/04 20:02:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/04 20:02:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/04 20:02:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/04 20:02:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/04 20:02:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/04 20:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/04 19:56:03 | 004,327,724 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/12/04 13:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/12/04 13:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/12/04 13:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SIW
[2011/12/04 13:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/12/04 13:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2011/12/04 10:02:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/04 10:00:40 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/11/19 12:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/19 12:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 16:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/11/16 19:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TrendMicro
[2011/11/16 19:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\TMRBLog
[2011/11/16 19:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\log
[2011/11/16 19:26:29 | 008,570,384 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2011/11/16 19:16:29 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/16 18:30:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/11/16 13:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Solid State Networks

 

========== Files - Modified Within 30 Days ==========

[2011/12/06 20:02:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003UA.job
[2011/12/06 19:41:20 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/12/06 19:39:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/06 19:36:44 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2011/12/06 19:34:59 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 19:34:35 | 2682,310,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 19:34:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/06 19:20:31 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 17:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003Core.job
[2011/12/05 20:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/05 09:34:34 | 004,327,724 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/12/04 20:59:56 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/04 20:59:54 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/04 20:56:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/04 20:36:48 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2011/12/04 13:57:24 | 000,009,387 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SIW_FREEWARE_HOME-1GQ90OUW1V_20111204_135708.html
[2011/12/04 13:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/04 13:49:47 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2011/12/04 13:39:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MBR.dat
[2011/12/04 10:02:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/04 10:00:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/04 09:58:40 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fbyxu7ti.exe
[2011/12/03 07:53:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/19 12:37:12 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/18 16:58:47 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/11/18 16:58:47 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/16 19:26:29 | 008,570,384 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2011/11/16 19:16:26 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/16 18:06:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/12/04 20:36:48 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2011/12/04 20:36:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/04 20:02:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/04 20:02:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/04 20:02:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/04 20:02:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/04 20:02:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/04 13:57:18 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SIW_FREEWARE_HOME-1GQ90OUW1V_20111204_135708.html
[2011/12/04 13:49:47 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2011/12/04 13:39:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MBR.dat
[2011/12/04 09:58:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fbyxu7ti.exe
[2011/11/19 12:37:12 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/18 16:58:47 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/11/18 16:58:47 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 16:57:55 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003UA.job
[2011/11/18 16:57:54 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2077806209-839522115-1003Core.job
[2011/11/18 07:54:38 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2011/11/03 14:42:54 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/09/04 10:56:17 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/06/15 06:01:14 | 004,544,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/17 14:21:37 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/04/17 14:21:35 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/04/17 14:21:35 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/04/17 14:20:22 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/02/08 20:19:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 13:57:14 | 000,111,920 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2011/01/26 13:57:14 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2010/11/24 15:26:26 | 000,042,304 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 12:39:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/13 13:44:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/08/13 11:33:35 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2008/12/06 19:14:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/12/05 20:41:59 | 000,001,825 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/05 19:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/01 13:56:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/10/18 15:22:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/10/10 11:43:10 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\EventStore.xml
[2008/10/10 11:43:10 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\UpdateStore.xml
[2008/10/10 11:43:09 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CampaignStore.xml
[2008/10/10 11:32:43 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SoftwarePackageStore.xml
[2008/10/10 11:32:43 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ConfigurationStore.xml
[2008/10/10 11:32:42 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2008/10/05 12:43:31 | 000,301,088 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/05 12:43:31 | 000,022,304 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/09/28 15:12:29 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/16 12:43:14 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/12/02 14:29:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2007/12/01 11:28:14 | 000,001,557 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/11/18 10:28:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/11/10 20:06:34 | 000,005,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/07 10:13:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/10/03 07:09:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2007/10/03 07:09:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2007/09/24 18:37:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 19:50:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/09/20 19:50:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/19 19:20:22 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/09/19 19:20:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2007/09/19 19:20:06 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2007/09/19 19:20:06 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2007/09/19 19:20:06 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/18 16:09:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/09/18 16:02:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/18 11:51:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/18 11:50:07 | 000,214,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/09 20:24:24 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/04 19:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 15:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 15:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 15:41:25 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 15:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 15:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 15:41:21 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 15:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 15:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 15:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 15:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 15:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/11/16 19:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/09/19 20:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2011/12/06 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/04 18:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/16 14:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/29 11:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/08/07 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/05 15:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/02/01 14:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\acccore
[2011/08/22 15:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\COMCASTTOOLBAR
[2011/11/07 09:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\iolo
[2007/10/07 10:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\acccore
[2010/10/26 12:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AskToolbar
[2009/11/15 20:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\COMCASTTOOLBAR
[2011/03/12 10:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\FrostWire
[2011/09/05 09:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\iolo
[2010/01/14 18:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ISIS Drivers
[2010/11/22 20:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\kikin
[2008/03/04 11:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Leadertech
[2010/11/15 13:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\LimeWire
[2010/11/21 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\OpenCandy
[2008/10/11 16:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\SoftwareDetectionScripts
[2007/10/08 14:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Viewpoint
[2009/01/17 17:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
[2011/09/04 10:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/01/17 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/10/22 14:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2011/03/15 14:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/08/27 17:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ComcastToolbar
[2010/05/07 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2011/10/23 09:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2009/10/01 15:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ISIS Drivers
[2007/11/10 20:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/06 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com
[2011/12/04 13:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2009/02/14 11:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2008/10/10 17:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftwareDetectionScripts
[2010/04/19 16:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2011/09/04 16:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/12/06 19:39:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/09/18 16:04:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/03/22 12:33:38 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2011/12/04 20:36:48 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2007/12/02 14:29:07 | 000,000,242 | ---- | M] () -- C:\CDFE.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/05 09:54:31 | 000,020,160 | ---- | M] () -- C:\ComboFix.txt
[2007/09/18 16:04:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/23 12:11:04 | 000,002,825 | ---- | M] () -- C:\DxSysChk_Log.txt
[2010/09/13 12:28:08 | 000,000,270 | ---- | M] () -- C:\file_list.txt
[2011/12/06 19:34:35 | 2682,310,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/21 13:54:33 | 000,348,587 | ---- | M] () -- C:\immudebug.log
[2007/09/18 16:04:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/10/07 10:14:27 | 000,000,947 | -H-- | M] () -- C:\IPH.PH
[2011/02/17 17:18:53 | 000,001,203 | ---- | M] () -- C:\lxcc.log
[2007/12/02 14:28:59 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv
[2007/12/02 14:29:48 | 000,000,867 | ---- | M] () -- C:\LXCCINST.csv
[2011/09/10 10:26:56 | 000,013,155 | ---- | M] () -- C:\lxccscan.log
[2007/12/02 10:04:17 | 000,591,020 | ---- | M] () -- C:\lxccUNST.000
[2007/12/02 12:00:00 | 000,202,236 | ---- | M] () -- C:\lxccUNST.csv
[2010/06/12 08:54:09 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/09/18 16:04:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/04 17:10:28 | 000,001,691 | ---- | M] () -- C:\NTDClient.log
[2007/09/19 16:15:13 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/22 15:55:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/06 19:34:22 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/05/13 08:18:34 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\setupSNK.exe
[2007/12/01 11:32:51 | 000,000,000 | ---- | M] () -- C:\wizard.txt
[2008/08/02 10:51:18 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/09/18 16:04:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/07/24 19:59:04 | 000,072,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxccpp5c.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/09/04 07:18:17 | 000,001,706 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/09/18 11:49:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/09/18 11:49:25 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/09/18 11:49:25 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/22 16:01:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/09/19 16:28:09 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/09/18 16:11:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/04 10:00:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/05 09:34:34 | 004,327,724 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/17 08:31:25 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Owner\Desktop\cwshredder.exe
[2011/12/04 09:58:40 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fbyxu7ti.exe
[2011/12/05 20:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/16 19:26:29 | 008,570,384 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2011/03/27 08:48:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 22:23:26 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
[2011/06/13 20:13:08 | 000,000,786 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/09/19 16:28:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/05 11:55:15 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\desktop.ini
[2011/12/06 19:35:29 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/07/16 15:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 11:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/07/16 15:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 15:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 15:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 10:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

Posting OTL Log


All processes killed
========== OTL ==========
Service ioloSystemService stopped successfully!
Service ioloSystemService deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_USERS\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-515967899-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {E8F628B5-259A-4734-97EE-BA914D7BE941}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E8F628B5-259A-4734-97EE-BA914D7BE941}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E8F628B5-259A-4734-97EE-BA914D7BE941}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8F628B5-259A-4734-97EE-BA914D7BE941}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E8F628B5-259A-4734-97EE-BA914D7BE941}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8F628B5-259A-4734-97EE-BA914D7BE941}\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
C:\Program Files\Uniblue\DriverScanner folder moved successfully.
C:\Program Files\Uniblue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\AskToolbar folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\iolo\SafetyNet\Temp folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\iolo\SafetyNet folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\iolo folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Kelly\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\iolo folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo\SafetyNet\Temp folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo\SafetyNet folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo\Registry\Working folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo\Registry\Last folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo\Registry folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo\Disabled Entries\Current User folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo\Disabled Entries folder moved successfully.
C:\Documents and Settings\Owner\Application Data\iolo folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kelly
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2146 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 31332 bytes
->Temporary Internet Files folder emptied: 9172224 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 395920280 bytes
->Flash cache emptied: 57366 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 387.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kelly
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12072011_185210

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
``````````End of Log````````````

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0y3v0l2u.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\e3l443k6.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9i2xyo2.default\extensions\{b2c65c52-65e4-4164-a095-b34ac4941549}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{54F82414-D69F-48A3-B7E6-37083C35A51A}\RP549\A0115383.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{54F82414-D69F-48A3-B7E6-37083C35A51A}\RP549\A0115384.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{54F82414-D69F-48A3-B7E6-37083C35A51A}\RP549\A0115385.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{54F82414-D69F-48A3-B7E6-37083C35A51A}\RP549\A0115387.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined

 

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kelly
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1866 bytes
->Temporary Internet Files folder emptied: 618560 bytes

User: Owner
->Temp folder emptied: 16377571 bytes
->Temporary Internet Files folder emptied: 17556610 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 44413133 bytes
->Flash cache emptied: 1322 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13261 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kelly
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12102011_185802

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...