Solved malware is deleting software

knighthawk · 2010/07/08

[Resolved] malware is deleting software

i had to redownload installshield2009 tonight just to use the dds script, also task manager has stopped working and in msn i cant type. tried reinstalling it, didnt work.

Code:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2010 4:56:56 PM
System Uptime: 7/8/2010 10:53:36 AM (10 hours ago)

Motherboard: Intel Corporation |  | MPAD-MSAE Customer Reference Boards
Processor: Intel(R) Core(TM)2 CPU         T5500  @ 1.66GHz | U1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 115.054 GiB free.
D: is CDROM ()
F: is CDROM (UDF)
G: is FIXED (NTFS) - 931 GiB total, 870.623 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Manufacturer: 
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Service: 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Biometric Coprocessor
Device ID: USB\VID_0483&PID_2016\5&4DE2C51&0&2
Manufacturer: 
Name: Biometric Coprocessor
PNP Device ID: USB\VID_0483&PID_2016\5&4DE2C51&0&2
Service: 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF101179&REV_00\4&6B16D5B&0&32F0
Manufacturer: 
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF101179&REV_00\4&6B16D5B&0&32F0
Service: 

==== System Restore Points ===================

RP116: 6/15/2010 9:26:34 PM - System Checkpoint
RP117: 6/15/2010 9:39:19 PM - Installed MMI
RP118: 6/17/2010 3:00:22 AM - Software Distribution Service 3.0
RP119: 6/18/2010 2:32:08 PM - System Checkpoint
RP120: 6/19/2010 3:27:09 PM - System Checkpoint
RP121: 6/20/2010 4:27:06 PM - System Checkpoint
RP122: 6/22/2010 5:24:18 PM - System Checkpoint
RP123: 6/22/2010 9:05:42 PM - Software Distribution Service 3.0
RP124: 6/24/2010 12:57:48 AM - System Checkpoint
RP125: 6/25/2010 2:11:05 PM - System Checkpoint
RP126: 6/26/2010 3:48:14 PM - System Checkpoint
RP127: 6/28/2010 4:26:51 PM - System Checkpoint
RP128: 6/29/2010 1:01:26 PM - Installed Crazy Tao
RP129: 6/29/2010 1:01:35 PM - Installed Crazy Tao
RP130: 6/29/2010 1:35:57 PM - Installed Crazy Tao
RP131: 6/29/2010 1:36:05 PM - Installed Crazy Tao
RP132: 6/29/2010 3:47:31 PM - Installed Mp3 Music Organizer
RP133: 6/29/2010 4:15:10 PM - Removed Ask Toolbar.
RP134: 6/29/2010 4:17:31 PM - Removed Crazy Tao
RP135: 6/29/2010 4:17:37 PM - Removed Crazy Tao
RP136: 6/29/2010 4:21:18 PM - Removed Crazy Tao
RP137: 6/29/2010 4:21:24 PM - Removed Crazy Tao
RP138: 6/29/2010 4:28:22 PM - Removed Mp3 Music Organizer
RP139: 6/30/2010 7:05:44 PM - System Checkpoint
RP140: 7/4/2010 1:02:47 AM - System Checkpoint
RP141: 7/4/2010 3:19:54 PM - Installed Click-N-Type
RP142: 7/4/2010 4:59:14 PM - Installed Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
RP143: 7/4/2010 11:51:29 PM - Cleaned registry with Windows Live OneCare safety scanner
RP144: 7/6/2010 2:26:03 PM - System Checkpoint
RP145: 7/7/2010 5:34:36 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
3ds max 7
Acronis*Disk Director Suite
Acronis*True*Image*Home
Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan
Alky for Applications (Windows XP)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.20
ATI - Software Uninstall Utility
Atomic Alarm Clock 5.7
Auto Backup for MySQL Professional Edition 2.1
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
Autodesk Design Review 2010
Autodesk Revit Architecture 2010
AutoPlay Media Studio 7.5
Bonjour
CamStudio
CarMD
CCleaner (remove only)
Cheat Engine 5.6
Cheat Engine 5.6.1
Click-N-Type
COMODO Internet Security
Connect
Contents
Corel VideoStudio Pro X3
**** NFO Viewer v2.10.0032.RC3 (Remove Only)
DeviceIO
Driver Genius Professional Edition
DriverPacks BASE
eQUEST 3.6
Eudemons Online
EVEREST Ultimate Edition v5.01
FileZilla Client 3.3.3
Firefox v3.5.3 (Remove Only)
Flash Decompiler Trillix
Gadget Installer
Gamevance
Google SketchUp Pro 7
Google Toolbar for Internet Explorer
Google Update Helper
GSpot v2.70a
HashCheck Shell Extension (x86-32)
Helium Music Manager 2009 (build 6635)
HHD Software Hex Editor Neo 4.21
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PSC & OfficeJet 5.3.B
ICA
InstallShield 2009
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IPM_VS_Pro
iTunes
IZArc 3.81
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Mega Codec Pack 5.0.5
Kels' CPL Bonus Pack!
Kiwee Chatbar
Kiwee Toolbar for Firefox
Kiwee Toolbar for Internet Explorer
kuler
MacroMaker
Mega Manager
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Recent Documents Gadget
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Service Pack 1 Redistributable
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MLE
MMI
Move Media Player
Mozilla Firefox (3.6.6)
MP3 Rocket
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MysticThumbs
NJStar Communicator
nLite Add-On Maker 1.2
nLite Plus
Notepad++
Notepad2 (Notepad Replacement)
NVIDIA Media Center Extensions
NVIDIA Photoshop Plug-ins
NVIDIA PureVideo Decoder
Open Command Prompt Shell Extension (x86-32)
OpenAL
PDF Settings CS4
PeerBlock 1.0.0 (r187)
PhoenyxRysing 5080
Phone Fusion Control Center 1.44
PhoneFusion PC Phone V 2.02
Photoshop Camera Raw
Pixel Bender Toolkit
PowerISO
PremiumSoft Navicat 8.2 for MySQL
PureHD
QFolder
QuickTime
RapidBIT Suite
RealPlayer
Realtek High Definition Audio Driver
Restorator 2007 Trial Update 2
Right Click Image Converter
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SendToA3X
Setup
Share
Skypeâ„¢ 4.1
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
SmartSound Common Data
SmartSound Quicktracks 5
Software Informer 1.0 BETA
Styler
Suite Shared Configuration CS4
SweetIM for Messenger 3.2
SweetIM Toolbar for Internet Explorer 3.9
Synaptics Pointing Device Driver
Sysinternals AIO Collection
Tales of Fantasy
TeamViewer 5
TMPGEnc Authoring Works 4
Trials 2 Second Edition
TuneUp Utilities 2009
Ulead GIF Animator 5.05
Universal Extractor 1.6 beta
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB973687)
Update Rollup 2 for Windows XP Media Center Edition 2005
VB Decompiler Lite
Ventrilo Client
VIO
Vista Drive Indicator!
Visual Task Tips 3.4
VMware Workstation
VSClassic
VSPro
WAMP5 1.7.4
WampServer 2.0
WebFldrs XP
Webs Credits 2
WindowBlinds
WindowFX
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Sidebar
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinHex
WinRAR archiver
WinXP Manager
XP Context Tools
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/4/2010 10:21:47 AM, error: Service Control Manager [7024]  - The VMware Authorization Service service terminated with service-specific error 6000002 (0x5B8D82).
7/4/2010 10:20:20 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the AG Core Services service to connect.
7/4/2010 10:20:20 AM, error: Service Control Manager [7000]  - The AG Core Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/4/2010 10:15:54 AM, error: Service Control Manager [7000]  - The asc3360pr service failed to start due to the following error:  Access is denied.

==== End Of File ===========================

Code:


DDS (Ver_10-03-17.01) - NTFSx86  
Run by Blain at 20:42:42.81 on Thu 07/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1878 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated)   {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled*   {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
C:\PROGRA~1\MyWebSearch\bar\3.bin\mwsoemon.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SwordSky Software\Auto Backup for MySQL Professional Edition\abmpro.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\xampplite\apache\bin\httpd.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\mysql\bin\mysqld-nt.exe
C:\xampplite\apache\bin\httpd.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Blain\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.sweetim.com
uSearch Page = 
uSearch Bar = 
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = 
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No File
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - c:\program files\gamevance\gamevancelib32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - PC Tools Browser Guard BHO
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Freecause Toolbar BHO: {818b93d5-a4fa-4488-bf14-c4cb7b54aa0c} - c:\program files\webs credits 2\Toolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - 
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Webs Credits 2: {674f9426-e0c0-4bec-a819-5f57d5a94cb3} - c:\program files\webs credits 2\Toolbar.dll
TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [VisualTaskTips] c:\program files\utilities\visualtasktips\VisualTaskTips.exe
uRun: [SkinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe
uRun: [RocketDock]  "c:\program files\rocketdock\RocketDock.exe "
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] ~ "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS]  "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent]  "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [Auto Backup for MySQL] c:\program files\swordsky software\auto backup for mysql professional edition\abmpro.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebsearch\bar\3.bin\mwsoemon.exe
uRun: [swg]  "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Software Informer]  "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm] 
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [UnlockerAssistant]  "c:\program files\unlocker\UnlockerAssistant.exe "
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service]  "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AdobeCS4ServiceManager]  "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0]  "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [GrooveMonitor]  "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe]  "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [IMJPMIG8.1]  "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher]  "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM]  "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Standby]  "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [SunJavaUpdateSched]  "c:\program files\common files\java\java update\jusched.exe "
mRun: [QuickTime Task]  "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper]  "c:\program files\itunes\iTunesHelper.exe "
mRun: [COMODO Internet Security]  "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [KiweeHook]  "c:\program files\kiwee toolbar\3.2\kwtbaim.exe "
mRun: [MSN Toolbar]  "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe "
mRun: [Microsoft Default Manager]  "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [My Web Search Bar Search Scope Monitor]  "c:\progra~1\mywebsearch\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebsearch\bar\3.bin\mwsoemon.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
dRun: [VisualTaskTips] c:\program files\utilities\visualtasktips\VisualTaskTips.exe
dRun: [SkinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\blain\startm~1\programs\startup\macromaker.lnk - c:\docume~1\blain\applic~1\microsoft\installer\{49e9e81a-9ca8-4a76-8ad6-be7e3b2e1e2a}\_576A67D38B93E433719FBD.exe
StartupFolder: c:\docume~1\blain\startm~1\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\blain\startm~1\programs\startup\winmysqladmin.lnk - c:\mysql\bin\winmysqladmin.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoLogoff = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 1 (0x1)
mPolicies-explorer: Start_ShowHelp = 1 (0x1)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 1 (0x1)
mPolicies-explorer: Start_ShowMyPics = 1 (0x1)
mPolicies-explorer: Start_ShowNetConn = 1 (0x1)
mPolicies-explorer: Start_ShowPrinters = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000343&p=ZKfox000&si=&a=O3lJhQlBgbD.a8aptttiXg&n=2010061517
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs:   c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
IFEO: notepad.exe -  "c:\program files\notepad2\Notepad2.exe" /z

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\blain\applic~1\mozilla\firefox\profiles\wrz06ugs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.imgag.com/?appid=kwtb&c=GNKIW29197&sbs=7&sc=2&f=homepage&vernum=3.2&uid=&did={fe5025de-5168-43af-a1c3-9918b86a059d}&q=
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
FF - component: c:\documents and settings\blain\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: c:\documents and settings\blain\application data\mozilla\firefox\profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\blain\application data\mozilla\firefox\profiles\wrz06ugs.default\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}\components\Engine.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\blain\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ",                  5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ",  "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ",  "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ",  "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ",  "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ",  "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ",  "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-1-27 902432]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-29 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-29 25160]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\system\cpl bonus\vcdrom.sys [2010-1-27 8576]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-27 2326920]
R2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [2010-4-27 29416]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-1-29 723632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2010-1-27 99328]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-27 159168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-6-11 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlexService;Remote Connections Service;c:\program files\rapidbit\cisvc.exe [2009-5-17 41984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebsearch\bar\3.bin\mwssvc.exe [2010-6-18 28762]
S3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\mrnkpp.sys --> c:\windows\system32\drivers\mrnkpp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-07-09 03:23:00	0	d-----w-	c:\docume~1\blain\applic~1\Software Informer
2010-07-09 03:22:59	0	d-----w-	c:\program files\Software Informer
2010-07-09 03:03:53	800	--sha-r-	c:\documents and settings\blain\ntuser.pol
2010-07-09 03:02:46	0	d--h--w-	c:\windows\system32\GroupPolicy
2010-07-07 00:48:46	0	d-----w-	C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com
2010-07-07 00:48:36	40482535	----a-w-	C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com.rar
2010-07-06 21:31:24	0	d-----w-	c:\program files\Gamevance
2010-07-04 23:59:20	0	d-----w-	c:\program files\Pro Imaging Powertoys
2010-07-04 23:59:20	0	d-----w-	c:\program files\common files\Nikon
2010-07-04 22:19:56	0	d-----w-	c:\program files\Click-N-Type
2010-06-29 22:47:34	0	d-----w-	c:\docume~1\blain\applic~1\MP3 Music Organizer
2010-06-29 22:47:05	0	d-----w-	c:\windows\Downloaded Installations
2010-06-29 20:35:42	0	d-----w-	c:\program files\Crazy Tao2
2010-06-29 20:01:36	0	d-----w-	c:\program files\Crazy Tao
2010-06-29 16:19:46	0	d-----w-	c:\program files\SweetIM
2010-06-29 16:19:46	0	d-----w-	c:\docume~1\alluse~1\applic~1\SweetIM
2010-06-24 23:55:53	0	d-----w-	c:\docume~1\blain\applic~1\BattlePunks
2010-06-16 04:40:35	0	d-----w-	c:\program files\MSN Toolbar
2010-06-16 04:39:22	0	d-----w-	c:\program files\MSN Toolbar Installer
2010-06-16 04:39:19	0	d-----w-	c:\program files\MMI
2010-06-16 04:38:40	233	----a-w-	c:\windows\setup.iss
2010-06-15 21:34:19	32768	----a-w-	c:\windows\system32\f3PSSavr.scr
2010-06-15 21:34:19	0	d-----w-	c:\program files\FunWebProducts
2010-06-15 21:33:35	0	d-----w-	c:\program files\MyWebSearch
2010-06-14 02:03:05	0	d-----w-	c:\program files\Tales of Fantasy
2010-06-11 22:19:53	0	d-----w-	c:\docume~1\blain\applic~1\AGI
2010-06-11 22:19:23	0	d-----w-	c:\docume~1\alluse~1\applic~1\Kiwee Toolbar
2010-06-11 22:19:21	0	d-----w-	c:\program files\Kiwee Toolbar
2010-06-11 22:19:10	0	d-----w-	c:\program files\UnifiedToolbar
2010-06-11 22:18:44	0	d-----w-	c:\program files\AGI
2010-06-11 22:02:39	0	d-----w-	c:\docume~1\alluse~1\applic~1\agi
2010-06-11 20:31:45	285696	------w-	c:\windows\system32\dllcache\atmfd.dll
2010-06-11 20:31:40	65536	------w-	c:\windows\system32\dllcache\asycfilt.dll
2010-06-11 20:31:10	743424	------w-	c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M  ====================

2010-07-09 03:40:33	1474832	----a-w-	c:\windows\system32\drivers\sfi.dat
2010-05-05 13:30:57	173056	------w-	c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 01:35:24	94396	---ha-w-	c:\windows\system32\mlfcache.dat
2010-05-02 05:22:50	1851264	----a-w-	c:\windows\system32\win32k.sys
2010-05-02 05:22:50	1851264	------w-	c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-18 18:06:07	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-02-13 20:53:59	16384	--sha-w-	c:\windows\system32\config\systemprofile\cookies\index.dat
2010-02-13 20:53:59	32768	--sha-w-	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2010-01-28 00:58:39	32768	--sha-w-	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012720100128\index.dat
2010-02-13 20:53:59	32768	--sha-w-	c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 20:45:18.68 ===============

broni · 2010/07/08

Please, do NOT add [Active] prefix to your topic title.
Please do NOT wrap your logs in code.

Please, repost your logs.

knighthawk · 2010/07/09

sorry

DDS (Ver_10-03-17.01) - NTFSx86
Run by Blain at 20:42:42.81 on Thu 07/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1878 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
C:\PROGRA~1\MyWebSearch\bar\3.bin\mwsoemon.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SwordSky Software\Auto Backup for MySQL Professional Edition\abmpro.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\xampplite\apache\bin\httpd.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\mysql\bin\mysqld-nt.exe
C:\xampplite\apache\bin\httpd.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Blain\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.sweetim.com
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No File
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - c:\program files\gamevance\gamevancelib32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - PC Tools Browser Guard BHO
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Freecause Toolbar BHO: {818b93d5-a4fa-4488-bf14-c4cb7b54aa0c} - c:\program files\webs credits 2\Toolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Webs Credits 2: {674f9426-e0c0-4bec-a819-5f57d5a94cb3} - c:\program files\webs credits 2\Toolbar.dll
TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [VisualTaskTips] c:\program files\utilities\visualtasktips\VisualTaskTips.exe
uRun: [SkinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe "
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] ~ "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [Auto Backup for MySQL] c:\program files\swordsky software\auto backup for mysql professional edition\abmpro.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebsearch\bar\3.bin\mwsoemon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm]
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe "
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [KiweeHook] "c:\program files\kiwee toolbar\3.2\kwtbaim.exe "
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebsearch\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebsearch\bar\3.bin\mwsoemon.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
dRun: [VisualTaskTips] c:\program files\utilities\visualtasktips\VisualTaskTips.exe
dRun: [SkinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\blain\startm~1\programs\startup\macromaker.lnk - c:\docume~1\blain\applic~1\microsoft\installer\{49e9e81a-9ca8-4a76-8ad6-be7e3b2e1e2a}\_576A67D38B93E433719FBD.exe
StartupFolder: c:\docume~1\blain\startm~1\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\blain\startm~1\programs\startup\winmysqladmin.lnk - c:\mysql\bin\winmysqladmin.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoLogoff = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 1 (0x1)
mPolicies-explorer: Start_ShowHelp = 1 (0x1)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 1 (0x1)
mPolicies-explorer: Start_ShowMyPics = 1 (0x1)
mPolicies-explorer: Start_ShowNetConn = 1 (0x1)
mPolicies-explorer: Start_ShowPrinters = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolba...000&si=&a=O3lJhQlBgbD.a8aptttiXg&n=2010061517
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
IFEO: notepad.exe - "c:\program files\notepad2\Notepad2.exe" /z

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\blain\applic~1\mozilla\firefox\profiles\wrz06ugs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.imgag.com/?appid=kwtb&c=GNKIW29197&sbs=7&sc=2&f=homepage&vernum=3.2&uid=&did={fe5025de-5168-43af-a1c3-9918b86a059d}&q=
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
FF - component: c:\documents and settings\blain\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: c:\documents and settings\blain\application data\mozilla\firefox\profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\blain\application data\mozilla\firefox\profiles\wrz06ugs.default\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}\components\Engine.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\blain\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-1-27 902432]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-29 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-29 25160]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\system\cpl bonus\vcdrom.sys [2010-1-27 8576]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-27 2326920]
R2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [2010-4-27 29416]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-1-29 723632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2010-1-27 99328]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-27 159168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-6-11 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlexService;Remote Connections Service;c:\program files\rapidbit\cisvc.exe [2009-5-17 41984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebsearch\bar\3.bin\mwssvc.exe [2010-6-18 28762]
S3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\mrnkpp.sys --> c:\windows\system32\drivers\mrnkpp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-07-09 03:23:00 0 d-----w- c:\docume~1\blain\applic~1\Software Informer
2010-07-09 03:22:59 0 d-----w- c:\program files\Software Informer
2010-07-09 03:03:53 800 --sha-r- c:\documents and settings\blain\ntuser.pol
2010-07-09 03:02:46 0 d--h--w- c:\windows\system32\GroupPolicy
2010-07-07 00:48:46 0 d-----w- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com
2010-07-07 00:48:36 40482535 ----a-w- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com.rar
2010-07-06 21:31:24 0 d-----w- c:\program files\Gamevance
2010-07-04 23:59:20 0 d-----w- c:\program files\Pro Imaging Powertoys
2010-07-04 23:59:20 0 d-----w- c:\program files\common files\Nikon
2010-07-04 22:19:56 0 d-----w- c:\program files\Click-N-Type
2010-06-29 22:47:34 0 d-----w- c:\docume~1\blain\applic~1\MP3 Music Organizer
2010-06-29 22:47:05 0 d-----w- c:\windows\Downloaded Installations
2010-06-29 20:35:42 0 d-----w- c:\program files\Crazy Tao2
2010-06-29 20:01:36 0 d-----w- c:\program files\Crazy Tao
2010-06-29 16:19:46 0 d-----w- c:\program files\SweetIM
2010-06-29 16:19:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SweetIM
2010-06-24 23:55:53 0 d-----w- c:\docume~1\blain\applic~1\BattlePunks
2010-06-16 04:40:35 0 d-----w- c:\program files\MSN Toolbar
2010-06-16 04:39:22 0 d-----w- c:\program files\MSN Toolbar Installer
2010-06-16 04:39:19 0 d-----w- c:\program files\MMI
2010-06-16 04:38:40 233 ----a-w- c:\windows\setup.iss
2010-06-15 21:34:19 32768 ----a-w- c:\windows\system32\f3PSSavr.scr
2010-06-15 21:34:19 0 d-----w- c:\program files\FunWebProducts
2010-06-15 21:33:35 0 d-----w- c:\program files\MyWebSearch
2010-06-14 02:03:05 0 d-----w- c:\program files\Tales of Fantasy
2010-06-11 22:19:53 0 d-----w- c:\docume~1\blain\applic~1\AGI
2010-06-11 22:19:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Kiwee Toolbar
2010-06-11 22:19:21 0 d-----w- c:\program files\Kiwee Toolbar
2010-06-11 22:19:10 0 d-----w- c:\program files\UnifiedToolbar
2010-06-11 22:18:44 0 d-----w- c:\program files\AGI
2010-06-11 22:02:39 0 d-----w- c:\docume~1\alluse~1\applic~1\agi
2010-06-11 20:31:45 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-06-11 20:31:40 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-11 20:31:10 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-07-09 03:40:33 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 01:35:24 94396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 18:06:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-02-13 20:53:59 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2010-02-13 20:53:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2010-01-28 00:58:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012720100128\index.dat
2010-02-13 20:53:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 20:45:18.68 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2010 4:56:56 PM
System Uptime: 7/8/2010 10:53:36 AM (10 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 115.054 GiB free.
D: is CDROM ()
F: is CDROM (UDF)
G: is FIXED (NTFS) - 931 GiB total, 870.623 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Biometric Coprocessor
Device ID: USB\VID_0483&PID_2016\5&4DE2C51&0&2
Manufacturer:
Name: Biometric Coprocessor
PNP Device ID: USB\VID_0483&PID_2016\5&4DE2C51&0&2
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF101179&REV_00\4&6B16D5B&0&32F0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF101179&REV_00\4&6B16D5B&0&32F0
Service:

==== System Restore Points ===================

RP116: 6/15/2010 9:26:34 PM - System Checkpoint
RP117: 6/15/2010 9:39:19 PM - Installed MMI
RP118: 6/17/2010 3:00:22 AM - Software Distribution Service 3.0
RP119: 6/18/2010 2:32:08 PM - System Checkpoint
RP120: 6/19/2010 3:27:09 PM - System Checkpoint
RP121: 6/20/2010 4:27:06 PM - System Checkpoint
RP122: 6/22/2010 5:24:18 PM - System Checkpoint
RP123: 6/22/2010 9:05:42 PM - Software Distribution Service 3.0
RP124: 6/24/2010 12:57:48 AM - System Checkpoint
RP125: 6/25/2010 2:11:05 PM - System Checkpoint
RP126: 6/26/2010 3:48:14 PM - System Checkpoint
RP127: 6/28/2010 4:26:51 PM - System Checkpoint
RP128: 6/29/2010 1:01:26 PM - Installed Crazy Tao
RP129: 6/29/2010 1:01:35 PM - Installed Crazy Tao
RP130: 6/29/2010 1:35:57 PM - Installed Crazy Tao
RP131: 6/29/2010 1:36:05 PM - Installed Crazy Tao
RP132: 6/29/2010 3:47:31 PM - Installed Mp3 Music Organizer
RP133: 6/29/2010 4:15:10 PM - Removed Ask Toolbar.
RP134: 6/29/2010 4:17:31 PM - Removed Crazy Tao
RP135: 6/29/2010 4:17:37 PM - Removed Crazy Tao
RP136: 6/29/2010 4:21:18 PM - Removed Crazy Tao
RP137: 6/29/2010 4:21:24 PM - Removed Crazy Tao
RP138: 6/29/2010 4:28:22 PM - Removed Mp3 Music Organizer
RP139: 6/30/2010 7:05:44 PM - System Checkpoint
RP140: 7/4/2010 1:02:47 AM - System Checkpoint
RP141: 7/4/2010 3:19:54 PM - Installed Click-N-Type
RP142: 7/4/2010 4:59:14 PM - Installed Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
RP143: 7/4/2010 11:51:29 PM - Cleaned registry with Windows Live OneCare safety scanner
RP144: 7/6/2010 2:26:03 PM - System Checkpoint
RP145: 7/7/2010 5:34:36 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
3ds max 7
Acronis*Disk Director Suite
Acronis*True*Image*Home
Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan
Alky for Applications (Windows XP)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.20
ATI - Software Uninstall Utility
Atomic Alarm Clock 5.7
Auto Backup for MySQL Professional Edition 2.1
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
Autodesk Design Review 2010
Autodesk Revit Architecture 2010
AutoPlay Media Studio 7.5
Bonjour
CamStudio
CarMD
CCleaner (remove only)
Cheat Engine 5.6
Cheat Engine 5.6.1
Click-N-Type
COMODO Internet Security
Connect
Contents
Corel VideoStudio Pro X3
**** NFO Viewer v2.10.0032.RC3 (Remove Only)
DeviceIO
Driver Genius Professional Edition
DriverPacks BASE
eQUEST 3.6
Eudemons Online
EVEREST Ultimate Edition v5.01
FileZilla Client 3.3.3
Firefox v3.5.3 (Remove Only)
Flash Decompiler Trillix
Gadget Installer
Gamevance
Google SketchUp Pro 7
Google Toolbar for Internet Explorer
Google Update Helper
GSpot v2.70a
HashCheck Shell Extension (x86-32)
Helium Music Manager 2009 (build 6635)
HHD Software Hex Editor Neo 4.21
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PSC & OfficeJet 5.3.B
ICA
InstallShield 2009
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IPM_VS_Pro
iTunes
IZArc 3.81
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Mega Codec Pack 5.0.5
Kels' CPL Bonus Pack!
Kiwee Chatbar
Kiwee Toolbar for Firefox
Kiwee Toolbar for Internet Explorer
kuler
MacroMaker
Mega Manager
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Recent Documents Gadget
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Service Pack 1 Redistributable
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MLE
MMI
Move Media Player
Mozilla Firefox (3.6.6)
MP3 Rocket
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MysticThumbs
NJStar Communicator
nLite Add-On Maker 1.2
nLite Plus
Notepad++
Notepad2 (Notepad Replacement)
NVIDIA Media Center Extensions
NVIDIA Photoshop Plug-ins
NVIDIA PureVideo Decoder
Open Command Prompt Shell Extension (x86-32)
OpenAL
PDF Settings CS4
PeerBlock 1.0.0 (r187)
PhoenyxRysing 5080
Phone Fusion Control Center 1.44
PhoneFusion PC Phone V 2.02
Photoshop Camera Raw
Pixel Bender Toolkit
PowerISO
PremiumSoft Navicat 8.2 for MySQL
PureHD
QFolder
QuickTime
RapidBIT Suite
RealPlayer
Realtek High Definition Audio Driver
Restorator 2007 Trial Update 2
Right Click Image Converter
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SendToA3X
Setup
Share
Skypeâ„¢ 4.1
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
SmartSound Common Data
SmartSound Quicktracks 5
Software Informer 1.0 BETA
Styler
Suite Shared Configuration CS4
SweetIM for Messenger 3.2
SweetIM Toolbar for Internet Explorer 3.9
Synaptics Pointing Device Driver
Sysinternals AIO Collection
Tales of Fantasy
TeamViewer 5
TMPGEnc Authoring Works 4
Trials 2 Second Edition
TuneUp Utilities 2009
Ulead GIF Animator 5.05
Universal Extractor 1.6 beta
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB973687)
Update Rollup 2 for Windows XP Media Center Edition 2005
VB Decompiler Lite
Ventrilo Client
VIO
Vista Drive Indicator!
Visual Task Tips 3.4
VMware Workstation
VSClassic
VSPro
WAMP5 1.7.4
WampServer 2.0
WebFldrs XP
Webs Credits 2
WindowBlinds
WindowFX
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Sidebar
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinHex
WinRAR archiver
WinXP Manager
XP Context Tools
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/4/2010 10:21:47 AM, error: Service Control Manager [7024] - The VMware Authorization Service service terminated with service-specific error 6000002 (0x5B8D82).
7/4/2010 10:20:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AG Core Services service to connect.
7/4/2010 10:20:20 AM, error: Service Control Manager [7000] - The AG Core Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/4/2010 10:15:54 AM, error: Service Control Manager [7000] - The asc3360pr service failed to start due to the following error: Access is denied.

==== End Of File ===========================

broni · 2010/07/09

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

knighthawk · 2010/07/10

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4298

Windows 5.1.2600 Service Pack 3, v.5938
Internet Explorer 8.0.6001.18702

7/9/2010 6:43:58 PM
mbam-log-2010-07-09 (18-43-58).txt

Scan type: Quick scan
Objects scanned: 144355
Time elapsed: 14 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 119
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 21
Files Infected: 101

Memory Processes Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FlySky (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Application Data\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4\krnln.fnr (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\Ã–Ã¹ÃºÃˆÃ‹\internet.fne (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\Ã–Ã¹ÃºÃˆÃ‹\krnln.fnr (Trojan.FlyStudio) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\00BAD122.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0016354D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00163666 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E592C0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E59929 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E59AFD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E59CC3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E59EA7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E59F34.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E59FC0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00EB67FA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00EB68B5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00EB6932.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00EB6A8A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00EB6BE2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4\iext.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4\iext3.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4\krnln.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4\mysql.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blain\Local Settings\Temp\E_4\xplib.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

i couldnt do the GMER becuase it would make my screen go black while it was running and i couldnt get my desktop to show just a black screen

broni · 2010/07/10

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Click to expand...

......

knighthawk · 2010/07/10

it ran but would just go black screen after awhile.....and i dont know how to run it in safe mode...

broni · 2010/07/10

Let's skip that step for now...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

knighthawk · 2010/07/10

ComboFix 10-07-10.01 - Blain 07/10/2010 11:28:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2161 [GMT -7:00]
Running from: c:\documents and settings\Blain\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Cheat Engine\dbk32.sys
c:\windows\My.ini

c:\windows\system32\midimap.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 01:26 . 2010-07-10 01:26 -------- d-----w- c:\documents and settings\Blain\Application Data\Malwarebytes
2010-07-10 01:26 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 01:26 . 2010-07-10 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-10 01:26 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 01:26 . 2010-07-10 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 03:23 . 2010-07-10 17:14 -------- d-----w- c:\documents and settings\Blain\Application Data\Software Informer
2010-07-09 03:22 . 2010-07-09 03:23 -------- d-----w- c:\program files\Software Informer
2010-07-09 03:02 . 2010-07-09 03:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-07 00:48 . 2010-06-04 02:24 -------- d-----w- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com
2010-07-04 23:59 . 2010-07-04 23:59 128 ----a-w- c:\documents and settings\Blain\Local Settings\Application Data\fusioncache.dat
2010-07-04 23:59 . 2010-07-04 23:59 -------- d-----w- c:\program files\Pro Imaging Powertoys
2010-07-04 23:59 . 2010-07-04 23:59 -------- d-----w- c:\program files\Common Files\Nikon
2010-07-04 22:35 . 2010-07-04 22:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-04 22:19 . 2010-07-04 22:19 -------- d-----w- c:\program files\Click-N-Type
2010-06-29 22:50 . 2010-06-29 22:50 -------- d-----w- c:\documents and settings\Blain\Local Settings\Application Data\StreamingFileProcessing
2010-06-29 22:47 . 2010-06-29 23:28 -------- d-----w- c:\documents and settings\Blain\Application Data\MP3 Music Organizer
2010-06-29 22:47 . 2010-07-04 23:52 -------- d-----w- c:\windows\Downloaded Installations
2010-06-29 20:35 . 2010-06-29 23:22 -------- d-----w- c:\program files\Crazy Tao2
2010-06-29 20:01 . 2010-06-29 23:18 -------- d-----w- c:\program files\Crazy Tao
2010-06-29 16:19 . 2010-06-29 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2010-06-29 16:19 . 2010-06-29 16:20 -------- d-----w- c:\program files\SweetIM
2010-06-24 23:55 . 2010-06-25 00:05 -------- d-----w- c:\documents and settings\Blain\Application Data\BattlePunks
2010-06-24 10:32 . 2010-06-24 10:32 263008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-16 04:40 . 2010-06-16 04:40 -------- d-----w- c:\program files\MSN Toolbar
2010-06-16 04:40 . 2010-06-17 10:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 04:39 . 2010-06-16 04:40 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-16 04:39 . 2010-06-16 04:39 -------- d-----w- c:\program files\MMI
2010-06-14 02:03 . 2010-06-21 23:57 -------- d-----w- c:\program files\Tales of Fantasy
2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\Blain\Local Settings\Application Data\Kiwee Toolbar
2010-06-11 22:19 . 2010-06-14 00:33 -------- d-----w- c:\documents and settings\Blain\Application Data\AGI
2010-06-11 22:19 . 2010-06-11 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2010-06-11 22:19 . 2010-06-11 22:19 -------- d-----w- c:\program files\Kiwee Toolbar
2010-06-11 22:19 . 2010-06-11 22:19 -------- d-----w- c:\program files\UnifiedToolbar
2010-06-11 22:18 . 2010-06-11 22:18 -------- d-----w- c:\program files\AGI
2010-06-11 22:02 . 2010-06-11 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-06-11 20:31 . 2010-04-20 05:30 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-06-11 20:31 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-11 20:31 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 18:41 . 2010-01-28 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-07-10 18:40 . 2010-01-28 00:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-07-10 18:34 . 2010-02-19 05:47 -------- d-----w- c:\program files\Cheat Engine
2010-07-10 18:00 . 2010-01-30 00:43 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-07-09 08:06 . 2010-01-28 01:01 -------- d-----w- c:\documents and settings\Blain\Application Data\uTorrent
2010-07-09 08:05 . 2010-01-29 01:08 -------- d-----w- c:\documents and settings\Blain\Application Data\Skype
2010-07-09 07:05 . 2010-01-29 01:12 -------- d-----w- c:\documents and settings\Blain\Application Data\skypePM
2010-07-08 06:25 . 2010-03-04 17:07 -------- d-----w- c:\documents and settings\Blain\Application Data\FileZilla
2010-07-06 22:05 . 2010-01-28 06:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-05 02:38 . 2010-06-02 22:53 -------- d-----w- c:\program files\Eudemons Online
2010-07-01 21:28 . 2010-03-16 07:27 -------- d-----w- c:\program files\WinHex
2010-06-29 23:22 . 2010-01-28 00:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 17:55 . 2010-02-25 00:15 -------- d-----w- c:\documents and settings\Blain\Application Data\TeamViewer
2010-06-25 23:58 . 2010-03-30 19:42 -------- d-----w- c:\program files\FileZilla FTP Client
2010-06-24 05:33 . 2010-01-28 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-20 03:35 . 2010-02-17 02:02 -------- d-----w- c:\program files\Apple Software Update
2010-06-16 05:08 . 2010-05-02 04:00 -------- d-----w- c:\program files\3dsmax7
2010-06-16 04:41 . 2010-02-17 01:49 -------- d-----w- c:\program files\MP3 Rocket
2010-06-16 04:41 . 2010-02-17 01:49 -------- d-----w- c:\documents and settings\Blain\Application Data\MP3Rocket
2010-06-07 08:16 . 2010-06-07 08:16 -------- d-----w- c:\documents and settings\Blain\Application Data\FCTB000062219
2010-06-07 08:16 . 2010-06-07 04:46 -------- d-----w- c:\program files\Webs Credits 2
2010-06-07 08:16 . 2010-06-07 04:58 -------- d-----w- c:\program files\Common Files\FreeCause
2010-06-07 05:03 . 2010-01-28 05:57 -------- d-----w- c:\program files\Google
2010-06-06 22:25 . 2010-06-06 22:25 -------- d-----w- c:\documents and settings\Blain\Application Data\SmartFTP
2010-06-06 22:25 . 2010-06-06 22:25 -------- d-----w- c:\program files\SmartFTP Client
2010-06-06 22:25 . 2010-06-06 22:25 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-06-05 01:11 . 2010-06-04 21:52 -------- d-----w- c:\documents and settings\Blain\Application Data\CoreFTP
2010-06-05 00:58 . 2010-06-04 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-02 23:02 . 2010-06-02 22:16 -------- d-----w- c:\documents and settings\Blain\Application Data\BitCometLite
2010-05-27 01:20 . 2010-05-27 00:25 -------- d-----w- c:\program files\CamStudio
2010-05-21 03:28 . 2010-05-21 07:46 4 ----a-w- c:\windows\version.dat
2010-05-18 03:42 . 2010-05-15 16:47 -------- d-----w- c:\program files\Phone Fusion Control Center
2010-05-12 21:17 . 2010-02-14 00:30 -------- d-----w- c:\program files\Common Files\logishrd
2010-05-12 07:57 . 2010-05-12 07:57 -------- d-----w- c:\documents and settings\Blain\Application Data\ESET
2010-05-12 07:55 . 2010-05-12 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-05-12 00:22 . 2010-05-12 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Privacyware
2010-05-06 10:41 . 2009-10-17 19:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 01:35 . 2010-05-05 01:35 94396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-02 05:22 . 2009-04-17 22:26 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 18:06 . 2010-04-18 18:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

------- Sigcheck -------

[-] 2009-10-17 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-10-17 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-10-17 . 5E0DE69E7168A9B9510EBA0C1CCC2189 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-10-17 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-10-17 . 48665E9FEBB6EB4577D325232F3573DF . 1761280 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-10-17 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A} "= "mscoree.dll" [2009-11-07 297808]
"{EEE6C35D-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-14 138552]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{818B93D5-A4FA-4488-BF14-C4CB7B54AA0C}]
2010-06-07 08:16 1546240 ----a-w- c:\program files\Webs Credits 2\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-14 00:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{674F9426-E0C0-4BEC-A819-5F57D5A94CB3} "= "c:\program files\Webs Credits 2\Toolbar.dll" [2010-06-07 1546240]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f} "= "mscoree.dll" [2009-11-07 297808]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-14 1438520]

[HKEY_CLASSES_ROOT\clsid\{674f9426-e0c0-4bec-a819-5f57d5a94cb3}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{BF6E780C-D909-4910-98E1-33F53F9680DD}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{674F9426-E0C0-4BEC-A819-5F57D5A94CB3} "= "c:\program files\Webs Credits 2\Toolbar.dll" [2010-06-07 1546240]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-14 1438520]

[HKEY_CLASSES_ROOT\clsid\{674f9426-e0c0-4bec-a819-5f57d5a94cb3}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{BF6E780C-D909-4910-98E1-33F53F9680DD}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips "= "c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"SkinClock "= "c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-08-23 528896]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Auto Backup for MySQL "= "c:\program files\SwordSky Software\Auto Backup for MySQL Professional Edition\abmpro.exe" [2007-08-04 2633728]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-29 39408]
"Software Informer "= "c:\program files\Software Informer\softinfo.exe" [2010-06-29 2322501]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2009-10-17 37376]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-06-02 1660952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive "= "c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"OSSelectorReinstall "= "c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-23 2209224]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-13 5048488]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-13 357384]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"RTHDCPL "= "RTHDCPL.EXE" [2006-05-05 16206848]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Standby "= "c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"KiweeHook "= "c:\program files\Kiwee Toolbar\3.2\kwtbaim.exe" [2009-11-25 56544]
"MSN Toolbar "= "c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SweetIM "= "c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips "= "c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"SkinClock "= "c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-08-23 528896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix "= "shell32" [X]
"_nltide_3 "= "advpack.dll" [2009-03-08 128512]

c:\documents and settings\Blain\Start Menu\Programs\Startup\
MacroMaker.lnk - c:\documents and settings\Blain\Application Data\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe [2010-2-28 10134]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
WinMySQLadmin.lnk - c:\mysql\bin\winmysqladmin.exe [2010-2-27 936448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuFavorites "= 1 (0x1)
"Start_ShowHelp "= 1 (0x1)
"Start_ShowMyComputer "= 1 (0x1)
"Start_ShowMyDocs "= 1 (0x1)
"Start_ShowMyMusic "= 1 (0x1)
"Start_ShowMyPics "= 1 (0x1)
"Start_ShowNetConn "= 1 (0x1)
"Start_ShowPrinters "= 1 (0x1)
"MemCheckBoxInRunDlg "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
"MemCheckBoxInRunDlg "= 1 (0x1)
"NoLogoff "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-23 01:45 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe "=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
"c:\\Server\\ACCServer\\AccountServer Version 6.127-1.exe "=
"c:\\Server\\Gameserver\\MsgServer_Release_2.400.exe "=
"c:\\Server\\Gameserver\\MsgServer_Release_2.450-Trade-Knight-Fix-Demons-Online-Reloaded.exe "=
"c:\\Server\\Gameserver\\MsgServer2.700.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe "=
"g:\\ManequinFULL\\mannequin\\Server\\ACCServer\\AccountServer Version 6.127-1.exe "=
"g:\\ManequinFULL\\mannequin\\Server\\GameServer\\MsgServer2.700.exe "=
"g:\\ManequinFULL\\mannequin\\Server\\GameServer\\MsgServer_Release_2.3721.exe "=
"g:\\revoultion eo server files and client\\ACCServer\\AccountServer Version 6.127-1.exe "=
"g:\\revoultion eo server files and client\\GameServer\\MsgServer2.700.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\3dsmax7\\3dsmax.exe "=
"c:\\Program Files\\backburner 2\\monitor.exe "=
"c:\\Program Files\\backburner 2\\manager.exe "=
"c:\\Program Files\\backburner 2\\server.exe "=
"c:\\Program Files\\Phone Fusion Control Center\\espcti.exe "=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\Webs Credits 2\\TroubleShooter.exe "=
"c:\\Program Files\\Webs Credits 2\\ToolbarUpdate.exe "=
"g:\\Test\\ACCServer\\AccountServer Version 6.127-1.exe "=
"g:\\Test\\GameServer\\MsgServer2.700.exe "=
"c:\\Documents and Settings\\Blain\\Desktop\\4fcom-20100617-06 - BoosterKing -\\??????Crazy Tao????\\ACCServer\\account.exe "=
"c:\\Documents and Settings\\Blain\\Desktop\\4fcom-20100617-06 - BoosterKing -\\??????Crazy Tao????\\Gameserve\\???MSG5888.exe "=
"g:\\Disturbia\\Disturbia-Online\\autopatch-install.exe "=
"g:\\Disturbia\\Disturbia-Online\\AutoPatch\\update\\Patch\\1001.exe "=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"135:TCP "= 135:TCPCOM(135)

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [1/27/2010 6:09 PM 902432]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/29/2010 12:38 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/29/2010 12:38 AM 25160]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [1/27/2010 5:22 PM 8576]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1/27/2010 6:09 PM 2326920]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [6/11/2010 3:18 PM 20480]
R2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [4/27/2010 6:49 PM 29416]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1/27/2010 6:09 PM 159168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [5/17/2009 6:16 AM 41984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 11:02 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VCDROM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 23:37]

2010-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:02]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.arc.losrios.edu/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
FF - component: c:\documents and settings\Blain\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}\components\Engine.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Blain\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-fsm - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 11:42
Windows 5.1.2600 Service Pack 3, v.5938 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath "= "C:/mysql/bin/mysqld-nt.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath "= "C:/mysql/bin/mysqld-nt.exe "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1552)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1608)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(4876)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Utilities\VisualTaskTips\VttHooks.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\System32\cscui.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\mysql\bin\mysqld-nt.exe
c:\windows\RTHDCPL.EXE
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\Microsoft ActiveSync\rapimgr.exe
c:\windows\System32\TUProgSt.exe
c:\program files\ARM Software\MacroMaker\MacroMaker.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Completion time: 2010-07-10 11:52:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-10 18:52

Pre-Run: 126,122,037,248 bytes free
Post-Run: 126,330,687,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F1DD61AFC4A000C4FFA9A84D62DB96C4

broni · 2010/07/10

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
beep.sys
midimap.dll
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

knighthawk · 2010/07/10

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:51 on 10/07/2010 by Blain (Administrator - Elevation successful)

========== filefind ==========

Searching for "beep.sys "
No files found.

Searching for "midimap.dll "
C:\WINDOWS\system32\midimap.dll --a--- 32256 bytes [19:00 17/10/2009] [19:00 17/10/2009] 448937CF6D5D4A4009532DF67B205F92

-=End Of File=-

broni · 2010/07/10

Attached are two zipped files. Unzip both files and paste beep.sys and midimap.dll files into C:\ folder. Look there and make sure both files are there.

Then....

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Alcmtr.exe


Folder::
c:\documents and settings\Blain\Application Data\FCTB000062219


FCopy::
C:\midimap.dll | C:\WINDOWS\system32\midimap.dll
C:\beep.sys | c:\windows\System32\drivers\beep.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

broni · 2010/07/10

Forgot to attach files. Sorry

knighthawk · 2010/07/10

ComboFix 10-07-10.01 - Blain 07/10/2010 14:30:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2208 [GMT -7:00]
Running from: c:\documents and settings\Blain\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blain\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\windows\Alcmtr.exe "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Blain\Application Data\FCTB000062219
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\aboutTabs.7.js
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\aboutTabs.8.js
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\audio.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\banner_container.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\blockcursor.cur
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\blocksound.wav
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\bookmark_off.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\bookmark_on.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\bookmarksplugin.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\bubble_permissions.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\build
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\caching_banner.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\chevron.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\component.xsl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\default.xml
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\efolder.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\email.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\email2.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\emailchecker_plugin.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\facebook.feature
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\fbrss.xsl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\ff.xsl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\folder.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\Helper.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\icons.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\iefavelem.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\ImageConversion.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\amazon.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\ebay.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\email.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\email2.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\down.gif
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\hr.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\mark.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\mark_do.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\mark_na.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\navbg.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\refresh.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\refresh_do.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\refresh_na.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\trash.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\trash_do.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\trash_na.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\unmark.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\unmark_do.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\unmark_na.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\msgbox\up.gif
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\ticker\left.gif
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\ticker\right.gif
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\0.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\1.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\10.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\11.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\12.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\13.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\14.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\15.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\16.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\17.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\18.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\19.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\2.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\20.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\21.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\22.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\23.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\24.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\25.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\26.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\27.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\28.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\29.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\3.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\30.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\31.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\32.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\33.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\34.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\35.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\36.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\37.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\38.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\39.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\4.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\40.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\41.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\42.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\43.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\44.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\45.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\46.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\47.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\5.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\6.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\7.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\8.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\9.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\hr.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\na.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\0.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\1.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\10.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\11.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\12.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\13.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\14.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\15.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\16.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\17.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\18.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\19.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\2.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\20.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\21.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\22.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\23.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\24.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\25.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\26.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\27.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\28.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\29.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\3.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\30.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\31.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\32.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\33.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\34.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\35.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\36.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\37.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\38.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\39.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\4.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\40.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\41.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\42.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\43.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\44.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\45.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\46.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\47.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\5.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\6.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\7.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\8.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\9.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\na.png
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\weather\png\Thumbs.db
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\wikipedia.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\images\yahoo.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\localization.xml
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\location.xsl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\magglass.ico
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\manage_bookmarks.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\marquee.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\marquee_permissions.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\messaging.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\MimeSniffer.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\minus.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\msgbox_bubble.tmpl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\msgbox_openmsg.tmpl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\msgboxplugin.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\offline.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\patch.bat
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\plus.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\podcast.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\podcast.xsl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\radio.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\RadioPlugin.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\resize.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\rssfeed.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\RSSReader_plugin.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\search.xsl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\SearchComponent.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\settings
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_dropdwn_down.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_dropdwn_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_dropdwn_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_max_down.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_max_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_max_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_min_down.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_min_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_min_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_pause_down.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_pause_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_pause_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_play_down.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_play_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_play_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_playcntrl_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_playcntrl_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_stop_down.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_stop_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_stop_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_volcntrl_over.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\btn_volcntrl_up.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\Equalizer1.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\Equalizer2.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\Equalizer3.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\Equalizer4.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\Equalizer5.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\Equalizer6.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\playcntrl_bg.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\radio.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\radio_mask.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\radio_minimalized.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\radio_minimalized_mask.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\station.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\vol_01.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\vol_02.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\vol_03.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\volslide_bg.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\skins\radio\gray03\volslide_track.bmp
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\star_on.gif
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\statplugin.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\ticker.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\Toolbar.dll
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\ToolbarUpdate.exe
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\TroubleShooter.exe
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\Uninst.exe
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\update_progress.html
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\version.txt
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\version.xsl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\weather_bubble.tmpl
c:\documents and settings\Blain\Application Data\FCTB000062219\Toolbar\weatherplugin.dll
c:\windows\Alcmtr.exe
c:\windows\My.ini

.
--------------- FCopy ---------------

c:\midimap.dll --> c:\WINDOWS\system32\midimap.dll
c:\beep.sys --> c:\windows\System32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 21:30 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2010-07-10 21:15 . 2008-03-21 08:36 18944 ------w- C:\midimap.dll
2010-07-10 21:15 . 2004-08-04 12:00 4224 ------w- C:\beep.sys
2010-07-10 06:53 . 2010-07-01 20:51 43008 ----a-w- c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-10 06:53 . 2010-07-01 20:51 338944 ----a-w- c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-10 06:53 . 2010-07-01 20:52 1496064 ----a-w- c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-10 06:53 . 2010-07-01 20:51 346112 ----a-w- c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-10 01:26 . 2010-07-10 01:26 -------- d-----w- c:\documents and settings\Blain\Application Data\Malwarebytes
2010-07-10 01:26 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 01:26 . 2010-07-10 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-10 01:26 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 01:26 . 2010-07-10 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 03:23 . 2010-07-10 18:41 -------- d-----w- c:\documents and settings\Blain\Application Data\Software Informer
2010-07-09 03:22 . 2010-07-09 03:23 -------- d-----w- c:\program files\Software Informer
2010-07-09 03:02 . 2010-07-09 03:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-07 00:48 . 2010-06-04 02:24 -------- d-----w- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com
2010-07-04 23:59 . 2010-07-04 23:59 9062 ----a-r- c:\documents and settings\Blain\Application Data\Microsoft\Installer\{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}\ARPPRODUCTICON.exe
2010-07-04 23:59 . 2010-07-04 23:59 128 ----a-w- c:\documents and settings\Blain\Local Settings\Application Data\fusioncache.dat
2010-07-04 23:59 . 2010-07-04 23:59 -------- d-----w- c:\program files\Pro Imaging Powertoys
2010-07-04 23:59 . 2010-07-04 23:59 -------- d-----w- c:\program files\Common Files\Nikon
2010-07-04 22:35 . 2010-07-04 22:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-04 22:19 . 2010-07-04 22:19 -------- d-----w- c:\program files\Click-N-Type
2010-06-29 22:50 . 2010-06-29 22:50 -------- d-----w- c:\documents and settings\Blain\Local Settings\Application Data\StreamingFileProcessing
2010-06-29 22:47 . 2010-06-29 23:28 -------- d-----w- c:\documents and settings\Blain\Application Data\MP3 Music Organizer
2010-06-29 22:47 . 2010-07-04 23:52 -------- d-----w- c:\windows\Downloaded Installations
2010-06-29 20:35 . 2010-06-29 23:22 -------- d-----w- c:\program files\Crazy Tao2
2010-06-29 20:01 . 2010-06-29 23:18 -------- d-----w- c:\program files\Crazy Tao
2010-06-29 16:19 . 2010-06-29 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2010-06-29 16:19 . 2010-06-29 16:20 -------- d-----w- c:\program files\SweetIM
2010-06-24 23:56 . 2010-06-24 23:56 87040 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\NativeHelper.dll
2010-06-24 23:56 . 2010-06-24 23:56 7654400 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\BattlePunks.dll
2010-06-24 23:56 . 2010-06-24 23:56 6144 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\CrashDataUploader.exe
2010-06-24 23:56 . 2010-06-24 23:56 4178264 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\D3DX9_41.dll
2010-06-24 23:56 . 2010-06-24 23:56 374784 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\fmodex.dll
2010-06-24 23:56 . 2010-06-24 23:56 261120 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\BattlePunks.exe
2010-06-24 23:56 . 2010-06-24 23:56 22360 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\X3DAudio1_6.dll
2010-06-24 23:56 . 2010-06-24 23:56 110592 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\OpenAL32.dll
2010-06-24 23:55 . 2010-06-24 23:55 152064 ----a-w- c:\documents and settings\Blain\Application Data\BattlePunks\BattlePunks\JavaLib\_NativeHelper.temp849842153.dll
2010-06-24 23:55 . 2010-06-25 00:05 -------- d-----w- c:\documents and settings\Blain\Application Data\BattlePunks
2010-06-24 10:32 . 2010-06-24 10:32 263008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-23 16:27 . 2010-07-06 21:31 154112 ----a-w- c:\documents and settings\Blain\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
2010-06-16 04:40 . 2010-06-16 04:40 -------- d-----w- c:\program files\MSN Toolbar
2010-06-16 04:40 . 2010-06-17 10:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 04:39 . 2010-06-16 04:40 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-16 04:39 . 2010-06-16 04:39 -------- d-----w- c:\program files\MMI
2010-06-14 02:03 . 2010-06-21 23:57 -------- d-----w- c:\program files\Tales of Fantasy
2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\Blain\Local Settings\Application Data\Kiwee Toolbar
2010-06-11 22:19 . 2010-06-14 00:33 -------- d-----w- c:\documents and settings\Blain\Application Data\AGI
2010-06-11 22:19 . 2010-06-11 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2010-06-11 22:19 . 2010-06-11 22:19 -------- d-----w- c:\program files\Kiwee Toolbar
2010-06-11 22:19 . 2010-06-11 22:19 -------- d-----w- c:\program files\UnifiedToolbar
2010-06-11 22:18 . 2010-06-11 22:18 -------- d-----w- c:\program files\AGI
2010-06-11 22:02 . 2010-06-11 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-06-11 20:31 . 2010-04-20 05:30 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-06-11 20:31 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-11 20:31 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 21:18 . 2010-01-30 00:43 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-07-10 18:41 . 2010-01-28 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-07-10 18:40 . 2010-01-28 00:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-07-10 18:37 . 2010-03-05 07:18 47 ----a-w- c:\documents and settings\Blain\Application Data\Auto Backup for MySQL\opt_pro.dll
2010-07-10 18:34 . 2010-02-19 05:47 -------- d-----w- c:\program files\Cheat Engine
2010-07-09 08:06 . 2010-01-28 01:01 -------- d-----w- c:\documents and settings\Blain\Application Data\uTorrent
2010-07-09 08:05 . 2010-01-29 01:08 -------- d-----w- c:\documents and settings\Blain\Application Data\Skype
2010-07-09 07:05 . 2010-01-29 01:12 -------- d-----w- c:\documents and settings\Blain\Application Data\skypePM
2010-07-08 06:25 . 2010-03-04 17:07 -------- d-----w- c:\documents and settings\Blain\Application Data\FileZilla
2010-07-06 22:05 . 2010-01-28 06:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-05 02:38 . 2010-06-02 22:53 -------- d-----w- c:\program files\Eudemons Online
2010-07-01 21:28 . 2010-03-16 07:27 -------- d-----w- c:\program files\WinHex
2010-06-30 04:18 . 2010-04-24 00:00 439816 ----a-w- c:\documents and settings\Blain\Application Data\Real\Update\setup3.10\setup.exe
2010-06-29 23:22 . 2010-01-28 00:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 17:55 . 2010-02-25 00:15 -------- d-----w- c:\documents and settings\Blain\Application Data\TeamViewer
2010-06-25 23:58 . 2010-03-30 19:42 -------- d-----w- c:\program files\FileZilla FTP Client
2010-06-24 05:33 . 2010-01-28 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-20 03:35 . 2010-02-17 02:02 -------- d-----w- c:\program files\Apple Software Update
2010-06-16 05:08 . 2010-05-02 04:00 -------- d-----w- c:\program files\3dsmax7
2010-06-16 04:41 . 2010-02-17 01:49 -------- d-----w- c:\program files\MP3 Rocket
2010-06-16 04:41 . 2010-02-17 01:49 -------- d-----w- c:\documents and settings\Blain\Application Data\MP3Rocket
2010-06-07 08:16 . 2010-06-07 04:46 -------- d-----w- c:\program files\Webs Credits 2
2010-06-07 08:16 . 2010-06-07 04:58 -------- d-----w- c:\program files\Common Files\FreeCause
2010-06-07 05:03 . 2010-01-28 05:57 -------- d-----w- c:\program files\Google
2010-06-06 22:25 . 2010-06-06 22:25 -------- d-----w- c:\documents and settings\Blain\Application Data\SmartFTP
2010-06-06 22:25 . 2010-06-06 22:25 -------- d-----w- c:\program files\SmartFTP Client
2010-06-06 22:25 . 2010-06-06 22:25 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-06-05 01:11 . 2010-06-04 21:52 -------- d-----w- c:\documents and settings\Blain\Application Data\CoreFTP
2010-06-05 00:58 . 2010-06-04 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-02 23:02 . 2010-06-02 22:16 -------- d-----w- c:\documents and settings\Blain\Application Data\BitCometLite
2010-05-28 05:02 . 2010-05-28 05:02 61440 ----a-w- c:\documents and settings\Blain\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14881acc-n\decora-sse.dll
2010-05-28 05:02 . 2010-05-28 05:02 503808 ----a-w- c:\documents and settings\Blain\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-312a4f80-n\msvcp71.dll
2010-05-28 05:02 . 2010-05-28 05:02 499712 ----a-w- c:\documents and settings\Blain\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-312a4f80-n\jmc.dll
2010-05-28 05:02 . 2010-05-28 05:02 348160 ----a-w- c:\documents and settings\Blain\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-312a4f80-n\msvcr71.dll
2010-05-28 05:02 . 2010-05-28 05:02 12800 ----a-w- c:\documents and settings\Blain\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14881acc-n\decora-d3d.dll
2010-05-27 01:20 . 2010-05-27 00:25 -------- d-----w- c:\program files\CamStudio
2010-05-21 03:28 . 2010-05-21 07:46 4 ----a-w- c:\windows\version.dat
2010-05-18 03:42 . 2010-05-15 16:47 -------- d-----w- c:\program files\Phone Fusion Control Center
2010-05-12 21:17 . 2010-02-14 00:30 -------- d-----w- c:\program files\Common Files\logishrd
2010-05-12 07:57 . 2010-05-12 07:57 -------- d-----w- c:\documents and settings\Blain\Application Data\ESET
2010-05-12 07:55 . 2010-05-12 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-05-12 00:22 . 2010-05-12 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Privacyware
2010-05-06 10:41 . 2009-10-17 19:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 01:35 . 2010-05-05 01:35 94396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-05 01:17 . 2010-05-05 01:17 143976 ----a-w- c:\documents and settings\Blain\Application Data\Move Networks\uninstall.exe
2010-05-05 01:17 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Blain\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-05-02 05:22 . 2009-04-17 22:26 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 03:37 . 2010-05-02 03:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 18:06 . 2010-04-18 18:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

------- Sigcheck -------

[-] 2009-10-17 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-10-17 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-10-17 . 5E0DE69E7168A9B9510EBA0C1CCC2189 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-10-17 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-10-17 . 48665E9FEBB6EB4577D325232F3573DF . 1761280 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-10-17 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A} "= "mscoree.dll" [2009-11-07 297808]
"{EEE6C35D-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-14 138552]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{818B93D5-A4FA-4488-BF14-C4CB7B54AA0C}]
2010-06-07 08:16 1546240 ----a-w- c:\program files\Webs Credits 2\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-14 00:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{674F9426-E0C0-4BEC-A819-5F57D5A94CB3} "= "c:\program files\Webs Credits 2\Toolbar.dll" [2010-06-07 1546240]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f} "= "mscoree.dll" [2009-11-07 297808]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-14 1438520]

[HKEY_CLASSES_ROOT\clsid\{674f9426-e0c0-4bec-a819-5f57d5a94cb3}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{BF6E780C-D909-4910-98E1-33F53F9680DD}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{674F9426-E0C0-4BEC-A819-5F57D5A94CB3} "= "c:\program files\Webs Credits 2\Toolbar.dll" [2010-06-07 1546240]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-14 1438520]

[HKEY_CLASSES_ROOT\clsid\{674f9426-e0c0-4bec-a819-5f57d5a94cb3}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{BF6E780C-D909-4910-98E1-33F53F9680DD}]
[HKEY_CLASSES_ROOT\FCTB000062219.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips "= "c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"SkinClock "= "c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-08-23 528896]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Auto Backup for MySQL "= "c:\program files\SwordSky Software\Auto Backup for MySQL Professional Edition\abmpro.exe" [2007-08-04 2633728]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-29 39408]
"Software Informer "= "c:\program files\Software Informer\softinfo.exe" [2010-06-29 2322501]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive "= "c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"OSSelectorReinstall "= "c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-23 2209224]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-13 5048488]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-13 357384]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"RTHDCPL "= "RTHDCPL.EXE" [2006-05-05 16206848]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Standby "= "c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"KiweeHook "= "c:\program files\Kiwee Toolbar\3.2\kwtbaim.exe" [2009-11-25 56544]
"MSN Toolbar "= "c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SweetIM "= "c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips "= "c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"SkinClock "= "c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-08-23 528896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix "= "shell32" [X]
"_nltide_3 "= "advpack.dll" [2009-03-08 128512]

c:\documents and settings\Blain\Start Menu\Programs\Startup\
MacroMaker.lnk - c:\documents and settings\Blain\Application Data\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe [2010-2-28 10134]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
WinMySQLadmin.lnk - c:\mysql\bin\winmysqladmin.exe [2010-2-27 936448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuFavorites "= 1 (0x1)
"Start_ShowHelp "= 1 (0x1)
"Start_ShowMyComputer "= 1 (0x1)
"Start_ShowMyDocs "= 1 (0x1)
"Start_ShowMyMusic "= 1 (0x1)
"Start_ShowMyPics "= 1 (0x1)
"Start_ShowNetConn "= 1 (0x1)
"Start_ShowPrinters "= 1 (0x1)
"MemCheckBoxInRunDlg "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
"MemCheckBoxInRunDlg "= 1 (0x1)
"NoLogoff "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-23 01:45 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe "=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
"c:\\Server\\ACCServer\\AccountServer Version 6.127-1.exe "=
"c:\\Server\\Gameserver\\MsgServer_Release_2.400.exe "=
"c:\\Server\\Gameserver\\MsgServer_Release_2.450-Trade-Knight-Fix-Demons-Online-Reloaded.exe "=
"c:\\Server\\Gameserver\\MsgServer2.700.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe "=
"g:\\ManequinFULL\\mannequin\\Server\\ACCServer\\AccountServer Version 6.127-1.exe "=
"g:\\ManequinFULL\\mannequin\\Server\\GameServer\\MsgServer2.700.exe "=
"g:\\ManequinFULL\\mannequin\\Server\\GameServer\\MsgServer_Release_2.3721.exe "=
"g:\\revoultion eo server files and client\\ACCServer\\AccountServer Version 6.127-1.exe "=
"g:\\revoultion eo server files and client\\GameServer\\MsgServer2.700.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\3dsmax7\\3dsmax.exe "=
"c:\\Program Files\\backburner 2\\monitor.exe "=
"c:\\Program Files\\backburner 2\\manager.exe "=
"c:\\Program Files\\backburner 2\\server.exe "=
"c:\\Program Files\\Phone Fusion Control Center\\espcti.exe "=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\Webs Credits 2\\TroubleShooter.exe "=
"c:\\Program Files\\Webs Credits 2\\ToolbarUpdate.exe "=
"g:\\Test\\ACCServer\\AccountServer Version 6.127-1.exe "=
"g:\\Test\\GameServer\\MsgServer2.700.exe "=
"c:\\Documents and Settings\\Blain\\Desktop\\4fcom-20100617-06 - BoosterKing -\\??????Crazy Tao????\\ACCServer\\account.exe "=
"c:\\Documents and Settings\\Blain\\Desktop\\4fcom-20100617-06 - BoosterKing -\\??????Crazy Tao????\\Gameserve\\???MSG5888.exe "=
"g:\\Disturbia\\Disturbia-Online\\autopatch-install.exe "=
"g:\\Disturbia\\Disturbia-Online\\AutoPatch\\update\\Patch\\1001.exe "=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"135:TCP "= 135:TCPCOM(135)

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [1/27/2010 6:09 PM 902432]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/29/2010 12:38 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/29/2010 12:38 AM 25160]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [1/27/2010 5:22 PM 8576]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1/27/2010 6:09 PM 2326920]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [6/11/2010 3:18 PM 20480]
R2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [4/27/2010 6:49 PM 29416]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1/27/2010 6:09 PM 159168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [5/17/2009 6:16 AM 41984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 11:02 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VCDROM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 23:37]

2010-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:02]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:02]
.
.

knighthawk · 2010/07/10

------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.arc.losrios.edu/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
FF - component: c:\documents and settings\Blain\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}\components\Engine.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Blain\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath "= "C:/mysql/bin/mysqld-nt.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath "= "C:/mysql/bin/mysqld-nt.exe "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1552)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1608)
c:\windows\system32\setupapi.dll
.
Completion time: 2010-07-10 14:40:12
ComboFix-quarantined-files.txt 2010-07-10 21:40
ComboFix2.txt 2010-07-10 18:52

Pre-Run: 126,306,226,176 bytes free
Post-Run: 126,284,230,656 bytes free

- - End Of File - - A766543F5B961E6AA87460B7FB18D285

broni · 2010/07/10

Very good
How is the computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

knighthawk · 2010/07/10

OTL logfile created on: 7/10/2010 3:54:55 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Blain\Desktop
Windows XP Media Center Edition Service Pack 3, v.5938 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 117.62 Gb Free Space | 63.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 930.86 Gb Total Space | 873.79 Gb Free Space | 93.87% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLAIN-7B8FCCEC9
Current User Name: Blain
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/10 15:47:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blain\Desktop\OTL.exe
PRC - [2010/06/28 22:37:24 | 002,322,501 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2010/06/27 22:40:05 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/27 22:40:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/01 21:01:30 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2010/02/01 15:45:32 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/29 00:38:03 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/01/29 00:38:01 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/27 18:17:25 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010/01/27 18:10:35 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010/01/27 18:09:19 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampplite\apache\bin\httpd.exe
PRC - [2009/12/17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/11/25 12:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
PRC - [2009/10/17 11:57:06 | 001,761,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/20 12:36:42 | 001,133,056 | ---- | M] (ARM Software) -- C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/06/22 12:42:56 | 000,065,536 | ---- | M] (VisualTaskTips.com) -- C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/08/30 18:01:05 | 000,121,648 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2007/08/30 18:01:04 | 000,150,320 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2007/08/04 15:50:06 | 002,633,728 | ---- | M] (SwordSky Software) -- C:\Program Files\SwordSky Software\Auto Backup for MySQL Professional Edition\abmpro.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/05 21:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/02/11 03:58:02 | 000,936,448 | ---- | M] (MySQL AB) -- C:\mysql\bin\winmysqladmin.exe

========== Modules (SafeList) ==========

MOD - [2010/07/10 15:47:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blain\Desktop\OTL.exe
MOD - [2010/02/03 13:47:16 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/06/22 12:42:48 | 000,008,192 | ---- | M] () -- C:\Program Files\Utilities\VisualTaskTips\VttHooks.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/01 21:01:30 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2010/01/29 00:38:03 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/01/27 20:11:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/27 18:17:25 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/01/27 18:10:35 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/01/27 18:10:31 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/01/27 18:09:19 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampplite\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/05/17 06:16:24 | 000,041,984 | --S- | M] (BitMicro Software Corporation) [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - [2009/04/27 15:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\apache2\bin\httpd.exe -- (wampapache)
SRV - [2007/08/30 18:01:05 | 000,121,648 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2007/08/30 18:01:05 | 000,109,360 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/08/30 18:01:04 | 000,150,320 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/06 12:14:02 | 005,730,304 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\mysql\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/02/11 03:57:58 | 002,265,088 | ---- | M] () [Auto | Stopped] -- C:/mysql/bin/mysqld-nt.exe -- (MySql)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/02/03 13:47:12 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/29 00:38:05 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/01/29 00:38:05 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/01/27 18:17:25 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/01/27 18:09:21 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/01/27 18:09:17 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010/01/27 18:09:16 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/01/27 18:09:12 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/07/26 19:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/08/14 10:01:06 | 000,231,424 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 15:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/12 18:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/30 18:01:11 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2007/08/30 18:01:05 | 000,025,264 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2007/08/30 18:01:04 | 000,021,040 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2007/08/30 18:01:04 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/08/30 18:00:58 | 000,430,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2007/08/30 18:00:58 | 000,034,608 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006/05/05 20:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/05/05 08:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/29 09:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/09/14 19:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2001/12/19 12:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Program Files\System\CPL Bonus\vcdrom.sys -- (vcdrom)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\AV, = http://www.altavista.com/sites/search/web?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\FM, = http://www.filemirrors.com/search.src?file=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = http://support.microsoft.com/?kbid=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = http://search.msn.com/results.asp?q=%s
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar "
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q= "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-type: "${8} "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.arc.losrios.edu/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {90037cad-93df-4feb-9624-76c8ac58f253}:1.300.306
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p= "
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Bing "
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q= "
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "http://www.arc.losrios.edu/ "
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p= "

FF - HKLM\software\mozilla\Firefox\extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files\UnifiedToolbar\3.2\Firefox [2010/06/11 15:19:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin File not found
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/06/15 21:40:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/17 03:04:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/04 16:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 16:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/01/27 17:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Mozilla\Extensions
[2010/07/10 09:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions
[2010/06/24 01:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/09 23:53:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/07 12:06:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/07 01:17:07 | 000,000,000 | ---D | M] (Webs Credits 2) -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}
[2010/06/29 09:20:20 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/02/17 18:05:47 | 000,002,426 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\searchplugins\askcom.xml
[2010/06/16 11:56:28 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\searchplugins\bing.xml
[2010/06/13 17:33:38 | 000,002,037 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\searchplugins\kiwee-toolbar.xml
[2010/06/15 14:43:00 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\searchplugins\mywebsearch.xml
[2010/06/07 01:18:13 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\searchplugins\search-the-web.xml
[2010/06/29 09:20:07 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\Mozilla\Firefox\Profiles\wrz06ugs.default\searchplugins\sweetim.xml
[2010/07/09 18:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 11:06:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/18 11:06:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/10 14:37:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Freecause Toolbar BHO) - {818B93D5-A4FA-4488-BF14-C4CB7B54AA0C} - C:\Program Files\Webs Credits 2\Toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Webs Credits 2) - {674F9426-E0C0-4BEC-A819-5F57D5A94CB3} - C:\Program Files\Webs Credits 2\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Webs Credits 2) - {674F9426-E0C0-4BEC-A819-5F57D5A94CB3} - C:\Program Files\Webs Credits 2\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKCU..\Run: [Auto Backup for MySQL] C:\Program Files\SwordSky Software\Auto Backup for MySQL Professional Edition\abmpro.exe (SwordSky Software)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - Startup: C:\Documents and Settings\Blain\Start Menu\Programs\Startup\MacroMaker.lnk = C:\Documents and Settings\Blain\Application Data\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe ()
O4 - Startup: C:\Documents and Settings\Blain\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Blain\Start Menu\Programs\Startup\WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe (MySQL AB)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyPics = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowNetConn = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowPrinters = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.60.130.158
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Blain\My Documents\My Pictures\awesome%20background.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/06 23:45:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/01/27 17:35:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027075282206720)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 15:47:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blain\Desktop\OTL.exe
[2010/07/10 14:24:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/10 11:23:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/10 11:10:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/10 11:10:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/10 11:10:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/10 11:10:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/10 11:10:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/10 11:08:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/09 21:15:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Blain\Recent
[2010/07/09 18:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\Malwarebytes
[2010/07/09 18:26:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/09 18:26:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/09 18:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/09 18:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 20:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\Software Informer
[2010/07/08 20:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010/07/08 20:02:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/08 18:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\REVOLUTIONEO SERVER
[2010/07/06 17:48:46 | 000,000,000 | ---D | C] -- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com
[2010/07/06 17:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\gameon
[2010/07/04 16:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Pro Imaging Powertoys
[2010/07/04 16:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/07/04 16:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/04 15:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/07/04 15:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Click-N-Type
[2010/07/03 19:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\courtship test
[2010/06/29 15:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Local Settings\Application Data\StreamingFileProcessing
[2010/06/29 15:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\MP3 Music Organizer
[2010/06/29 15:47:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/06/29 13:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Crazy Tao2
[2010/06/29 13:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Crazy Tao
[2010/06/29 12:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\website
[2010/06/29 09:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2010/06/29 09:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010/06/24 18:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\Contest
[2010/06/24 16:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\BattlePunks
[2010/06/15 21:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/06/15 21:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/15 21:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/06/15 21:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\MMI
[2010/06/13 19:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Tales of Fantasy
[2010/06/11 15:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Local Settings\Application Data\Kiwee Toolbar
[2010/06/11 15:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\AGI
[2010/06/11 15:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
[2010/06/11 15:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kiwee Toolbar
[2010/06/11 15:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\UnifiedToolbar
[2010/06/11 15:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\AGI
[2010/06/11 15:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/06/09 22:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\SoulMounts
[2010/06/06 21:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2010/06/06 21:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Webs Credits 2
[2010/06/06 15:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\SmartFTP
[2010/06/06 15:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/06/06 15:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/06/04 14:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\CoreFTP
[2010/06/04 13:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/02 15:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Eudemons Online
[2010/06/02 15:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\BitCometLite
[2010/05/26 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\My Documents\Temp
[2010/05/26 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\My Documents\Settings Profiles
[2010/05/26 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\My Documents\Itemtype Settings Profiles
[2010/05/26 18:42:37 | 000,000,000 | ---D | C] -- C:\Itemtype Editor 2.0
[2010/05/26 17:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/05/24 23:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Local Settings\Application Data\RoundTableProgramming
[2010/05/21 00:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ini
[2010/05/21 00:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\c3
[2010/05/21 00:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\AutoPatch
[2010/05/15 09:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Phone Fusion Control Center
[2010/05/15 09:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\My Documents\OneNote Notebooks
[2010/05/12 00:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\ESET
[2010/05/12 00:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/05/11 17:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Local Settings\Application Data\Privatefirewall
[2010/05/11 17:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2010/05/10 17:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Local Settings\Application Data\CarMD.com_Corp
[2010/05/10 17:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\CarMD
[2010/05/10 02:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\hollow mask working
[2010/05/07 15:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\Media Player Classic
[2010/05/04 18:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\Move Networks
[2010/05/02 00:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ASTULogTemp
[2010/05/01 21:02:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Blain\My Documents\Adlm
[2010/05/01 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\backburner 2
[2010/05/01 21:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\3dsmax7
[2010/05/01 20:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/01 20:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/01 20:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/01 20:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/01 20:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/29 18:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\New Folder
[2010/04/27 18:49:15 | 000,000,000 | ---D | C] -- C:\xampplite
[2010/04/27 18:36:17 | 000,000,000 | ---D | C] -- C:\xampp
[2010/04/23 18:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\old files
[2010/04/21 23:43:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/21 12:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\My Documents\My Downloads
[2010/04/21 12:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Application Data\Megaupload
[2010/04/21 12:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Megaupload
[2010/04/19 21:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blain\Desktop\revoultion eo server files and client
[2010/04/18 11:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\Blain\*.tmp files -> C:\Documents and Settings\Blain\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

knighthawk · 2010/07/10

========== Files - Modified Within 90 Days ==========

[2010/07/10 15:54:14 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\Blain\NTUSER.DAT
[2010/07/10 15:47:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blain\Desktop\OTL.exe
[2010/07/10 15:23:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/10 15:02:10 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\PetFace.ani
[2010/07/10 15:00:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/07/10 14:55:51 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\MapItemIcon.ani
[2010/07/10 14:40:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 14:37:45 | 000,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 14:37:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 14:20:07 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\ItemMinIcon.ani
[2010/07/10 14:18:38 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/07/10 14:13:53 | 000,009,256 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\midimap.zip
[2010/07/10 14:13:48 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\beep.zip
[2010/07/10 14:00:00 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\alarms.ini
[2010/07/10 13:51:05 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\SystemLook.exe
[2010/07/10 11:59:47 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Blain\Start Menu\Programs\Startup\WinMySQLadmin.lnk
[2010/07/10 11:40:16 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Blain\Application Data\AtomicAlarmClock.ini
[2010/07/10 11:40:11 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Blain\Start Menu\Programs\Startup\MacroMaker.lnk
[2010/07/10 11:39:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 11:39:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 11:37:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Blain\ntuser.ini
[2010/07/10 11:23:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/10 11:07:00 | 003,738,393 | R--- | M] () -- C:\Documents and Settings\Blain\Desktop\ComboFix.exe
[2010/07/10 00:17:21 | 000,236,827 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\Chapter3Part1Summer2010.xlsx
[2010/07/09 21:16:44 | 011,834,822 | -H-- | M] () -- C:\Documents and Settings\Blain\Local Settings\Application Data\IconCache.db
[2010/07/09 15:02:00 | 000,614,328 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\Chapter1Chapter2Summer2010.xlsx
[2010/07/09 10:16:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 20:11:51 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\dds.com
[2010/07/08 20:04:45 | 000,000,800 | RHS- | M] () -- C:\Documents and Settings\Blain\ntuser.pol
[2010/07/08 17:58:26 | 060,894,117 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\REVOLUTIONEO SERVER.rar
[2010/07/08 17:05:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/06 17:47:31 | 040,482,535 | ---- | M] () -- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com.rar
[2010/07/06 17:16:41 | 000,503,016 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\gameon.zip
[2010/07/06 15:11:06 | 000,580,142 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/06 15:11:06 | 000,502,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/06 15:11:06 | 000,087,322 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 18:09:13 | 000,096,864 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\Level1_Chapter1.zip
[2010/07/05 17:56:35 | 000,018,568 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\Grade_Calculator.xlsx
[2010/07/04 16:59:39 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Blain\Local Settings\Application Data\fusioncache.dat
[2010/07/04 10:01:30 | 044,492,930 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\pendekar patch.rar
[2010/07/03 20:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/03 17:00:40 | 000,142,286 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\Skill Level Up Stone.rar
[2010/06/27 14:12:50 | 000,013,493 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\cq_generator.sql
[2010/06/23 15:13:20 | 000,000,399 | ---- | M] () -- C:\WINDOWS\NJCOM.INI
[2010/06/22 10:50:35 | 042,617,375 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\4fcom-20100613-03.rar
[2010/06/21 14:45:37 | 000,008,476 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\cq_action.sql
[2010/06/20 23:40:45 | 000,022,521 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\15741_1201433708790_1016974730_30501027_66041_n.jpg
[2010/06/17 01:57:01 | 001,803,284 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\CancerQueen & CancerPrincess.rar
[2010/06/16 15:25:49 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\reset.bat
[2010/06/16 14:53:16 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\ACCT.lnk
[2010/06/16 14:52:43 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\NPC.lnk
[2010/06/16 14:52:31 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\2MSG.lnk
[2010/06/15 21:40:54 | 000,000,233 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/06/14 00:04:39 | 000,004,496 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\register(2).php
[2010/06/13 19:28:50 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\Tales of Fantasy.lnk
[2010/06/13 16:18:13 | 002,278,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 17:24:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 01:47:07 | 000,001,728 | -H-- | M] () -- C:\Documents and Settings\Blain\My Documents\Default.rdp
[2010/06/04 12:43:16 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\Blain\.jupload.properties
[2010/05/29 12:54:58 | 005,158,304 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\my.rar
[2010/05/29 12:39:08 | 097,679,581 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\my.sql
[2010/05/28 23:41:46 | 000,051,816 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\cq_eudemon_rbn_type.sql
[2010/05/26 22:42:27 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\Config.ini
[2010/05/24 03:29:39 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/05/24 02:44:56 | 000,009,537 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\Book1.xlsx
[2010/05/20 20:28:55 | 000,000,004 | ---- | M] () -- C:\WINDOWS\version.dat
[2010/05/19 21:53:55 | 048,025,015 | ---- | M] () -- C:\mysql.rar
[2010/05/15 10:10:31 | 000,083,810 | ---- | M] () -- C:\WINDOWS\System32\ASTULog.cab
[2010/05/15 10:10:31 | 000,001,049 | ---- | M] () -- C:\WINDOWS\System32\setup.inf
[2010/05/15 10:10:31 | 000,000,283 | ---- | M] () -- C:\WINDOWS\System32\setup.rpt
[2010/05/15 09:15:27 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Blain\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/12 12:01:32 | 000,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/10 17:35:02 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CarMD.lnk
[2010/05/04 18:35:24 | 000,094,396 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/01 21:01:22 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3ds max 7.lnk
[2010/05/01 20:54:19 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 20:52:49 | 000,022,000 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\1119133.dds
[2010/05/01 20:47:38 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/01 14:26:53 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Blain\Desktop\soul.exe.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:42:17 | 027,551,206 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\cq_action.dbf
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 18:28:28 | 002,447,671 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\cq_dynanpc.dbf
[2010/04/24 18:24:06 | 000,398,264 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\cq_dynanpc.xlsx
[2010/04/24 18:21:40 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Blain\My Documents\dynanpc.mdb
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\Blain\*.tmp files -> C:\Documents and Settings\Blain\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 15:02:09 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\PetFace.ani
[2010/07/10 14:55:51 | 000,000,447 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\MapItemIcon.ani
[2010/07/10 14:20:07 | 000,000,447 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\ItemMinIcon.ani
[2010/07/10 14:13:55 | 000,009,256 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\midimap.zip
[2010/07/10 14:13:50 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\beep.zip
[2010/07/10 13:51:07 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\SystemLook.exe
[2010/07/10 11:23:54 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/07/10 11:23:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/10 11:10:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/10 11:10:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/10 11:10:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/10 11:10:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 11:10:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/10 11:06:55 | 003,738,393 | R--- | C] () -- C:\Documents and Settings\Blain\Desktop\ComboFix.exe
[2010/07/09 15:03:00 | 000,236,827 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\Chapter3Part1Summer2010.xlsx
[2010/07/09 15:02:00 | 000,614,328 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\Chapter1Chapter2Summer2010.xlsx
[2010/07/08 20:11:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\dds.com
[2010/07/08 20:03:53 | 000,000,800 | RHS- | C] () -- C:\Documents and Settings\Blain\ntuser.pol
[2010/07/08 17:57:12 | 060,894,117 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\REVOLUTIONEO SERVER.rar
[2010/07/06 17:48:36 | 040,482,535 | ---- | C] () -- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com.rar
[2010/07/06 17:16:41 | 000,503,016 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\gameon.zip
[2010/07/05 18:09:24 | 000,096,864 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\Level1_Chapter1.zip
[2010/07/05 17:56:42 | 000,018,568 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\Grade_Calculator.xlsx
[2010/07/04 16:59:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Blain\Local Settings\Application Data\fusioncache.dat
[2010/07/04 09:59:50 | 044,492,930 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\pendekar patch.rar
[2010/07/03 17:00:45 | 000,142,286 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\Skill Level Up Stone.rar
[2010/06/27 14:12:50 | 000,013,493 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\cq_generator.sql
[2010/06/24 03:32:39 | 000,263,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/22 10:45:48 | 042,617,375 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\4fcom-20100613-03.rar
[2010/06/21 14:45:37 | 000,008,476 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\cq_action.sql
[2010/06/20 23:33:42 | 000,022,521 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\15741_1201433708790_1016974730_30501027_66041_n.jpg
[2010/06/17 01:56:59 | 001,803,284 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\CancerQueen & CancerPrincess.rar
[2010/06/16 14:53:16 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\ACCT.lnk
[2010/06/16 14:52:43 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\NPC.lnk
[2010/06/16 14:52:31 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\2MSG.lnk
[2010/06/16 14:40:30 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\reset.bat
[2010/06/15 21:38:40 | 000,000,233 | ---- | C] () -- C:\WINDOWS\setup.iss
[2010/06/14 00:04:41 | 000,004,496 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\register(2).php
[2010/06/13 19:28:50 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\Tales of Fantasy.lnk
[2010/06/04 12:42:25 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Blain\.jupload.properties
[2010/05/29 12:42:09 | 005,158,304 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\my.rar
[2010/05/29 12:33:38 | 097,679,581 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\my.sql
[2010/05/28 23:41:45 | 000,051,816 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\cq_eudemon_rbn_type.sql
[2010/05/26 18:49:37 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\Config.ini
[2010/05/24 02:44:54 | 000,009,537 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\Book1.xlsx
[2010/05/21 00:46:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\version.dat
[2010/05/19 21:51:17 | 048,025,015 | ---- | C] () -- C:\mysql.rar
[2010/05/15 09:15:27 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Blain\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/11 17:22:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/10 18:25:29 | 000,022,000 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\1119133.dds
[2010/05/10 18:25:29 | 000,006,884 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\1119133.C3
[2010/05/10 17:35:02 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CarMD.lnk
[2010/05/04 18:35:24 | 000,094,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/02 00:36:45 | 000,083,810 | ---- | C] () -- C:\WINDOWS\System32\ASTULog.cab
[2010/05/02 00:36:45 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\setup.inf
[2010/05/02 00:36:45 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\setup.rpt
[2010/05/01 21:01:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3ds max 7.lnk
[2010/05/01 20:54:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 20:47:38 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/01 14:26:53 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Blain\Desktop\soul.exe.lnk
[2010/04/28 12:41:04 | 027,551,206 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\cq_action.dbf
[2010/04/24 18:28:23 | 002,447,671 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\cq_dynanpc.dbf
[2010/04/24 18:24:05 | 000,398,264 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\cq_dynanpc.xlsx
[2010/04/24 18:21:40 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\Blain\My Documents\dynanpc.mdb
[2010/04/22 18:32:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/15 21:38:38 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\Blain\deleted npx.txt
[2010/03/17 22:47:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/07 10:19:32 | 000,000,399 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2010/02/28 22:28:45 | 000,000,125 | ---- | C] () -- C:\WINDOWS\fd3.INI
[2010/02/28 03:00:36 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI
[2010/02/18 22:47:52 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/02/09 00:57:13 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/01/29 00:11:16 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/01/28 18:11:07 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/01/27 19:05:46 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/01/27 17:51:53 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/27 17:51:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/27 17:51:49 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/27 17:51:48 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/27 17:51:47 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/01/27 17:51:44 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/27 17:51:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/27 17:42:29 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/17 11:11:18 | 000,058,792 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll

========== LOP Check ==========

[2010/02/08 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/01/27 18:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/06/11 15:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/01/27 18:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/05/01 21:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/02/28 18:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Devart
[2010/05/12 00:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/27 18:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IndigoRose
[2010/01/27 18:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intermedia Software
[2010/04/04 16:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/06/11 15:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
[2010/05/11 17:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2010/04/04 16:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/06/29 09:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010/03/05 00:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwordSky Software
[2010/02/15 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 18:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/04/04 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/04 17:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/05/01 20:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/16 19:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/13 17:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\AGI
[2010/03/05 00:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Auto Backup for MySQL
[2010/02/07 00:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Autodesk
[2010/06/24 17:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\BattlePunks
[2010/06/02 16:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\BitCometLite
[2010/06/04 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\CoreFTP
[2010/02/28 18:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Devart
[2010/05/12 00:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\ESET
[2010/07/07 23:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\FileZilla
[2010/04/21 12:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Megaupload
[2010/06/29 16:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\MP3 Music Organizer
[2010/06/15 21:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\MP3Rocket
[2010/03/07 10:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\NJStar
[2010/03/13 20:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Notepad++
[2010/01/27 17:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Notepad2
[2010/01/27 18:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Pegasys Inc
[2010/07/10 11:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Software Informer
[2010/01/27 18:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Styler
[2010/03/05 00:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\SwordSky Software
[2010/06/29 10:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\TeamViewer
[2010/01/27 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\TuneUp Software
[2010/04/04 16:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Ulead Systems
[2010/02/10 12:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\Uniblue
[2010/07/09 01:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blain\Application Data\uTorrent
[2010/07/10 15:00:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/05/15 10:10:22 | 000,039,550 | ---- | M] () -- C:\ASLog.txt
[2010/01/27 17:35:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\beep.sys
[2010/02/22 17:06:19 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/07/10 11:23:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/10 14:40:12 | 000,057,893 | ---- | M] () -- C:\ComboFix.txt
[2010/01/27 17:35:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/27 17:35:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/07 00:19:25 | 000,000,121 | ---- | M] () -- C:\ISYSERROR.LOG
[2008/03/21 01:36:04 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\midimap.dll
[2010/01/27 17:35:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/19 21:53:55 | 048,025,015 | ---- | M] () -- C:\mysql.rar
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 11:38:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/06 17:47:31 | 040,482,535 | ---- | M] () -- C:\vBulletin 4.0.3 PL1 Nulled + Skins + Mods 2010 - www.GuruFuel.com.rar
[2010/01/27 18:19:36 | 000,010,223 | ---- | M] () -- C:\WPI_Log_2010.01.27_17.07.27.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 11:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 10:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 11:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 10:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/01/27 09:10:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/01/27 09:10:20 | 001,085,440 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/27 09:10:20 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2009/10/17 12:11:54 | 000,575,488 | ---- | M] (Microsoft Corporation) MD5=99C1ACB1B8F0F2CECC56515E502B5120 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 05:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

broni · 2010/07/10

I still need Extras.txt.

knighthawk · 2010/07/10

OTL Extras logfile created on: 7/10/2010 3:54:55 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Blain\Desktop
Windows XP Media Center Edition Service Pack 3, v.5938 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 117.62 Gb Free Space | 63.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 930.86 Gb Total Space | 873.79 Gb Free Space | 93.87% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLAIN-7B8FCCEC9
Current User Name: Blain
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [Defrag with Contig] -- C:\WINDOWS\system32\Contig.exe -s "%L\*.*" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [opennlaom] -- C:\Program Files\VirtuallTek\nLite Add-On Maker\nlaom.exe /SHL %1 (VirtuallTek Systems)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"135:TCP" = 135:TCP:*:EnabledCOM(135)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Server\ACCServer\AccountServer Version 6.127-1.exe" = C:\Server\ACCServer\AccountServer Version 6.127-1.exe:*:Enabled:???? ServerShell Microsoft ??????? -- ()
"C:\Server\Gameserver\MsgServer_Release_2.400.exe" = C:\Server\Gameserver\MsgServer_Release_2.400.exe:*:Enabled:Msgserver microsoft ??????? -- (飞翔网络)
"C:\Server\Gameserver\MsgServer_Release_2.450-Trade-Knight-Fix-Demons-Online-Reloaded.exe" = C:\Server\Gameserver\MsgServer_Release_2.450-Trade-Knight-Fix-Demons-Online-Reloaded.exe:*:Enabled:Msgserver microsoft ??????? -- (飞翔网络)
"C:\Server\Gameserver\MsgServer2.700.exe" = C:\Server\Gameserver\MsgServer2.700.exe:*:Enabled:Msgserver microsoft ??????? -- (飞翔网络)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"G:\ManequinFULL\mannequin\Server\ACCServer\AccountServer Version 6.127-1.exe" = G:\ManequinFULL\mannequin\Server\ACCServer\AccountServer Version 6.127-1.exe:*:Enabled:???? ServerShell Microsoft ??????? -- ()
"G:\ManequinFULL\mannequin\Server\GameServer\MsgServer2.700.exe" = G:\ManequinFULL\mannequin\Server\GameServer\MsgServer2.700.exe:*:Enabled:Msgserver microsoft ??????? -- (飞翔网络)
"G:\ManequinFULL\mannequin\Server\GameServer\MsgServer_Release_2.3721.exe" = G:\ManequinFULL\mannequin\Server\GameServer\MsgServer_Release_2.3721.exe:*:Enabled:Msgserver microsoft ??????? -- (飞翔网络)
"G:\revoultion eo server files and client\ACCServer\AccountServer Version 6.127-1.exe" = G:\revoultion eo server files and client\ACCServer\AccountServer Version 6.127-1.exe:*:Enabled:???? ServerShell Microsoft ??????? -- ()
"G:\revoultion eo server files and client\GameServer\MsgServer2.700.exe" = G:\revoultion eo server files and client\GameServer\MsgServer2.700.exe:*:Enabled:Msgserver microsoft ??????? -- (飞翔网络)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\3dsmax7\3dsmax.exe" = C:\Program Files\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7 -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\backburner 2\monitor.exe" = C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\backburner 2\manager.exe" = C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\backburner 2\server.exe" = C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\Phone Fusion Control Center\espcti.exe" = C:\Program Files\Phone Fusion Control Center\espcti.exe:*:Enabled:espcti -- ()
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\Webs Credits 2\TroubleShooter.exe" = C:\Program Files\Webs Credits 2\TroubleShooter.exe:*:Enabled:Webs Credits 2 (Helper) -- (FreeCause Inc.)
"C:\Program Files\Webs Credits 2\ToolbarUpdate.exe" = C:\Program Files\Webs Credits 2\ToolbarUpdate.exe:*:Enabled:Webs Credits 2 (Update) -- (FreeCause Inc.)
"G:\Test\ACCServer\AccountServer Version 6.127-1.exe" = G:\Test\ACCServer\AccountServer Version 6.127-1.exe:*:Enabled:???? ServerShell Microsoft ??????? -- ()
"G:\Test\GameServer\MsgServer2.700.exe" = G:\Test\GameServer\MsgServer2.700.exe:*:Enabled:Msgserver microsoft ??????? -- (飞翔网络)
"C:\Documents and Settings\Blain\Desktop\4fcom-20100617-06 - BoosterKing -\胜明数据发布Crazy Tao私服版本\ACCServer\account.exe" = C:\Documents and Settings\Blain\Desktop\4fcom-20100617-06 - BoosterKing -\??????Crazy Tao????\ACCServer\account.exe:*:Enabled:???????? -- File not found
"C:\Documents and Settings\Blain\Desktop\4fcom-20100617-06 - BoosterKing -\胜明数据发布Crazy Tao私服版本\Gameserve\赠战猪MSG5888.exe" = C:\Documents and Settings\Blain\Desktop\4fcom-20100617-06 - BoosterKing -\??????Crazy Tao????\Gameserve\???MSG5888.exe:*:Enabled:???MSG5888 -- File not found
"G:\Disturbia\Disturbia-Online\autopatch-install.exe" = G:\Disturbia\Disturbia-Online\autopatch-install.exe:*:Enabled:ipsec -- ()
"G:\Disturbia\Disturbia-Online\AutoPatch\update\Patch\1001.exe" = G:\Disturbia\Disturbia-Online\AutoPatch\update\Patch\1001.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r187)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DEDD4FD-2846-40E0-94E9-2CAB56F108DD}" = MMI
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1043E281-B080-4947-9BD7-3F1D233BF6D2}" = WinXP Manager
"{10deb052-db5d-32a6-9ff2-200e810d1a7b}" = Kiwee Toolbar for Firefox
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43}" = Kiwee Chatbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A352E3E-9E02-42EC-8465-76A56095C871}" = InstallShield 2009
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}" = MacroMaker
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BE15737-07C5-4705-9DFC-D9D533939942}" = NVIDIA Media Center Extensions
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{540AAE2F-0BCE-456B-A0D0-920F5E031009}" = SmartFTP Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{572FBF5D-3BAA-42FF-A468-A54C2C0A17C3}" = Autodesk Revit Architecture 2010
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC77B24-075D-4D58-A434-C83312C32BB7}_is1" = Eudemons Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}" = TMPGEnc Authoring Works 4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8aade841-03c5-486a-b048-bb112cc0cac5}" = Kiwee Toolbar for Internet Explorer
"{8E07D32B-162C-4AF3-BCF1-6A8E7FC5772D}" = MysticThumbs
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable
"{9D4368DE-CF9F-41DA-9429-44181EBDB98B}" = CarMD
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BB0122-EB81-4C55-AF0E-39B9925E08CF}}_is1" = Helium Music Manager 2009 (build 6635)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6EDF69-6478-42A0-B631-3F8DCBDE11B0}" = Click-N-Type
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D7F8FF50-EEED-4F79-BE51-ADA945AA17ED}" = AutoPlay Media Studio 7.5
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F90A3806-F5F4-4BCE-BFFF-CA1B2824F738}" = XP Context Tools
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD056785-F890-47CE-922C-CE985D5ADBEF}" = eQUEST 3.6
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"Atomic Alarm Clock_is1" = Atomic Alarm Clock 5.7
"Auto Backup for MySQL Professional Edition_is1" = Auto Backup for MySQL Professional Edition 2.1
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Revit Architecture 2010" = Autodesk Revit Architecture 2010
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"COMODO Internet Security" = COMODO Internet Security
"CPLBonus" = Kels' CPL Bonus Pack!
"DamnNFOViewer" = **** NFO Viewer v2.10.0032.RC3 (Remove Only)
"DPs_BASE" = DriverPacks BASE
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"FileZilla Client" = FileZilla Client 3.3.3
"Firefox" = Firefox v3.5.3 (Remove Only)
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"GSpot" = GSpot v2.70a
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HHD Hex Editor 4.x" = HHD Software Hex Editor Neo 4.21
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.5
"Kristanix Right Click Image Converter" = Right Click Image Converter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MP3 Rocket" = MP3 Rocket
"NJStar Communicator" = NJStar Communicator
"nLite_Plus" = nLite Plus
"Notepad++" = Notepad++
"Notepad2" = Notepad2 (Notepad Replacement)
"OpenAL" = OpenAL
"PhoenyxRysing 5080" = PhoenyxRysing 5080
"Phone Fusion Control Center_is1" = Phone Fusion Control Center 1.44
"PhoneFusion PC Phone_is1" = PhoneFusion PC Phone V 2.02
"PowerISO" = PowerISO
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Restorator2007_is1" = Restorator 2007 Trial Update 2
"SendToA3X_is1" = SendToA3X
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Sysinternals" = Sysinternals AIO Collection
"Tales of Fantasy_is1" = Tales of Fantasy
"TeamViewer 5" = TeamViewer 5
"Trials 2 SE" = Trials 2 Second Edition
"Ulead GIF Animator 5.05" = Ulead GIF Animator 5.05
"Universal Extractor_is1" = Universal Extractor 1.6 beta
"Unlocker" = Unlocker 1.8.7
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VDrive" = Vista Drive Indicator!
"VirtuallTek nLite Add-On Maker_is1" = nLite Add-On Maker 1.2
"VisualTaskTips" = Visual Task Tips 3.4
"WAMP5_is1" = WAMP5 1.7.4
"WampServer 2_is1" = WampServer 2.0
"Webs Credits 2" = Webs Credits 2
"WindowBlinds" = WindowBlinds
"WindowFX" = WindowFX
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Sidebar" = Windows Sidebar
"WinHex" = WinHex
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:35:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 2:41:39 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = vmauthd | ID = 100
Description = Could not reset '__vmware_user__' password. Aborting (net error:
2221).

[ System Events ]
Error - 7/9/2010 11:04:25 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 7/10/2010 12:22:01 AM | Computer Name = BLAIN-7B8FCCEC9 | Source = Service Control Manager | ID = 7024
Description = The VMware Authorization Service service terminated with service-specific
error 6000002 (0x5B8D82).

Error - 7/10/2010 12:17:39 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = Service Control Manager | ID = 7024
Description = The VMware Authorization Service service terminated with service-specific
error 6000002 (0x5B8D82).

Error - 7/10/2010 12:42:16 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = Service Control Manager | ID = 7024
Description = The VMware Authorization Service service terminated with service-specific
error 6000002 (0x5B8D82).

Error - 7/10/2010 1:13:29 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = Service Control Manager | ID = 7024
Description = The VMware Authorization Service service terminated with service-specific
error 6000002 (0x5B8D82).

Error - 7/10/2010 2:27:55 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = Service Control Manager | ID = 7034
Description = The MySql service terminated unexpectedly. It has done this 1 time(s).

Error - 7/10/2010 2:36:42 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
without first being prepared for removal.

Error - 7/10/2010 2:41:56 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = Service Control Manager | ID = 7024
Description = The VMware Authorization Service service terminated with service-specific
error 6000002 (0x5B8D82).

Error - 7/10/2010 5:25:19 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = Service Control Manager | ID = 7034
Description = The MySql service terminated unexpectedly. It has done this 1 time(s).

Error - 7/10/2010 5:26:15 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

[ TuneUp Events ]
Error - 7/9/2010 9:26:33 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-09 18:26:33', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','4640',0)

Error - 7/9/2010 9:27:38 PM | Computer Name = BLAIN-7B8FCCEC9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-09 18:27:38', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3160',0)

< End of report >

Log in or Sign up

Solved malware is deleting software

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Attached Files:

beep.zip

midimap.zip

knighthawk Inactive Thread Starter

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

Share This Page

Log in or Sign up

Solved malware is deleting software

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Attached Files:

beep.zip

midimap.zip

knighthawk Inactive Thread Starter

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

knighthawk Inactive Thread Starter

broni Moderator Malware Analyst

knighthawk Inactive Thread Starter

Share This Page

Useful Searches