Solved Google Redirecting Problems

[Resolved] Google Redirecting Problems

Hello Everyone,

I have lots of problems lately, especially Google redirecting. Every time I click on a link I get transferred to some advertising website. The reports are below. Any and all help is greatly appreciated.

Thank you,

Greg



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5086

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/10/2010 6:41:17 AM
mbam-log-2010-11-10 (06-41-17).txt

Scan type: Quick scan
Objects scanned: 154190
Time elapsed: 1 hour(s), 16 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\a\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-10 10:24:41
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6034GSX rev.AH101A
Running: dpuozhfk.exe; Driver: C:\DOCUME~1\a\LOCALS~1\Temp\pftdypod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF786D0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF786D0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF786D120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF786D176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF786D0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF786D0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF786D0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF786D10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF786D14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF786D136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF786D1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF786D18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF786D160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

? frdris.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00720000
.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00720FD4
.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00720FE5
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00870FEF
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00870076
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0087005B
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0087004A
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00870039
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00870FBC
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008700B6
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00870F64
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008700F6
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008700D1
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00870F38
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00870F97
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00870FDE
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0087009B
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0087001E
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00870FCD
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00870F53
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00860036
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00860062
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00860025
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00860FAF
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00860047
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00860FC0
.text C:\WINDOWS\system32\svchost.exe[212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750FDE
.text C:\WINDOWS\system32\svchost.exe[212] msvcrt.dll!system 77C293C7 5 Bytes JMP 0075005F
.text C:\WINDOWS\system32\svchost.exe[212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00750033
.text C:\WINDOWS\system32\svchost.exe[212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\svchost.exe[212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0075004E
.text C:\WINDOWS\system32\svchost.exe[212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0075000C
.text C:\WINDOWS\system32\svchost.exe[212] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\svchost.exe[212] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[212] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 0074001B
.text C:\WINDOWS\system32\svchost.exe[212] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 00740FC8
.text C:\WINDOWS\system32\svchost.exe[212] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0073000A
.text C:\WINDOWS\Explorer.EXE[576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\Explorer.EXE[576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C80025
.text C:\WINDOWS\Explorer.EXE[576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C8000A
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E80F7A
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E80065
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E80054
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E80FA1
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E80039
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E80F2E
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E80080
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E800A2
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E80F09
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E800BD
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E80FB2
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E80FDE
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E80F5F
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E80FCD
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E80014
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!WinExec 7C86158D 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E80091
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E10FBC
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E10F75
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E10FCD
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E10FDE
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00E10032
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00E10F90
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [01, 89]
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00E10FAB
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E00FA1
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E00FB2
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E00FDE
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E00000
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E00FC3
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 00DF0FD4
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 00DF000C
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 00DF001D
.text C:\WINDOWS\Explorer.EXE[576] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00800F9C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00800091
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00800076
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00800065
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00800039
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00800F70
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00800F81
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00800F3A
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00800F55
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008000EE
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0080004A
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008000A2
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00800FC3
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00800014
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008000C9
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070F9B
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [27, 88]
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060FA3
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060038
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FD2
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[1060] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40F7E
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F40F8F
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40069
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40058
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F4002C
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F4009A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F48
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F400BC
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F400AB
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00F400CD
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00F4003D
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00F40F59
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00F4001B
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00F40F2D
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F3002F
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30076
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30FDE
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00F30FAF
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00F30051
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00F30040
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20042
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FB7
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F2001D
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20FE3
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FC8
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[1072] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E00F68
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E00FAF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E0002C
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E0009D
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E00F4B
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E00F15
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E000AE
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E000C9
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E00051
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E00078
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E00FCA
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E0001B
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E00F3A
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF0036
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF0F9E
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF0014
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00DF0FAF
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00DF0FCA
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [FF, 88]
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00DF0051
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0F81
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0F9C
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FC1
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE000C
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FD2
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00860FB9
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00860FDE
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00950F70
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00950065
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00950054
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00950F97
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00950FB9
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00950F3D
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00950F4E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00950EFD
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00950F0E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009500B1
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00950FA8
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00950FE5
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00950F5F
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00950025
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00950FD4
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00950096
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0089000A

 

.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02730FE3
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0273002E
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02730000
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02710FEF
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 02720025
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 02720000
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 02720FEF
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 02720FDE
.text C:\Program Files\Mozilla Firefox\firefox.exe[1492] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00880000
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00880FE5
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00880011
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008C0071
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008C0F7C
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008C0F8D
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008C0F9E
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008C0040
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008C0F3A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008C0082
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008C0EFD
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008C0F0E
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008C0EEC
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008C0FB9
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008C0FDE
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008C0F57
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008C0025
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008C0014
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008C0F29
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B0FCD
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B0F8D
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0FDE
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 008B004A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 008B002F
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 008B0FA8
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0FAD
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A0038
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A0FD2
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A0027
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[1532] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00890FEF
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00980FDE
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00980FEF
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009C0F94
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009C007D
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009C0FC0
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009C0051
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009C0F41
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009C0F5C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009C0F1F
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009C0F30
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009C00D3
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009C006C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009C0F79
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009C00A4
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0051
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B007D
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0036
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 009B0FDB
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009B0062
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A004E
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A003D
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0011
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A002C
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FD7
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00990000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1948] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EE0000
.text C:\Program Files\Messenger\msmsgs.exe[2704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EE002C
.text C:\Program Files\Messenger\msmsgs.exe[2704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE0011
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F30000
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F30F8A
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F30075
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F30064
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F30047
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F30FB6
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F300B7
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F3009A
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F300ED
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F30F54
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00F30F43
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00F30FA5
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F30011
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00F30F6F
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00F30FDB
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00F3002C
.text C:\Program Files\Messenger\msmsgs.exe[2704] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00F300C8
.text C:\Program Files\Messenger\msmsgs.exe[2704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F10F9C
.text C:\Program Files\Messenger\msmsgs.exe[2704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10FC1
.text C:\Program Files\Messenger\msmsgs.exe[2704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F10FD2
.text C:\Program Files\Messenger\msmsgs.exe[2704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10FEF
.text C:\Program Files\Messenger\msmsgs.exe[2704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10031
.text C:\Program Files\Messenger\msmsgs.exe[2704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F1000C
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20040
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F200A2
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F20FEF
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20025
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00F20087
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00F2000A
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00F2006C
.text C:\Program Files\Messenger\msmsgs.exe[2704] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00F2005B
.text C:\Program Files\Messenger\msmsgs.exe[2704] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00EF0FEF
.text C:\Program Files\Messenger\msmsgs.exe[2704] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 00F0000A
.text C:\Program Files\Messenger\msmsgs.exe[2704] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 00F00FEF
.text C:\Program Files\Messenger\msmsgs.exe[2704] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 00F00025
.text C:\Program Files\Messenger\msmsgs.exe[2704] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 00F00FDE
.text C:\WINDOWS\system32\wuauclt.exe[3404] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02380FEF
.text C:\WINDOWS\system32\wuauclt.exe[3404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02380FCD
.text C:\WINDOWS\system32\wuauclt.exe[3404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02380FDE
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 023C0000
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 023C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 023C00AE
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 023C0091
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 023C0080
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 023C0051
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 023C0F88
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 023C00D0
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 023C0106
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 023C0F6D
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 023C0121
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 023C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 023C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 023C00BF
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 023C0040
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 023C0025
.text C:\WINDOWS\system32\wuauclt.exe[3404] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 023C00EB
.text C:\WINDOWS\system32\wuauclt.exe[3404] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 023A0FAD
.text C:\WINDOWS\system32\wuauclt.exe[3404] msvcrt.dll!system 77C293C7 5 Bytes JMP 023A002E
.text C:\WINDOWS\system32\wuauclt.exe[3404] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 023A0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3404] msvcrt.dll!_open 77C2F566 5 Bytes JMP 023A000C
.text C:\WINDOWS\system32\wuauclt.exe[3404] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 023A001D
.text C:\WINDOWS\system32\wuauclt.exe[3404] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 023A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 023B0FC0
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 023B003D
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 023B001B
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 023B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 023B002C
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 023B000A
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 023B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [5B, 8A]
.text C:\WINDOWS\system32\wuauclt.exe[3404] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 023B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[3404] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02390FEF
.text C:\WINDOWS\system32\wuauclt.exe[3600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\system32\wuauclt.exe[3600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009001B
.text C:\WINDOWS\system32\wuauclt.exe[3600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090000
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001C0F91
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001C0086
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001C0069
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001C0058
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001C0FC0
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001C0F6F
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001C0F80
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001C0F4D
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001C00DC
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001C010B
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001C0047
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001C00AB
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001C002C
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001C0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3600] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001C0F5E
.text C:\WINDOWS\system32\wuauclt.exe[3600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FC1
.text C:\WINDOWS\system32\wuauclt.exe[3600] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0027
.text C:\WINDOWS\system32\wuauclt.exe[3600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0038
.text C:\WINDOWS\system32\wuauclt.exe[3600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A000C
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B002C
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002B0F6F
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 002B0011
.text C:\WINDOWS\system32\wuauclt.exe[3600] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002B0F8A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00987D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[656] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00987CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[704] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[704] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

 

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}?Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3508956A-868A-4503-8C58-1F83305A81C6}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3508956A-868A-4503-8C58-1F83305A81C6}@IpConfig Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@IpConfig Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}@IpConfig Tcpip\Parameters\Interfaces\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@NTEContextList
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@DhcpServer 255.255.255.255
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@Lease 3600
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@LeaseObtainedTime 1168399560
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@T1 1168401360
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@T2 1168402710
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@LeaseTerminatesTime 1168403160
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAutoconfigurationAddress 0.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAutoconfigurationMask 255.255.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAutoconfigurationSeed 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@AddressType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@Tag 3
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@ImagePath system32\DRIVERS\tcpip.sys
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@DisplayName TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@DependOnService IPSec?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@DependOnGroup
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip@Description TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}?Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{3508956A-868A-4503-8C58-1F83305A81C6}@LLInterface
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{3508956A-868A-4503-8C58-1F83305A81C6}@IpConfig Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@LLInterface
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@IpConfig Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}@LLInterface
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}@IpConfig Tcpip\Parameters\Interfaces\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@NameServer
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@Domain
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@NTEContextList
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@DhcpServer 255.255.255.255
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@Lease 3600
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@LeaseObtainedTime 1168399560
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@T1 1168401360
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@T2 1168402710
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@LeaseTerminatesTime 1168403160
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAutoconfigurationAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAutoconfigurationMask 255.255.0.0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@IPAutoconfigurationSeed 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}@AddressType 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@Domain
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@NTEContextList 0x00000003?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpServer 192.168.2.1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@Lease 86400
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@LeaseObtainedTime 1289389452
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@T1 1289432652
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@T2 1289465052
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@LeaseTerminatesTime 1289475852
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@IPAutoconfigurationAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@IPAutoconfigurationMask 255.255.0.0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@IPAutoconfigurationSeed 974906804
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@AddressType 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpIPAddress 192.168.2.100
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpSubnetMask 255.255.255.0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpRetryTime 43198
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpRetryStatus 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpDomain hsd1.ga.comcast.net.
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpNameServer 213.109.66.15 213.109.77.225 1.1.1.1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpDefaultGateway 192.168.2.1?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}@DhcpSubnetMaskOpt 255.255.255.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}@DontAddDefaultGateway 0
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.3gp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.3gpp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.aif
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.aifc
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.aiff
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.au
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.avi
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.bwf
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.cdda
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.flc
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.fli
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m15
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m1a
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m1s
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m1v
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m4a
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m4b
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m4p
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.m75
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mac
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mov
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mp2
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mp4
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mpa
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mpeg
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mpg
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mpg4
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mpm
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.mpv
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.pct
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.pic
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.pict
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.png
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.pnt
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.pntg
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.qcp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.qt
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.qti
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.qtif
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.rgb
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.rts
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.rtsp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.sdp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.sgi
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.snd
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.targa
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.tga
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.tif
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.tiff
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.ulw
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.vfw
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\.wav
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\application/sdp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\application/x-rtsp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\application/x-sdp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/3gpp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/aiff
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/basic
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/mp4
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/mpeg
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/vnd.qcelp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/wav
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/x-aiff
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/x-m4a
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/x-m4b
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/x-m4p
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/x-mpeg
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\audio/x-wav
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/pict
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/png
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/tiff
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/x-macpaint
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/x-pict
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/x-png
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/x-quicktime
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/x-sgi
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/x-targa
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\image/x-tiff
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/3gpp
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/avi
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/flc
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/mp4
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/mpeg
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/msvideo
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/quicktime
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/x-mpeg
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\EnableFullPage\MIME\video/x-msvideo
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\InprocServer32@ C:\Program Files\QuickTime\QTPlugin.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\ProgID@ QuickTime.QuickTime.4
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\ToolboxBitmap32@ C:\Program Files\QuickTime\QTPlugin.ocx, 1
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\TreatAs@ {4063BE15-3B08-470D-A0D5-B37161CFFD69}
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\TypeLib@ {02BF25D2-8C17-4B23-BC80-D3488ABDDC6B}
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\Version@ 4.0
Reg HKLM\SOFTWARE\Classes\CLSID\{536EF57F-CA5D-FB44-F065-ADFC3473B31A}\VersionIndependentProgID@ QuickTime.QuickTime
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\AutoConvertTo@ {00020821-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\DefaultIcon@ C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE,1
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\NotInsertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\Ole1Class@ ExcelChart
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\ProgID@ ExcelChart
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\TreatAs@ {00020821-0000-0000-C000-000000000046}

---- EOF - GMER 1.0.15 ----





MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75F7000 frdris.sys
0xF7508000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74F7000 pci.sys
0xF7607000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7617000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7627000 VolSnap.sys
0xF74A2000 atapi.sys
0xF7458000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF7637000 disk.sys
0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7438000 fltMgr.sys
0xF7426000 sr.sys
0xF783A000 mfehidk.sys
0xF7657000 PxHelp20.sys
0xF740F000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7A34000 Mup.sys
0xF7667000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA577000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xBA563000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7747000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xBA540000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7933000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0xF7677000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF793F000 \SystemRoot\system32\drivers\pfc.sys
0xF7687000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA51D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7767000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA4F8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sy@
0xF7777000 \SystemRoot\system32\drivers\qkbfiltr.sys
0xF777F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF798F000 \SystemRoot\system32\drivers\qmofiltr.sys
0xBA4C8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7993000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF778F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA4B4000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA440000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xBA7F4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7AAD000 \SystemRoot\system32\DRIVERS\LMImirr.sys
0xF7AAF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA42C000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA415000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA404000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E0000 \SystemRoot\system32\drivers\mfeavfk.sys
0xBA36D000 \SystemRoot\system32\drivers\mfefirek.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF799F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA2C4000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF79A3000 \SystemRoot\system32\drivers\BoiHwSetup.sys
0xBA79E000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
0xF75B6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7586000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB1D89000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB1D67000 \SystemRoot\system32\drivers\portcls.sys
0xF7576000 \SystemRoot\system32\drivers\drmk.sys
0xB1C4C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF780F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79AD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A88000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF776F000 \SystemRoot\System32\drivers\vga.sys
0xF79B5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB1BEB000 \SystemRoot\System32\Drivers\meiudf.sys
0xB1BDA000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF7797000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA3D4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1BC7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1B6F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1B5C000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB1B13000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7546000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA7B4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7536000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB1AEB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB1ABF000 \SystemRoot\System32\drivers\afd.sys
0xBA220000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA76E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB1A9D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF77DF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB1A72000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1A03000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA75E000 \SystemRoot\System32\Drivers\Fips.SYS
0xB194B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB1C38000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA335000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A84000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAF6F2000 \SystemRoot\system32\DRIVERS\tdudf.sys
0xB19F3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAF6EE000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xAF45A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAF445000 \SystemRoot\system32\drivers\wdmaud.sys
0xB1993000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79A5000 \??\C:\Program Files\LogMeIn\RaInfo.sys
0xAEEE8000 \SystemRoot\system32\DRIVERS\srv.sys
0xAE47C000 \SystemRoot\System32\Drivers\HTTP.sys
0xAE286000 \SystemRoot\system32\drivers\mfeapfk.sys
0xAE3DC000 \SystemRoot\system32\drivers\mfebopk.sys
0xAE72D000 \SystemRoot\system32\drivers\cfwids.sys
0xADAA8000 \??\C:\DOCUME~1\a\LOCALS~1\Temp\pftdypod.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
932 C:\WINDOWS\system32\smss.exe
988 csrss.exe
1016 C:\WINDOWS\system32\winlogon.exe
1060 C:\WINDOWS\system32\services.exe
1072 C:\WINDOWS\system32\lsass.exe
1216 C:\WINDOWS\system32\ati2evxx.exe
1236 C:\WINDOWS\system32\svchost.exe
1336 svchost.exe
1384 C:\WINDOWS\system32\svchost.exe
1532 svchost.exe
1644 svchost.exe
1920 C:\WINDOWS\system32\spoolsv.exe
1964 C:\WINDOWS\system32\acs.exe
212 svchost.exe
248 C:\WINDOWS\system32\ati2evxx.exe
576 C:\WINDOWS\explorer.exe
656 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
896 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
952 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
96 aoltpspd.exe
1416 C:\WINDOWS\system32\DVDRAMSV.exe
1612 C:\Program Files\Java\jre6\bin\jqs.exe
1948 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
608 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
704 C:\WINDOWS\system32\mfevtps.exe
1116 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
1848 C:\WINDOWS\system32\TODDSrv.exe
276 wdfmgr.exe
1672 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
1824 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2056 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2196 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
2248 C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
2320 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
2376 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
2384 C:\WINDOWS\system32\TPSMain.exe
2448 C:\WINDOWS\RTHDCPL.exe
2612 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
2680 C:\Program Files\ltmoh\ltmoh.exe
2768 C:\WINDOWS\agrsmmsg.exe
3024 C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
3088 C:\Program Files\LogMeIn\LogMeInSystray.exe
3216 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
3288 C:\Program Files\QuickTime\qttask.exe
3384 C:\Program Files\iTunes\iTunesHelper.exe
3500 C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
3740 C:\Program Files\Winamp\winampa.exe
3892 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4036 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
628 C:\Program Files\McAfee.com\Agent\mcagent.exe
720 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2288 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2472 C:\WINDOWS\system32\ctfmon.exe
2704 C:\Program Files\Messenger\msmsgs.exe
2732 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3192 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
2344 C:\Program Files\iPod\bin\iPodService.exe
2576 C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\WidgetAirFranceUS.exe
3840 alg.exe
1460 C:\WINDOWS\system32\RAMASST.exe
3204 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
2848 C:\WINDOWS\system32\TPSBattM.exe
3600 C:\WINDOWS\system32\wuauclt.exe
1492 C:\Program Files\Mozilla Firefox\firefox.exe
3468 C:\Documents and Settings\a\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6034GSX, Rev: AH101A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Done!

 

DDS (Ver_10-11-10.01) - NTFSx86
Run by a at 10:28:35.28 on Wed 11/10/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.859 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\WidgetAirFranceUS.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\a\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://customers.westecnow.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101102162656.dll
BHO: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [airfrance] c:\documents and settings\a\local settings\application data\djingle\widget by air france (us)\bin\autorun.lnk
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPSMain] TPSMain.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [LogMeIn GUI] "c:\program files\logmein\LogMeInSystray.exe "
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe "
mRun: [<NO NAME>]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [VideoraiPodConverter] c:\program files\videoraipodconverter\VideoraConverter.exe -t
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Opware15] "c:\program files\scansoft\omnipage15.0\Opware15.exe "
mRun: [OpScheduler] "c:\program files\scansoft\omnipage15.0\OpScheduler.exe "
mRun: [ScanSoft OmniPage 15.0-reminder] "c:\program files\scansoft\omnipage15.0\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage15.0\ereg\ereg.ini "
mRun: [PDF3 Registry Controller] "c:\program files\scansoft\omnipage15.0\pdfconverter3\\RegistryController.exe "
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WinGuard Pro]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\scansoft\omnipage15.0\pdfconverter3\IEShellExt.dll /100
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: westec.net
Trusted Zone: westecnow.com
DPF: {079CBF9B-A2EF-47DF-B0A6-266FFE46210B} - hxxp://customers.westecnow.com/activex/westec.cab
DPF: {76CA9E30-5094-46F9-BE90-D47AD59C2C2C} - hxxps://bte.radiantenterprise.com/02.103.0130.26/pe/clientdownloads/SuperCab.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\a\applic~1\mozilla\firefox\profiles\xgptojz1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjingleplugin-airfrance.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-15 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-15 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\rainfo.sys [2006-10-6 11120]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-15 271480]
R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-15 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-15 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-15 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-15 141792]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-15 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-15 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-15 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-15 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-15 88544]
S2 gupdate1ca89c1c055ef92;Google Update Service (gupdate1ca89c1c055ef92);c:\program files\google\update\GoogleUpdate.exe [2009-12-30 133104]
S3 CampaignEnterprise9;CampaignEnterprise9;c:\progra~1\campai~1\Campaign9.exe [2006-12-27 1896448]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-15 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-15 84264]

=============== Created Last 30 ================

2010-11-10 03:36:32 -------- d-----w- c:\docume~1\a\applic~1\Malwarebytes
2010-11-10 03:36:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 03:36:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 03:36:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 03:36:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-06 18:52:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-20 16:38:38 -------- d-s---w- c:\documents and settings\a\UserData
2010-10-18 15:19:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-18 15:19:23 -------- d-----w- c:\docume~1\a\applic~1\SUPERAntiSpyware.com
2010-10-18 15:19:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 20:31:32 -------- d-----w- C:\spoolerlogs

==================== Find3M ====================

2010-11-06 18:51:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 02:28:54 141792 ----a-w- c:\windows\system32\mfevtps.exe

============= FINISH: 10:29:43.51 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2006 6:05:38 AM
System Uptime: 11/10/2010 6:43:33 AM (4 hours ago)

Motherboard: TOSHIBA | | Satellite L35
Processor: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz | U23 | 1600/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 21.044 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP918: 8/12/2010 6:43:29 PM - System Checkpoint
RP919: 8/13/2010 7:46:06 PM - System Checkpoint
RP920: 8/15/2010 2:39:13 PM - System Checkpoint
RP921: 8/16/2010 2:57:55 PM - System Checkpoint
RP922: 8/17/2010 3:31:57 PM - System Checkpoint
RP923: 8/18/2010 4:27:45 PM - System Checkpoint
RP924: 8/19/2010 8:55:47 PM - System Checkpoint
RP925: 8/20/2010 8:58:33 PM - System Checkpoint
RP926: 8/22/2010 12:37:15 PM - System Checkpoint
RP927: 8/23/2010 2:07:08 PM - System Checkpoint
RP928: 8/24/2010 3:04:01 PM - System Checkpoint
RP929: 8/25/2010 3:48:35 PM - System Checkpoint
RP930: 8/26/2010 4:03:03 PM - System Checkpoint
RP931: 8/27/2010 5:20:43 PM - System Checkpoint
RP932: 8/28/2010 8:41:39 PM - System Checkpoint
RP933: 8/29/2010 9:04:09 PM - System Checkpoint
RP934: 8/30/2010 9:22:38 PM - System Checkpoint
RP935: 9/10/2010 9:04:11 PM - System Checkpoint
RP936: 9/11/2010 9:45:05 PM - System Checkpoint
RP937: 9/13/2010 4:44:39 PM - System Checkpoint
RP938: 9/14/2010 5:15:52 PM - System Checkpoint
RP939: 9/15/2010 11:36:10 AM - Software Distribution Service 3.0
RP940: 9/15/2010 11:59:55 AM - Installed Java(TM) 6 Update 21
RP941: 9/16/2010 4:28:41 PM - System Checkpoint
RP942: 9/17/2010 4:45:04 PM - System Checkpoint
RP943: 9/20/2010 1:39:26 PM - System Checkpoint
RP944: 9/21/2010 2:27:32 PM - System Checkpoint
RP945: 9/22/2010 5:12:29 PM - System Checkpoint
RP946: 9/23/2010 6:09:17 PM - System Checkpoint
RP947: 9/24/2010 8:51:51 PM - System Checkpoint
RP948: 9/27/2010 3:51:04 PM - System Checkpoint
RP949: 9/28/2010 4:09:48 PM - System Checkpoint
RP950: 10/1/2010 12:40:46 AM - System Checkpoint
RP951: 10/4/2010 8:14:12 PM - System Checkpoint
RP952: 10/5/2010 8:48:56 PM - System Checkpoint
RP953: 10/7/2010 2:00:22 PM - System Checkpoint
RP954: 10/9/2010 2:52:14 PM - System Checkpoint
RP955: 10/11/2010 2:32:31 PM - System Checkpoint
RP956: 10/12/2010 2:40:41 PM - System Checkpoint
RP957: 10/13/2010 11:05:13 PM - System Checkpoint
RP958: 10/15/2010 5:31:23 PM - System Checkpoint
RP959: 10/16/2010 7:02:59 PM - System Checkpoint
RP960: 10/17/2010 10:38:20 PM - System Checkpoint
RP961: 10/18/2010 11:01:17 PM - System Checkpoint
RP962: 10/19/2010 1:19:10 PM - Software Distribution Service 3.0
RP963: 10/20/2010 1:31:41 PM - System Checkpoint
RP964: 10/21/2010 3:45:06 PM - System Checkpoint
RP965: 10/22/2010 4:46:09 PM - System Checkpoint
RP966: 10/23/2010 5:28:14 PM - System Checkpoint
RP967: 10/24/2010 8:59:33 PM - System Checkpoint
RP968: 10/25/2010 9:20:40 PM - System Checkpoint
RP969: 10/26/2010 9:38:26 PM - System Checkpoint
RP970: 10/28/2010 1:45:52 PM - System Checkpoint
RP971: 10/29/2010 1:50:04 PM - System Checkpoint
RP972: 10/30/2010 3:02:11 PM - System Checkpoint
RP973: 10/31/2010 3:38:05 PM - System Checkpoint
RP974: 11/1/2010 4:34:43 PM - System Checkpoint
RP975: 11/2/2010 7:09:53 PM - System Checkpoint
RP976: 11/3/2010 7:19:15 PM - System Checkpoint
RP977: 11/4/2010 7:55:33 PM - System Checkpoint
RP978: 11/5/2010 9:48:38 PM - System Checkpoint
RP979: 11/6/2010 2:48:53 PM - Removed Java(TM) 6 Update 21
RP980: 11/6/2010 2:51:38 PM - Installed Java(TM) 6 Update 22
RP981: 11/7/2010 2:37:06 PM - System Checkpoint
RP982: 11/8/2010 3:35:06 PM - System Checkpoint
RP983: 11/9/2010 4:35:09 PM - System Checkpoint
RP984: 11/10/2010 3:01:40 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat 7.0 Professional - English, Français, Deutsch
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe InDesign 2.0
Adobe Photoshop CS2
Adobe Premiere Elements 2.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Atheros Client Utility
Atheros Wireless LAN MiniPCI/PCIe card Driver
ATI Control Panel
ATI Display Driver
AutoUpdate
Avant Browser (remove only)
AviSynth 2.5
Blasterball 2 Revolution
Campaign Enterprise 9
CD/DVD Drive Acoustic Silencer
CuteFTP 7 Professional
Desktop Dialer
DirectVobSub (remove only)
DivX Codec
DivX Player
DVD-RAM Driver
DVD Shrink 3.2
FATE
File, Print FedEx Kinko's
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
InterVideo WinDVD for TOSHIBA
iTunes
Java Auto Updater
Java(TM) 6 Update 22
LogMeIn
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia FlashPaper 2
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
McAfee Total Protection
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Mozilla Firefox (3.6.12)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 5.0
MyODBC
Nero 7 Ultra Edition
Office 2003 Trial Assistant
Penguins!
Picasa 2
Polar Golfer
Pure Networks Port Magic
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
ScanSoft OmniPage 15.0
ScanSoft PDF Converter 3.0
ScanSoft PDF Create 3.0
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Game Console
Toshiba Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Videora iPod Converter 0.91
Viewpoint Media Player
WebFldrs XP
Westec Remote
Widget by Air France
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver
Yahoo! Music Engine

==== Event Viewer Messages From Past Week ========

11/6/2010 12:40:54 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/6/2010 12:40:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
11/6/2010 12:40:54 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/6/2010 12:40:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/6/2010 11:57:44 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
11/5/2010 9:21:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/5/2010 9:21:33 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/5/2010 9:21:26 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/10/2010 6:52:06 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/10/2010 6:49:27 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/10/2010 6:45:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KR10N
11/10/2010 6:44:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================




I was unable to post everything due to character limitations.
Thank you for your help Broni.

 

ComboFix 10-11-10.01 - a 11/10/2010 22:51:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.921 [GMT -5:00]
Running from: c:\documents and settings\a\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-10 03:36 . 2010-11-10 03:36 -------- d-----w- c:\documents and settings\a\Application Data\Malwarebytes
2010-11-10 03:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 03:36 . 2010-11-10 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 03:36 . 2010-11-10 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-10 03:36 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-06 18:52 . 2010-11-06 18:52 -------- d-----w- c:\program files\Common Files\Java
2010-11-06 18:52 . 2010-11-06 18:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-24 18:11 . 2010-10-24 18:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-10-20 16:38 . 2010-10-20 16:38 -------- d-s---w- c:\documents and settings\a\UserData
2010-10-18 15:19 . 2010-10-18 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-18 15:19 . 2010-10-18 15:19 -------- d-----w- c:\documents and settings\a\Application Data\SUPERAntiSpyware.com
2010-10-18 15:19 . 2010-11-06 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 20:31 . 2010-10-15 20:31 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 18:51 . 2010-09-15 16:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 02:28 . 2010-09-15 16:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 02:28 . 2010-09-15 16:16 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-14 02:28 . 2010-09-15 16:15 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-14 02:28 . 2010-09-15 16:15 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 02:28 . 2010-09-15 16:15 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-14 02:28 . 2010-09-15 16:15 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 02:28 . 2010-09-15 16:15 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-14 02:28 . 2010-09-15 16:15 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 02:28 . 2010-09-15 16:15 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 02:28 . 2010-09-15 16:15 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 02:28 . 2010-09-15 16:15 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 02:28 . 2010-09-15 16:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"airfrance "= "c:\documents and settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\autorun.lnk" [2009-05-30 2253]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe "= "CFSServ.exe -NoClient" [X]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"NDSTray.exe "= "NDSTray.exe" [BU]
"Toshiba Hotkey Utility "= "c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"PadTouch "= "c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TPSMain "= "TPSMain.exe" [2005-06-01 282624]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"RTHDCPL "= "RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel "= "SkyTel.EXE" [2006-05-17 2879488]
"LtMoh "= "c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"AGRSMMSG "= "AGRSMMSG.exe" [2006-03-18 89541]
"LogMeIn GUI "= "c:\program files\LogMeIn\LogMeInSystray.exe" [2006-10-07 303864]
"Acrobat Assistant 7.0 "= "c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"Opware15 "= "c:\program files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-06 69632]
"ScanSoft OmniPage 15.0-reminder "= "c:\program files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" [2005-06-03 729088]
"PDF3 Registry Controller "= "c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 106496]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-31 198160]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2006-12-27 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-27 110592]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2006-10-07 00:56 11504 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\1156187317\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE "=
"c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe "=
"c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.Queue.exe "=
"c:\\Program Files\\Avant Browser\\avant.exe "=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/15/2010 11:15 AM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\rainfo.sys [10/6/2006 7:56 PM 11120]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/15/2010 11:15 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/15/2010 11:15 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [9/15/2010 11:16 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/15/2010 11:16 AM 141792]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/15/2010 11:15 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/15/2010 11:15 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/15/2010 11:15 AM 88544]
S2 gupdate1ca89c1c055ef92;Google Update Service (gupdate1ca89c1c055ef92);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2009 9:34 PM 133104]
S3 CampaignEnterprise9;CampaignEnterprise9;c:\progra~1\CAMPAI~1\Campaign9.exe [12/27/2006 2:16 AM 1896448]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/15/2010 11:15 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/15/2010 11:15 AM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 02:34]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://customers.westecnow.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
Trusted Zone: westec.net
Trusted Zone: westecnow.com
DPF: {079CBF9B-A2EF-47DF-B0A6-266FFE46210B} - hxxp://customers.westecnow.com/activex/westec.cab
DPF: {76CA9E30-5094-46F9-BE90-D47AD59C2C2C} - hxxps://bte.radiantenterprise.com/02.103.0130.26/pe/clientdownloads/SuperCab.cab
FF - ProfilePath - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\xgptojz1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjingleplugin-airfrance.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VideoraiPodConverter - c:\program files\VideoraiPodConverter\VideoraConverter.exe
HKLM-Run-OpScheduler - c:\program files\ScanSoft\OmniPage15.0\OpScheduler.exe
HKLM-Run-WinGuard Pro - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 23:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath "= "system32\DRIVERS\i8042prt.sy@ "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ "•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD "= "02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface "= "WANARP "
"IpConfig "=multi: "Tcpip\\Parameters\\Interfaces\\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}\00Tcpip\\Parameters\\Interfaces\\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}\00\00 "
"NumInterfaces "=dword:00000002
"IpInterfaces "=hex:af,25,f3,0a,8a,ed,0f,42,be,c3,71,81,e3,cb,17,04,c2,00,d5,f9,
ee,33,e3,47,90,d2,ec,f8,1b,90,f7,07

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{3508956A-868A-4503-8C58-1F83305A81C6}]
@DACL=(02 0000)
"LLInterface "=" "
"IpConfig "=multi: "Tcpip\\Parameters\\Interfaces\\{3508956A-868A-4503-8C58-1F83305A81C6}\00\00 "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}]
@DACL=(02 0000)
"LLInterface "=" "
"IpConfig "=multi: "Tcpip\\Parameters\\Interfaces\\{8944A4DF-AEB6-46D8-98DF-030B648C8C0A}\00\00 "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}]
@DACL=(02 0000)
"LLInterface "=" "
"IpConfig "=multi: "Tcpip\\Parameters\\Interfaces\\{F4BA1541-6BFB-4460-8DA9-D5FED2770C10}\00\00 "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{080C3C00-9AF2-416D-B37D-A8D4C9128037}]
@DACL=(02 0000)
"UseZeroBroadcast "=dword:00000000
"EnableDHCP "=dword:00000000
"IPAddress "=multi: "0.0.0.0\00\00 "
"SubnetMask "=multi: "0.0.0.0\00\00 "
"DefaultGateway "=multi: "\00 "
"EnableDeadGWDetect "=dword:00000001
"DontAddDefaultGateway "=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0AF325AF-ED8A-420F-BEC3-7181E3CB1704}]
@DACL=(02 0000)
"UseZeroBroadcast "=dword:00000000
"EnableDHCP "=dword:00000000
"IPAddress "=multi: "0.0.0.0\00\00 "
"SubnetMask "=multi: "0.0.0.0\00\00 "
"DefaultGateway "=multi: "\00 "
"EnableDeadGWDetect "=dword:00000001
"DontAddDefaultGateway "=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2BF3DC99-3F61-489A-AFB3-11579EBB6FEA}]
@DACL=(02 0000)
"UseZeroBroadcast "=dword:00000000
"EnableDHCP "=dword:00000000
"IPAddress "=multi: "0.0.0.0\00\00 "
"SubnetMask "=multi: "0.0.0.0\00\00 "
"DefaultGateway "=multi: "\00 "
"EnableDeadGWDetect "=dword:00000001
"DontAddDefaultGateway "=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3508956A-868A-4503-8C58-1F83305A81C6}]
@DACL=(02 0000)
"UseZeroBroadcast "=dword:00000000
"EnableDeadGWDetect "=dword:00000001
"EnableDHCP "=dword:00000001
"IPAddress "=multi: "0.0.0.0\00\00 "
"SubnetMask "=multi: "0.0.0.0\00\00 "
"DefaultGateway "=multi: "\00 "
"DefaultGatewayMetric "=multi: "\00 "
"NameServer "=" "
"Domain "=" "
"RegistrationEnabled "=dword:00000001
"RegisterAdapterName "=dword:00000000
"TCPAllowedPorts "=multi: "0\00\00 "
"UDPAllowedPorts "=multi: "0\00\00 "
"RawIPAllowedProtocols "=multi: "0\00\00 "
"NTEContextList "=multi: "\00 "
"DhcpClassIdBin "=hex:
"DhcpServer "= "255.255.255.255 "
"Lease "=dword:00000e10
"LeaseObtainedTime "=dword:45a45cc8
"T1 "=dword:45a463d0
"T2 "=dword:45a46916
"LeaseTerminatesTime "=dword:45a46ad8
"IPAutoconfigurationAddress "= "0.0.0.0 "
"IPAutoconfigurationMask "= "255.255.0.0 "
"IPAutoconfigurationSeed "=dword:00000000
"AddressType "=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{53C85DB1-0CBD-4E89-918A-38016EB0877F}]
@DACL=(02 0000)
"UseZeroBroadcast "=dword:00000000
"EnableDHCP "=dword:00000000
"IPAddress "=multi: "0.0.0.0\00\00 "
"SubnetMask "=multi: "0.0.0.0\00\00 "
"DefaultGateway "=multi: "\00 "
"EnableDeadGWDetect "=dword:00000001
"DontAddDefaultGateway "=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F9D500C2-33EE-47E3-90D2-ECF81B90F707}]
@DACL=(02 0000)
"UseZeroBroadcast "=dword:00000000
"EnableDHCP "=dword:00000000
"IPAddress "=multi: "0.0.0.0\00\00 "
"SubnetMask "=multi: "0.0.0.0\00\00 "
"DefaultGateway "=multi: "\00 "
"EnableDeadGWDetect "=dword:00000001
"DontAddDefaultGateway "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1868)
c:\program files\ScanSoft\OmniPage15.0\OpHook15.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSMain.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\documents and settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\WidgetAirFranceUS.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-11-10 23:41:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-11 04:41

Pre-Run: 22,522,290,176 bytes free
Post-Run: 22,710,079,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8CE0541C4D4732C295461A364D2E3451

Thanks, Broni

 

OTL logfile created on: 11/11/2010 7:03:53 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\a\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.19 Gb Free Space | 37.93% Space Free | Partition Type: NTFS

Computer Name: MSIMIC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/06/30 23:07:46 | 001,155,256 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/12/30 21:37:23 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/29 18:21:00 | 007,927,044 | ---- | M] () -- C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\WidgetAirFranceUS.exe
PRC - [2007/07/27 18:40:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/21 12:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/10/06 19:55:48 | 000,303,864 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\LogMeInSystray.exe
PRC - [2006/08/01 12:57:06 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
PRC - [2006/06/20 22:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/20 22:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 14:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/03/16 15:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/12/16 04:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/06 00:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/09/26 14:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/06 00:58:36 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
PRC - [2005/05/31 23:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/09 05:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
MOD - [2009/12/30 21:38:21 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/07/06 00:58:14 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2007/04/17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/12/27 01:19:09 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/10/06 19:55:54 | 000,062,200 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\RaMaint.exe -- (LMIMaint)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/09/26 14:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/09/14 11:53:32 | 001,896,448 | ---- | M] (Arial Software, LLC) [On_Demand | Stopped] -- C:\Program Files\CampaignEnterprise9\Campaign9.exe -- (CampaignEnterprise9)
SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/10/06 19:56:02 | 000,011,120 | ---- | M] (3am Labs Ltd.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\rainfo.sys -- (LMIInfo)
DRV - [2006/09/06 18:04:12 | 004,377,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/28 13:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/07 18:18:46 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/04/01 20:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/18 09:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 20:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/27 07:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/19 20:41:52 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/01/12 18:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/12 01:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/10 23:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 16:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/01/11 12:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/07 19:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 16:00:00 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sy@ -- (i8042prt)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://customers.westecnow.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en "
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 15:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 16:37:58 | 000,000,000 | ---D | M]

[2008/06/17 16:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Extensions
[2009/09/03 11:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\xgptojz1.default\extensions
[2009/09/03 10:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\xgptojz1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/11/10 23:52:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 13:52:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/06 13:51:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/29 18:21:00 | 000,107,008 | ---- | M] (DJINGLE) -- C:\Program Files\Mozilla Firefox\plugins\npdjingleplugin-airfrance.dll

O1 HOSTS File: ([2010/11/10 23:14:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101102162656.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft OmniPage 15.0-reminder] C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [airfrance] C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\autorun.lnk ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: westec.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: westecnow.com ([]http in Trusted sites)
O16 - DPF: {079CBF9B-A2EF-47DF-B0A6-266FFE46210B} http://customers.westecnow.com/activex/westec.cab (WWVLive Control)
O16 - DPF: {76CA9E30-5094-46F9-BE90-D47AD59C2C2C} https://bte.radiantenterprise.com/02.103.0130.26/pe/clientdownloads/SuperCab.cab (CClientInfo Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.15 213.109.77.225 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/27 02:44:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620578542714880)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 06:47:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/10 22:47:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/10 22:43:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/10 22:43:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/10 22:43:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/10 22:43:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/10 22:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/10 22:42:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/09 22:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Application Data\Malwarebytes
[2010/11/09 22:36:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/09 22:36:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/09 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 22:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/09 22:34:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/09 22:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Desktop\old
[2010/11/06 13:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/24 13:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/10/20 11:38:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\a\UserData
[2010/10/18 10:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/18 10:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Application Data\SUPERAntiSpyware.com
[2010/10/18 10:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/15 15:31:32 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 07:11:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/10 23:25:19 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/11/10 23:18:50 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/10 23:14:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/10 23:13:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/10 23:12:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 23:12:17 | 1474,473,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 22:48:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/10 22:39:37 | 003,907,429 | R--- | M] () -- C:\Documents and Settings\a\Desktop\ComboFix.exe
[2010/11/10 21:15:16 | 000,000,484 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/11/10 10:26:39 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/10 10:25:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/10 06:48:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/10 06:46:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 22:36:24 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 22:35:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/08 15:17:10 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 19:37:35 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 19:37:35 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 19:39:40 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\a\Desktop\Microsoft Office Word 2003.lnk
[2010/10/19 12:29:52 | 000,000,195 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/18 10:19:14 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 22:18:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/13 21:28:54 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/10 23:18:49 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/10 22:48:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/10 22:48:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/10 22:43:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/10 22:43:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/10 22:43:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/10 22:43:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/10 22:43:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/10 22:39:27 | 003,907,429 | R--- | C] () -- C:\Documents and Settings\a\Desktop\ComboFix.exe
[2010/11/10 10:26:34 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/10 10:25:00 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/10 06:48:00 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/09 22:36:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 12:29:52 | 000,000,195 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/18 10:19:14 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/01 17:56:24 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 22:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/01/21 20:57:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/29 17:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 16:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/07 15:26:40 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\a\Application Data\$_hpcst$.hpc
[2007/08/07 15:25:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/07 15:24:29 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\fusioncache.dat
[2007/06/15 08:50:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2006/12/27 03:44:13 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/27 02:34:02 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/09/09 14:29:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/09 14:29:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/09 14:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/09 14:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/09 14:29:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/09 14:29:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/09 14:28:14 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/09 14:28:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/09 14:28:14 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/09 14:28:14 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/09 14:25:07 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/21 18:44:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/21 13:54:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/08/21 13:53:47 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/08/21 13:53:47 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/08/21 12:30:37 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 12:22:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/21 12:06:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/21 05:18:50 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 12:56:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 13:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/08/24 17:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/02/03 19:59:44 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/09/09 15:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\InterVideo
[2009/04/01 17:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\ScanSoft
[2006/08/21 13:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\toshiba
[2006/12/27 02:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/12/27 03:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/08/21 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/25 06:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/08/21 14:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/12/27 03:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/12/27 01:32:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2007/01/09 22:24:10 | 000,024,174 | ---- | M] () -- C:\ASLog.txt
[2006/12/27 02:44:14 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/11/25 06:05:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/10 22:48:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/10 23:41:22 | 000,023,702 | ---- | M] () -- C:\ComboFix.txt
[2006/08/21 12:25:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/10 23:12:17 | 1474,473,984 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/21 12:25:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/21 14:10:02 | 000,001,186 | -H-- | M] () -- C:\IPH.PH
[2006/08/21 12:25:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 03:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/03 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 16:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/11/10 23:11:45 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2009/08/08 21:44:06 | 000,000,640 | ---- | M] () -- C:\wgpro7.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/21 12:25:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/06 19:56:14 | 000,025,840 | ---- | M] (3am Labs Ltd.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/12/08 18:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/21 05:17:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/21 05:17:25 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/21 05:17:25 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2006/08/21 12:25:52 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/08/07 15:23:22 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\a\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/05 22:19:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\a\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/10 22:39:37 | 003,907,429 | R--- | M] () -- C:\Documents and Settings\a\Desktop\ComboFix.exe
[2010/11/10 06:48:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/09 22:35:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/10 10:25:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/07/08 14:11:00 | 000,216,045 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\a\Desktop\rds.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/04/23 17:35:03 | 038,692,440 | ---- | M] () -- C:\Documents and Settings\a\My Documents\DWRemote5.0.7.1Setup.exe
[2009/08/13 15:02:04 | 000,608,344 | ---- | M] () -- C:\Documents and Settings\a\My Documents\MCPR.exe
[2009/04/23 18:29:05 | 043,724,069 | ---- | M] () -- C:\Documents and Settings\a\My Documents\WestecRemote5.0.8.2.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/03 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2006/08/21 05:19:33 | 000,004,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/07 15:23:21 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\a\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/11 07:32:53 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\a\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 03:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/08/01 16:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[2005/10/03 14:51:04 | 004,673,840 | ---- | M] () -- C:\WINDOWS\Installer\welcomeTour.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/03 16:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 03:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 11:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

OTL Extras logfile created on: 11/11/2010 7:03:53 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\a\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.19 Gb Free Space | 37.93% Space Free | Partition Type: NTFS

Computer Name: MSIMIC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1156187317\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1156187317\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*isabled:Nero Home -- (Nero AG)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Kinko's\FPFK\FPKMain.exe" = C:\Program Files\Kinko's\FPFK\FPKMain.exe:*:Enabled:File, Print FedEx Kinko's -- (FedEx Kinko's)
"C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe" = C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe:*:Enabled:File, Print FedEx Kinko's System Tray -- ( )
"C:\Program Files\Avant Browser\avant.exe" = C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser -- ()
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}" = ScanSoft OmniPage 15.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MyODBC
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{30161931-E14F-42B5-BFC0-1AB5ADE4459B}" = muvee autoProducer 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{602A205F-8D02-48EE-8782-262B2103B984}" = ScanSoft PDF Converter 3.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6B2715ED-7DBF-4BF1-9009-FE4D66421033}" = Nero 7 Ultra Edition
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}" = ScanSoft PDF Create 3.0
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05EB3-1A5E-45EF-B2AB-E3ABD2B86130}" = Toshiba Hotkey Utility
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBA09A1B-8D0A-4D65-BF5F-96186DAA6628}" = File, Print FedEx Kinko's
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}" = Macromedia FlashPaper 2
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"AvantBrowser" = Avant Browser (remove only)
"AviSynth" = AviSynth 2.5
"Campaign Enterprise 9" = Campaign Enterprise 9
"Desktop Dialer" = Desktop Dialer
"DirectVobSub" = DirectVobSub (remove only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee Total Protection
"MSNINST" = MSN
"Picasa2" = Picasa 2
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"PremElem20" = Adobe Premiere Elements 2.0
"RealPlayer 12.0" = RealPlayer
"Remote_Witness_5.0.5.0" = Westec Remote
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Videora iPod Converter" = Videora iPod Converter 0.91
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WT004723" = Blasterball 2 Revolution
"WT004829" = Polar Golfer
"WT006066" = FATE
"WT009503" = Penguins!
"WT009954" = SCRABBLE
"Yahoo! Music Engine" = Yahoo! Music Engine

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"airfrance" = Widget by Air France

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2010 2:09:20 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:09:20 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:09:20 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:09:20 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:09:20 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:09:20 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:09:20 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:09:27 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/18/2010 2:48:30 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/18/2010 2:48:30 PM | Computer Name = MSIMIC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 11/10/2010 8:29:16 PM | Computer Name = MSIMIC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 11/10/2010 8:31:48 PM | Computer Name = MSIMIC | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/10/2010 8:32:21 PM | Computer Name = MSIMIC | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/10/2010 11:51:07 PM | Computer Name = MSIMIC | Source = Service Control Manager | ID = 7034
Description = The Atheros Configuration Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/10/2010 11:51:07 PM | Computer Name = MSIMIC | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 11/11/2010 12:18:12 AM | Computer Name = MSIMIC | Source = Service Control Manager | ID = 7022
Description = The McShield service hung on starting.

Error - 11/11/2010 12:22:26 AM | Computer Name = MSIMIC | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 11/11/2010 12:28:16 AM | Computer Name = MSIMIC | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/11/2010 12:29:00 AM | Computer Name = MSIMIC | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/11/2010 12:30:02 AM | Computer Name = MSIMIC | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >




I am sorry for the double post for the OTL Log. The redirection, pop ups, slow browser and computer is killing me. Also I do not always see the menu when I right click my mouse or tabs. Firefox, Google Chrome, and Internet Explorer are still redirecting.

Thank you, Broni

 

Good news, I did what you said and no more redirecting on all browser. But I am having some issues now with the slow laptop. Droopy mouse that does not react like it is supposed too. When I right click on a link or tab and try to open it in new window it does not work. Any suggestion.

Thank you Broni

 

OTL logfile created on: 11/12/2010 11:09:20 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\a\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.16 Gb Free Space | 37.87% Space Free | Partition Type: NTFS

Computer Name: MSIMIC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
PRC - [2010/10/29 16:37:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 16:37:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/12/30 21:37:23 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/29 18:21:00 | 007,927,044 | ---- | M] () -- C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\WidgetAirFranceUS.exe
PRC - [2007/07/27 18:40:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/21 12:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/10/06 19:55:48 | 000,303,864 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\LogMeInSystray.exe
PRC - [2006/08/01 12:57:06 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
PRC - [2006/06/20 22:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/20 22:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 14:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/03/16 15:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/12/16 04:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/06 00:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/09/26 14:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/06 00:58:36 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
PRC - [2005/05/31 23:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/09 05:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
MOD - [2009/12/30 21:38:21 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/07/06 00:58:14 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2007/04/17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/12/27 01:19:09 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/10/06 19:55:54 | 000,062,200 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\RaMaint.exe -- (LMIMaint)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/09/26 14:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/09/14 11:53:32 | 001,896,448 | ---- | M] (Arial Software, LLC) [On_Demand | Stopped] -- C:\Program Files\CampaignEnterprise9\Campaign9.exe -- (CampaignEnterprise9)
SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/10/06 19:56:02 | 000,011,120 | ---- | M] (3am Labs Ltd.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\rainfo.sys -- (LMIInfo)
DRV - [2006/09/06 18:04:12 | 004,377,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/28 13:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/07 18:18:46 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/04/01 20:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/18 09:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 20:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/27 07:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/19 20:41:52 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/01/12 18:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/12 01:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/10 23:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 16:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/01/11 12:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/07 19:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 16:00:00 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sy@ -- (i8042prt)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://customers.westecnow.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en "
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 15:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 16:37:58 | 000,000,000 | ---D | M]

[2008/06/17 16:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Extensions
[2009/09/03 11:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\xgptojz1.default\extensions
[2009/09/03 10:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\xgptojz1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/11/12 09:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 13:52:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/06 13:51:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/29 18:21:00 | 000,107,008 | ---- | M] (DJINGLE) -- C:\Program Files\Mozilla Firefox\plugins\npdjingleplugin-airfrance.dll

O1 HOSTS File: ([2010/11/10 23:14:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101102162656.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft OmniPage 15.0-reminder] C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [airfrance] C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\autorun.lnk ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: westec.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: westecnow.com ([]http in Trusted sites)
O16 - DPF: {079CBF9B-A2EF-47DF-B0A6-266FFE46210B} http://customers.westecnow.com/activex/westec.cab (WWVLive Control)
O16 - DPF: {76CA9E30-5094-46F9-BE90-D47AD59C2C2C} https://bte.radiantenterprise.com/02.103.0130.26/pe/clientdownloads/SuperCab.cab (CClientInfo Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/27 02:44:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620578542714880)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 06:47:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/10 22:47:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/10 22:43:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/10 22:43:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/10 22:43:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/10 22:43:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/10 22:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/10 22:42:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/09 22:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Application Data\Malwarebytes
[2010/11/09 22:36:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/09 22:36:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/09 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 22:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/09 22:34:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/09 22:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Desktop\old
[2010/11/06 13:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/24 13:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/10/20 11:38:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\a\UserData
[2010/10/18 10:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/18 10:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Application Data\SUPERAntiSpyware.com
[2010/10/18 10:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/15 15:31:32 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/12 11:11:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 01:49:58 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/11/12 01:48:55 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/12 01:44:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 01:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 01:42:36 | 1474,473,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 20:38:26 | 000,000,484 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/10 23:14:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/10 22:48:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/10 10:26:39 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/10 10:25:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/10 06:48:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/10 06:46:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 22:36:24 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 22:35:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/08 15:17:10 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 19:37:35 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 19:37:35 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 19:39:40 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\a\Desktop\Microsoft Office Word 2003.lnk
[2010/10/19 12:29:52 | 000,000,195 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/18 10:19:14 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 22:18:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/13 21:28:54 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/12 01:48:16 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/10 22:48:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/10 22:48:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/10 22:43:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/10 22:43:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/10 22:43:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/10 22:43:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/10 22:43:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/10 10:26:34 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/10 10:25:00 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/10 06:48:00 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/09 22:36:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 12:29:52 | 000,000,195 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/18 10:19:14 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/01 17:56:24 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 22:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/01/21 20:57:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/29 17:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 16:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/07 15:26:40 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\a\Application Data\$_hpcst$.hpc
[2007/08/07 15:25:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/07 15:24:29 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\fusioncache.dat
[2007/06/15 08:50:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2006/12/27 03:44:13 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/27 02:34:02 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/09/09 14:29:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/09 14:29:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/09 14:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/09 14:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/09 14:29:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/09 14:29:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/09 14:28:14 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/09 14:28:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/09 14:28:14 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/09 14:28:14 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/09 14:25:07 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/21 18:44:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/21 13:54:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/08/21 13:53:47 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/08/21 13:53:47 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/08/21 12:30:37 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 12:22:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/21 12:06:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/21 05:18:50 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 12:56:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 13:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/08/24 17:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/02/03 19:59:44 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/09/09 15:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\InterVideo
[2009/04/01 17:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\ScanSoft
[2006/08/21 13:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\toshiba
[2006/12/27 02:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/12/27 03:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/08/21 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/25 06:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/08/21 14:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/12/27 03:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/12/27 01:32:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2007/01/09 22:24:10 | 000,024,174 | ---- | M] () -- C:\ASLog.txt
[2006/12/27 02:44:14 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/11/25 06:05:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/10 22:48:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/10 23:41:22 | 000,023,702 | ---- | M] () -- C:\ComboFix.txt
[2006/08/21 12:25:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/12 01:42:36 | 1474,473,984 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/21 12:25:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/21 14:10:02 | 000,001,186 | -H-- | M] () -- C:\IPH.PH
[2006/08/21 12:25:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 03:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/03 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 16:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/11/12 01:42:04 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2009/08/08 21:44:06 | 000,000,640 | ---- | M] () -- C:\wgpro7.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/21 12:25:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/06 19:56:14 | 000,025,840 | ---- | M] (3am Labs Ltd.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/12/08 18:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/21 05:17:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/21 05:17:25 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/21 05:17:25 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2006/08/21 12:25:52 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/08/07 15:23:22 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\a\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/05 22:19:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\a\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/10 06:48:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/09 22:35:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/10 10:25:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/07/08 14:11:00 | 000,216,045 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\a\Desktop\rds.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/04/23 17:35:03 | 038,692,440 | ---- | M] () -- C:\Documents and Settings\a\My Documents\DWRemote5.0.7.1Setup.exe
[2009/08/13 15:02:04 | 000,608,344 | ---- | M] () -- C:\Documents and Settings\a\My Documents\MCPR.exe
[2009/04/23 18:29:05 | 043,724,069 | ---- | M] () -- C:\Documents and Settings\a\My Documents\WestecRemote5.0.8.2.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/03 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2006/08/21 05:19:33 | 000,004,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/07 15:23:21 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\a\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/12 10:55:20 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\a\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 03:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/08/01 16:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[2005/10/03 14:51:04 | 004,673,840 | ---- | M] () -- C:\WINDOWS\Installer\welcomeTour.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/03 16:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 03:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 11:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: a
->Temp folder emptied: 661371 bytes
->Temporary Internet Files folder emptied: 6002250 bytes
->Java cache emptied: 78658106 bytes
->FireFox cache emptied: 95610212 bytes
->Google Chrome cache emptied: 72597391 bytes
->Flash cache emptied: 58027 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 14320 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 242.00 mb





OTL logfile created on: 11/13/2010 12:23:59 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\a\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.22 Gb Free Space | 37.97% Space Free | Partition Type: NTFS

Computer Name: MSIMIC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/12/30 21:37:23 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/29 18:21:00 | 007,927,044 | ---- | M] () -- C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\WidgetAirFranceUS.exe
PRC - [2007/07/27 18:40:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/21 12:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/10/06 19:55:48 | 000,303,864 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\LogMeInSystray.exe
PRC - [2006/08/01 12:57:06 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
PRC - [2006/06/20 22:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/20 22:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/12/16 04:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/06 00:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/09/26 14:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/06 00:58:36 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
PRC - [2005/05/31 23:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/14 02:12:46 | 000,196,608 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrodist.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/09 05:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
MOD - [2009/12/30 21:38:21 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/07/06 00:58:14 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2007/04/17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/12/27 01:19:09 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/10/06 19:55:54 | 000,062,200 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\RaMaint.exe -- (LMIMaint)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/09/26 14:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/09/14 11:53:32 | 001,896,448 | ---- | M] (Arial Software, LLC) [On_Demand | Stopped] -- C:\Program Files\CampaignEnterprise9\Campaign9.exe -- (CampaignEnterprise9)
SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/10/06 19:56:02 | 000,011,120 | ---- | M] (3am Labs Ltd.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\rainfo.sys -- (LMIInfo)
DRV - [2006/09/06 18:04:12 | 004,377,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/28 13:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/07 18:18:46 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/04/01 20:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/18 09:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 20:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/27 07:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/19 20:41:52 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/01/12 18:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/12 01:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/10 23:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 16:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/01/11 12:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/07 19:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 16:00:00 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sy@ -- (i8042prt)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://customers.westecnow.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en "
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 15:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 16:37:58 | 000,000,000 | ---D | M]

[2008/06/17 16:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Extensions
[2009/09/03 11:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\xgptojz1.default\extensions
[2009/09/03 10:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\xgptojz1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/11/12 09:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 13:52:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/06 13:51:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/29 18:21:00 | 000,107,008 | ---- | M] (DJINGLE) -- C:\Program Files\Mozilla Firefox\plugins\npdjingleplugin-airfrance.dll

O1 HOSTS File: ([2010/11/10 23:14:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101102162656.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft OmniPage 15.0-reminder] C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [airfrance] C:\Documents and Settings\a\Local Settings\Application Data\Djingle\Widget by Air France (US)\bin\autorun.lnk ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: westec.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: westecnow.com ([]http in Trusted sites)
O16 - DPF: {079CBF9B-A2EF-47DF-B0A6-266FFE46210B} http://customers.westecnow.com/activex/westec.cab (WWVLive Control)
O16 - DPF: {76CA9E30-5094-46F9-BE90-D47AD59C2C2C} https://bte.radiantenterprise.com/02.103.0130.26/pe/clientdownloads/SuperCab.cab (CClientInfo Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/27 02:44:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 00:06:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/13 00:04:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 06:47:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/10 22:47:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/10 22:43:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/10 22:43:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/10 22:43:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/10 22:43:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/10 22:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/10 22:42:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/09 22:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Application Data\Malwarebytes
[2010/11/09 22:36:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/09 22:36:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/09 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 22:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/09 22:34:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/09 22:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Desktop\old
[2010/11/06 13:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/24 13:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/10/20 11:38:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\a\UserData
[2010/10/18 10:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/18 10:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\a\Application Data\SUPERAntiSpyware.com
[2010/10/18 10:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/15 15:31:32 | 000,000,000 | ---D | C] -- C:\spoolerlogs

========== Files - Modified Within 30 Days ==========

[2010/11/13 01:11:54 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 00:22:09 | 000,003,178 | ---- | M] () -- C:\Documents and Settings\a\Desktop\after run otl.rtf
[2010/11/13 00:21:23 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/11/13 00:14:59 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/13 00:11:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 00:10:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 00:09:56 | 1474,473,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 23:13:11 | 000,000,484 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/11/11 06:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/10 23:14:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/10 22:48:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/10 10:26:39 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/10 10:25:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/10 06:48:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/10 06:46:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 22:36:24 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 22:35:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\a\Desktop\mapp.exe.exe
[2010/11/08 15:17:10 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 19:37:35 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 19:37:35 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 19:39:40 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\a\Desktop\Microsoft Office Word 2003.lnk
[2010/10/19 12:29:52 | 000,000,195 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/18 10:19:14 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2010/11/13 00:22:03 | 000,003,178 | ---- | C] () -- C:\Documents and Settings\a\Desktop\after run otl.rtf
[2010/11/13 00:14:53 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/10 22:48:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/10 22:48:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/10 22:43:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/10 22:43:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/10 22:43:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/10 22:43:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/10 22:43:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/10 10:26:34 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/10 10:25:00 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/10 06:48:00 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\a\Desktop\dpuozhfk.exe
[2010/11/09 22:36:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 12:29:52 | 000,000,195 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/18 10:19:14 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/01 17:56:24 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 22:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/01/21 20:57:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/29 17:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 16:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/07 15:26:40 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\a\Application Data\$_hpcst$.hpc
[2007/08/07 15:25:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/07 15:24:29 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\fusioncache.dat
[2007/06/15 08:50:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2006/12/27 03:44:13 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/27 02:34:02 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/09/09 14:29:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/09 14:29:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/09 14:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/09 14:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/09 14:29:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/09 14:29:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/09 14:28:14 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/09 14:28:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/09 14:28:14 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/09 14:28:14 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/09 14:25:07 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/21 18:44:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/21 13:54:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/08/21 13:53:47 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/08/21 13:53:47 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/08/21 12:30:37 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 12:22:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/21 12:06:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/21 05:18:50 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 12:56:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 13:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/08/24 17:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/02/03 19:59:44 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/09/09 15:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\InterVideo
[2009/04/01 17:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\ScanSoft
[2006/08/21 13:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\toshiba
[2006/12/27 02:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/12/27 03:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/11/25 06:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/08/21 14:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/12/27 03:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

========== Purity Check ==========



< End of report >





Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee Total Protection
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
mcafee VIRUSS~1 mcvsshld.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````







C:\Documents and Settings\All Users\Documents\other\divx\DivX_Pro_6.8.rar probably a variant of Win32/Agent.KTGYKTG trojan
C:\Documents and Settings\All Users\Documents\other\divx\DVT-Keymaker.exe probably a variant of Win32/Agent.KTGYKTG trojan



Thank you, Broni

 

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Documents\other\divx\DivX_Pro_6.8.rar moved successfully.
C:\Documents and Settings\All Users\Documents\other\divx\DVT-Keymaker.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: a
->Temp folder emptied: 587923 bytes
->Temporary Internet Files folder emptied: 6850732 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45357627 bytes
->Google Chrome cache emptied: 8394497 bytes
->Flash cache emptied: 994 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb


[EMPTYFLASH]

User: a
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11132010_154942

Files\Folders moved on Reboot...
C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: a
->Temp folder emptied: 588072 bytes
->Temporary Internet Files folder emptied: 75539 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6399162 bytes
->Flash cache emptied: 9785 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: a
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 11132010_160807

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



It is doing much better. However, it is still slow and delays are occurring. Especially, the mouse. It is not as fluid as it once was. I believe the performance deterirated after runing Malwarebytes the first time.

Thank you for all of your help, Broni