TechSpot

McAfee real time scan will not stay on

Inactive
By waltd15
May 16, 2011
Topic Status:
Not open for further replies.
  1. Mcafee Internet security suite real time scanner will not remain active, disables within seconds after I select "turn on", ran mcafee virtual tech, worked with MCafee online tech, removed/updated SW, swicthed to automatic start under services.msc and the problem returns. removed adwar/spaware/malware using malwarebytes/superantispyware/mcafee/advanced systems care4/cc cleaner. Tne computer appears to reboot randomly on it's own and I cleaned the dust to mimimize overheating.
     
  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. waltd15

    waltd15 TS Rookie Topic Starter

    Broni, thank-you for responding, the four logs follow

    ******************Malwarebytes Anti-Malware log********************
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6579

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/16/2011 11:41:28 AM
    mbam-log-2011-05-16 (11-41-28).txt

    Scan type: Quick scan
    Objects scanned: 149624
    Time elapsed: 7 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    **********************GMER log*************************
    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-16 12:24:54
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 WDC_WD2500AAKS-00SBA0 rev.12.01B01
    Running: ggsp3301.exe; Driver: C:\DOCUME~1\WD\LOCALS~1\Temp\pwxdrfog.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7456D70]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7456D84]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7456DB0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7456E06]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7456D5C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7456D34]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7456D48]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7456D9A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7456DDC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7456DC6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7456E1C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7456DF0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----



    ******************DDS logs***************:
    ****DDS.txt****
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by WD at 12:29:44.70 on Mon 05/16/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.380 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\Program Files\Common Files\AOL\1180737898\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\WINDOWS\system32\MDM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\AOL Desktop 9.6\waol.exe
    C:\Program Files\AOL Desktop 9.6\shellmon.exe
    c:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
    C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
    C:\Documents and Settings\WD\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com
    uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    uURLSearchHooks: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\best_security_tips\tbBes1.dll
    uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} -
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514082840.dll
    BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - Ask Search Assistant BHO
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\best_security_tips\tbBes1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - Ask Toolbar BHO
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\best_security_tips\tbBes1.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [cdloader] "c:\documents and settings\wd\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
    uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [HostManager] c:\program files\common files\aol\1180737898\ee\AOLSoftware.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [KB2492386] rundll32.exe apphelp.dll,ShimFlushCache
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activclient agent.lnk - c:\program files\actividentity\activclient\acsagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ADOBEA~1.LNK -
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: navy.mil\webmail.west.nmci
    DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 c:\\windows\\system32\\ddccc
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 459728]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-31 84200]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-15 352656]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-31 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-31 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-31 148520]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-31 56064]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-31 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-31 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-31 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-31 88736]
    R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-10-17 56448]
    S2 0319361305510205mcinstcleanup;McAfee Application Installer Cleanup (0319361305510205);c:\windows\temp\0319361305510205mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\0319361305510205mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service [?]
    S2 gupdate1cac859c20c6b1e;Google Update Service (gupdate1cac859c20c6b1e);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]
    S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10741.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-31 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-31 84488]
    .
    =============== Created Last 30 ================
    .
    2011-05-15 19:14:12 -------- d-----w- c:\windows\system32\winrm
    2011-05-15 19:14:11 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-05-15 19:14:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-05-15 19:13:49 -------- d-----w- C:\6a54e3f4187a462bf31491
    2011-05-15 18:35:01 -------- d-----w- c:\docume~1\wd\applic~1\IObit
    2011-05-15 18:33:06 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe
    2011-05-15 10:00:26 -------- d-----w- C:\eb76c42999948a7165180c8c
    2011-05-14 20:51:23 -------- d-----w- c:\docume~1\wd\applic~1\Malwarebytes
    2011-05-14 20:51:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-14 20:51:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-05-14 20:51:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-14 20:51:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-14 20:47:02 -------- d-----w- c:\program files\YouTube Downloader
    2011-05-14 20:46:32 4700823 ----a-w- c:\program files\YouTubeDownloaderSetup272.exe
    2011-05-14 20:42:35 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
    2011-05-14 20:24:59 -------- d-----w- C:\7e67a608736e539e308dff8ee164c3
    2011-05-14 15:29:27 -------- d-----w- c:\program files\SiteAdvisor
    2011-05-13 10:00:52 -------- d-----w- C:\c3e06d72f5b5c351cbdc97cb
    2011-05-12 02:19:25 3063136 ----a-w- c:\program files\ccsetup306.exe
    2011-05-11 17:36:52 -------- d-----w- c:\docume~1\wd\applic~1\Azureus
    2011-05-11 17:36:07 -------- d-----w- c:\program files\Vuze
    2011-05-11 17:36:00 -------- d-----w- c:\docume~1\wd\locals~1\applic~1\Vuze_Remote
    2011-05-11 17:35:48 -------- d-----w- c:\program files\ConduitEngine
    2011-05-11 17:35:48 -------- d-----w- c:\docume~1\wd\locals~1\applic~1\ConduitEngine
    2011-05-11 17:35:46 -------- d-----w- c:\program files\Vuze_Remote
    2011-05-11 17:27:21 8902072 ----a-w- c:\program files\Vuze_Installer.exe
    .
    ==================== Find3M ====================
    .
    2011-04-14 12:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-14 09:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-05 16:57:42 231224 ----a-w- c:\program files\RapportSetup.exe
    2011-03-31 23:00:50 458096 ----a-w- c:\program files\MVTInstaller.exe
    2011-03-28 18:59:50 38808920 ----a-w- c:\program files\FileFormatConverters.exe
    2011-03-28 18:57:19 25685128 ----a-w- c:\program files\wordview_en-us.exe
    2011-03-27 17:14:38 103 ----a-w- c:\program files\oas-disabled-fix.cmd
    2011-03-23 18:38:40 478512 ----a-w- c:\program files\vlcmediaplayer-setup.exe
    2011-03-21 02:07:24 6449984 ----a-w- c:\program files\HitmanPro35.exe
    2011-03-19 20:40:37 10904766 ----a-w- c:\program files\dvdnextcopy_ultimate_setup.exe
    2011-03-13 18:45:14 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\SET1F2.tmp
    2011-03-09 21:54:59 2195440 ----a-w- c:\program files\aol_toolbar.exe
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-01-21 23:21:30 4622344 ----a-w- c:\program files\avg_avct_stb_all_2011_1191_cnet.exe
    2011-01-21 23:09:02 4622344 ----a-w- c:\program files\avg_free_stb_all_2011_1191_cnet.exe
    2011-01-21 23:07:54 58833152 ----a-w- c:\program files\setup_av_free.exe
    2010-04-11 02:31:59 1180952 ----a-w- c:\program files\DivXInstaller.exe
    2010-04-10 19:33:19 13856752 ----a-w- c:\program files\DVDFab7030.exe
    2010-03-24 02:01:23 24023528 ----a-w- c:\program files\WordPerfectLightningInstaller.exe
    2010-03-24 01:52:51 360710968 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
    2010-03-22 00:40:00 35001856 ----a-w- c:\program files\eav_nt32_enu.msi
    2010-02-24 20:54:22 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
    2010-02-12 01:16:55 209784 ----a-w- c:\program files\AOLDNLD.exe
    2010-02-02 03:04:04 8246504 ----a-w- c:\program files\Babylon8_setup.exe
    2009-11-26 03:18:08 13249536 ----a-w- c:\program files\DVDFab6205.exe
    2009-11-07 23:51:33 10307238 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
    2009-09-21 22:09:09 4855296 ----a-w- c:\program files\epson10245.exe
    2009-08-14 00:17:56 1045536 ----a-w- c:\program files\DriverDetective.exe
    2009-08-13 23:56:26 8319598 ----a-w- c:\program files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
    2009-08-13 23:11:08 113328018 ----a-w- c:\program files\sdat5707.exe
    2009-08-11 16:17:10 18863384 ----a-w- c:\program files\LimeWireWin.exe
    2009-04-19 20:29:31 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
    2009-04-17 15:26:54 387983200 ----a-w- c:\program files\ZunePackage31.exe
    2009-04-17 14:52:02 137572496 ----a-w- c:\program files\zunesetuppkg-x86.exe
    2009-04-07 23:49:44 2051072 ----a-w- c:\program files\i550xp190usz.exe
    2009-03-28 14:26:05 9708961 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
    2009-03-28 12:42:19 113136 ----a-w- c:\program files\Machinist2.setup.exe
    2009-03-01 23:06:13 1948608 ----a-w- c:\program files\R150860.EXE
    2009-02-06 01:08:02 8004480 ----a-w- c:\program files\DVDFab5232.exe
    2009-01-10 05:31:55 8002152 ----a-w- c:\program files\DVDFab5230.exe
    2008-11-30 07:46:55 6126416 ----a-w- c:\program files\seatoolsforwindowssetup.exe
    2008-11-30 07:45:56 3997231 ----a-w- c:\program files\FreeAgentCN.exe
    2008-11-26 21:47:25 1971378 ----a-w- c:\program files\SetupImgBurn_2.4.2.0.exe
    2008-11-19 18:40:06 568576 ----a-w- c:\program files\DVD43_4-4-0_Setup.exe
    2008-11-10 19:23:40 149120 ----a-w- c:\program files\startzune.exe
    2008-10-05 18:49:55 1851944 ----a-w- c:\program files\vso_inspector_setup.exe
    2008-10-01 03:41:33 3229288 ----a-w- c:\program files\DBsignWebSigner.exe
    2008-08-23 15:58:52 6543440 ----a-w- c:\program files\AWCSetup.exe
    2008-08-23 03:22:40 7507296 ----a-w- c:\program files\rminstall.exe
    2008-06-29 01:51:52 636192 ----a-w- c:\program files\DMSetup-Serial.exe
    2008-06-06 04:15:52 667688 ----a-w- c:\program files\WindowsXP-KB941644-x86-ENU.exe
    2008-05-29 02:31:40 7056016 ----a-w- c:\program files\DVDFab5025.exe
    2008-04-30 02:53:56 2403400 ----a-w- c:\program files\SetupAnyDVD6412.exe
    2008-03-29 19:56:56 6678400 ----a-w- c:\program files\DVDFabPlatinum4120.exe
    1998-12-09 03:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
    1998-12-09 03:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
    1998-12-09 03:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
    1998-12-09 03:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
    1998-12-09 03:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
    1998-12-09 03:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
    .
    ============= FINISH: 12:30:45.60 ===============


    ***Attach.txt***

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/18/2007 8:12:18 AM
    System Uptime: 5/15/2011 1:42:52 PM (23 hours ago)
    .
    Motherboard: Intel Corporation | | D945GCCR
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | | 3192/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 0.424 GiB free.
    D: is CDROM (CDFS)
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP565: 5/16/2011 3:03:43 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    8500A909_eDocs
    8500A909_Help
    8500A909g
    ActivClient CAC 6.1 x86
    Adobe Acrobat 4.0
    Adobe Acrobat 7.0 Professional
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe PhotoDeluxe Home Edition 4.0
    Adobe Photoshop CS
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Advanced SystemCare 4
    Advanced WindowsCare Personal
    AOL Registration
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    Apple Software Update
    Ask Toolbar
    Best Security Tips Toolbar
    BPD_DSWizards
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Canon i550
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Critical Update for Windows Media Player 11 (KB959772)
    DBsign Web Signer
    Dell Driver Download Manager
    Destination Component
    DeviceDiscovery
    Digimax Master
    DocMgr
    DocProc
    Download Updater (AOL LLC)
    Drive Manager
    Driver Detective
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    DVDFab 6.2.1.8 (31/12/2009)
    DVDFab 7.0.3.0 (26/03/2010)
    DVDFab 8.0.7.3 (29/01/2011)
    DVDFab Platinum 4.1.2.0
    DVDneXtCOPY 3 Ultimate
    EPSON TWAIN 5
    Fax
    Google Update Helper
    GoToAssist Corporate
    GPBaseService2
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    HP Customer Participation Program 12.0
    HP Document Manager 2.0
    HP Driver Diagnostics
    HP Imaging Device Functions 12.0
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections
    InterActual Player
    J2SE Runtime Environment 5.0 Update 3
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 25
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LightScribe 1.8.15.1
    LimeWire 5.2.13
    Machinist2DLL
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Internet Security Suite
    McAfee Virtual Technician
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Professional
    Microsoft Office Word Viewer 2003
    Microsoft Project 2000
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft VC9 runtime libraries
    Microsoft WinUsb 1.0
    MPM
    MSVCSetup
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    NavFit98A
    Nero 8
    neroxml
    NetWaiting
    Network
    OCR Software by I.R.I.S. 12.0
    Officejet Pro 8500 A909 Series
    Omemo 0.27 Beta
    OpenOffice.org Installer 1.0
    P_CS
    ProductContext
    QuickTime
    Realtek High Definition Audio Driver
    Risk+ 2.0 for Microsoft Project
    Samsung USB Driver
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shop for HP Supplies
    SmartForce Player
    SmartWebPrinting
    Soft Voice SoftRing Modem with SmartSP
    SolutionCenter
    Status
    SUPERAntiSpyware
    SureThing CD Labeler - Stomper Edition 32 bit
    TestDrive Client
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    V92 PCI Voice Faxmodem
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.4053
    VideoLAN VLC media player 0.8.6f
    Viewpoint Media Player
    VSO Inspector 1.4.2
    Vuze
    Vuze Remote Toolbar
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    wInsight 5.0
    Yahoo! Toolbar
    YouTube Downloader 2.7.2
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/16/2011 3:32:47 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    5/16/2011 3:26:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).
    5/16/2011 3:20:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704).
    5/16/2011 3:14:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
    5/15/2011 12:18:17 PM, error: KB968930 [4373] - Windows Management Framework Core KB968930 installation failed.
    The file or directory is corrupted and unreadable.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. waltd15

    waltd15 TS Rookie Topic Starter

    Broni,

    logs for Bootkit and Combofix follow, thank-you

    ***********Bootkit Remover***************
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    ****************ComboFix************************************

    ComboFix 11-05-16.02 - WD 05/16/2011 20:47:35.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.517 [GMT -7:00]
    Running from: C:\Documents and Settings\WD\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\check_LSA7.txt
    C:\Documents and Settings\WD\Application Data\inst.exe
    C:\Documents and Settings\WD\WINDOWS
    C:\Program Files\autorun.inf
    C:\Program Files\Search Toolbar
    C:\Program Files\Search Toolbar\icon.ico
    C:\Program Files\Search Toolbar\SearchToolbar.dll
    C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
    C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe
    C:\readme.txt
    J:\Autorun.inf


    ((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))


    2011-05-17 02:53:27 . 2011-05-17 02:53:30 -------- d-----w- C:\Program Files\7-Zip
    2011-05-17 02:53:17 . 2011-05-17 02:53:24 1110476 ----a-w- C:\Program Files\7z920.exe
    2011-05-15 20:43:29 . 2011-05-15 20:43:29 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
    2011-05-15 19:14:12 . 2011-05-15 19:14:12 -------- d-----w- C:\WINDOWS\system32\winrm
    2011-05-15 19:14:11 . 2011-05-15 19:14:11 -------- d-----w- C:\WINDOWS\system32\GroupPolicy
    2011-05-15 19:14:02 . 2011-05-15 19:14:21 -------- dc-h--w- C:\WINDOWS\$968930Uinstall_KB968930$
    2011-05-15 19:13:49 . 2011-05-15 19:13:56 -------- d-----w- C:\6a54e3f4187a462bf31491
    2011-05-15 18:35:01 . 2011-05-15 18:35:01 -------- d-----w- C:\Documents and Settings\WD\Application Data\IObit
    2011-05-15 18:33:06 . 2011-05-15 18:33:08 30459048 ----a-w- C:\Program Files\asc4-setup-cnet.exe
    2011-05-15 10:00:26 . 2011-05-15 10:00:32 -------- d-----w- C:\eb76c42999948a7165180c8c
    2011-05-14 20:51:23 . 2011-05-14 20:51:23 -------- d-----w- C:\Documents and Settings\WD\Application Data\Malwarebytes
    2011-05-14 20:51:17 . 2011-05-14 20:51:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2011-05-14 20:51:17 . 2010-12-21 01:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011-05-14 20:51:14 . 2011-05-14 20:51:18 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2011-05-14 20:51:14 . 2010-12-21 01:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2011-05-14 20:47:02 . 2011-05-14 20:47:05 -------- d-----w- C:\Program Files\YouTube Downloader
    2011-05-14 20:46:32 . 2011-05-14 20:46:38 4700823 ----a-w- C:\Program Files\YouTubeDownloaderSetup272.exe
    2011-05-14 20:42:35 . 2011-05-14 20:51:00 7734208 ----a-w- C:\Program Files\mbam-setup-1.50.1.1100.exe
    2011-05-14 20:24:59 . 2011-05-14 20:25:00 -------- d-----w- C:\7e67a608736e539e308dff8ee164c3
    2011-05-14 15:29:27 . 2011-05-14 15:29:28 -------- d-----w- C:\Program Files\SiteAdvisor
    2011-05-13 10:00:52 . 2011-05-13 10:00:56 -------- d-----w- C:\c3e06d72f5b5c351cbdc97cb
    2011-05-12 02:19:25 . 2011-05-12 02:19:37 3063136 ----a-w- C:\Program Files\ccsetup306.exe
    2011-05-11 17:36:52 . 2011-05-17 03:15:57 -------- d-----w- C:\Documents and Settings\WD\Application Data\Azureus
    2011-05-11 17:36:07 . 2011-05-16 02:27:35 -------- d-----w- C:\Program Files\Vuze
    2011-05-11 17:36:00 . 2011-05-14 20:23:04 -------- d-----w- C:\Documents and Settings\WD\Local Settings\Application Data\Vuze_Remote
    2011-05-11 17:35:48 . 2011-05-14 20:23:07 -------- d-----w- C:\Documents and Settings\WD\Local Settings\Application Data\ConduitEngine
    2011-05-11 17:35:48 . 2011-05-11 17:35:50 -------- d-----w- C:\Program Files\ConduitEngine
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-04-14 21:01:38 . 2011-03-31 22:55:04 9344 ----a-w- C:\WINDOWS\system32\drivers\mfeclnk.sys
    2011-04-14 21:01:38 . 2011-03-31 22:54:56 88736 ----a-w- C:\WINDOWS\system32\drivers\mfendisk.sys
    2011-04-14 21:01:38 . 2011-03-31 22:54:56 84488 ----a-w- C:\WINDOWS\system32\drivers\mferkdet.sys
    2011-04-14 21:01:38 . 2011-03-31 22:54:56 84200 ----a-w- C:\WINDOWS\system32\drivers\mfetdi2k.sys
    2011-04-14 21:01:38 . 2011-03-31 22:54:56 52320 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys
    2011-04-14 21:01:38 . 2011-03-31 22:54:56 314088 ----a-w- C:\WINDOWS\system32\drivers\mfefirek.sys
    2011-04-14 21:01:38 . 2011-03-31 22:54:55 56064 ----a-w- C:\WINDOWS\system32\drivers\cfwids.sys
    2011-04-14 21:01:38 . 2011-03-31 22:54:55 153280 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys
    2011-04-14 12:07:59 . 2011-01-23 00:50:56 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
    2011-04-14 09:40:22 . 2007-09-01 02:52:40 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
    2011-04-05 16:57:42 . 2011-04-05 16:57:42 231224 ----a-w- C:\Program Files\RapportSetup.exe
    2011-03-31 23:00:50 . 2011-03-31 23:02:33 458096 ----a-w- C:\Program Files\MVTInstaller.exe
    2011-03-28 18:59:50 . 2009-04-06 00:48:54 38808920 ----a-w- C:\Program Files\FileFormatConverters.exe
    2011-03-28 18:57:19 . 2009-04-06 00:44:46 25685128 ----a-w- C:\Program Files\wordview_en-us.exe
    2011-03-27 17:14:38 . 2011-03-27 17:14:45 103 ----a-w- C:\Program Files\oas-disabled-fix.cmd
    2011-03-23 18:38:40 . 2011-03-23 18:36:55 478512 ----a-w- C:\Program Files\vlcmediaplayer-setup.exe
    2011-03-21 02:07:28 . 2011-01-21 23:38:20 16968 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
    2011-03-21 02:07:24 . 2011-01-21 23:37:25 6449984 ----a-w- C:\Program Files\HitmanPro35.exe
    2011-03-19 20:40:37 . 2011-03-19 20:32:37 10904766 ----a-w- C:\Program Files\dvdnextcopy_ultimate_setup.exe
    2011-03-13 18:45:14 . 2011-03-31 22:46:17 148520 ----a-w- C:\WINDOWS\system32\mfevtps.exe
    2011-03-13 18:20:10 . 2010-10-14 05:28:54 459728 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys
    2011-03-13 18:20:10 . 2010-10-14 05:28:54 118784 ----a-w- C:\WINDOWS\system32\drivers\mfeapfk.sys
    2011-03-11 14:10:38 . 2006-02-28 12:00:00 471552 ----a-w- C:\WINDOWS\apppatch\aclayers.dll
    2011-03-09 21:54:59 . 2011-03-09 21:54:56 2195440 ----a-w- C:\Program Files\aol_toolbar.exe
    2011-03-07 05:33:50 . 2007-04-27 17:32:16 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
    2011-03-04 06:37:06 . 2006-02-28 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
    2011-03-03 13:21:11 . 2006-02-28 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
    2011-02-22 23:06:29 . 2006-02-28 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2011-02-22 23:06:29 . 2006-02-28 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
    2011-02-22 23:06:29 . 2006-02-28 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
    2011-02-22 11:41:59 . 2006-02-28 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
    2011-02-17 13:18:24 . 2006-02-28 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
    2011-02-17 13:18:03 . 2006-02-28 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
    2011-02-17 12:32:12 . 2009-04-17 11:48:58 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
    2011-01-21 23:21:30 . 2011-01-21 23:21:25 4622344 ----a-w- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
    2011-01-21 23:09:02 . 2011-01-21 23:08:55 4622344 ----a-w- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
    2011-01-21 23:07:54 . 2011-01-21 22:55:41 58833152 ----a-w- C:\Program Files\setup_av_free.exe
    2010-04-11 02:31:59 . 2010-04-11 02:31:58 1180952 ----a-w- C:\Program Files\DivXInstaller.exe
    2010-04-10 19:33:19 . 2010-04-10 19:33:13 13856752 ----a-w- C:\Program Files\DVDFab7030.exe
    2010-03-24 02:01:23 . 2010-03-24 02:01:22 24023528 ----a-w- C:\Program Files\WordPerfectLightningInstaller.exe
    2010-03-24 01:52:51 . 2010-03-24 01:52:05 360710968 ----a-w- C:\Program Files\WordPerfectOfficeInstaller.exe
    2010-03-22 00:40:00 . 2010-03-22 00:19:59 35001856 ----a-w- C:\Program Files\eav_nt32_enu.msi
    2010-02-24 20:54:22 . 2010-02-24 20:54:21 27386256 ----a-w- C:\Program Files\AdbeRdr930_en_US.exe
    2010-02-12 01:16:55 . 2010-02-12 01:16:55 209784 ----a-w- C:\Program Files\AOLDNLD.exe
    2010-02-02 03:04:04 . 2010-02-02 03:03:51 8246504 ----a-w- C:\Program Files\Babylon8_setup.exe
    2009-11-26 03:18:08 . 2009-11-26 03:18:01 13249536 ----a-w- C:\Program Files\DVDFab6205.exe
    2009-11-07 23:51:33 . 2009-11-07 23:51:27 10307238 ----a-w- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
    2009-09-21 22:09:09 . 2009-09-21 22:09:01 4855296 ----a-w- C:\Program Files\epson10245.exe
    2009-08-14 00:17:56 . 2008-08-23 02:47:30 1045536 ----a-w- C:\Program Files\DriverDetective.exe
    2009-08-13 23:56:26 . 2009-08-13 23:05:33 8319598 ----a-w- C:\Program Files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
    2009-08-13 23:11:08 . 2009-08-13 23:11:05 113328018 ----a-w- C:\Program Files\sdat5707.exe
    2009-08-11 16:17:10 . 2008-05-03 17:01:40 18863384 ----a-w- C:\Program Files\LimeWireWin.exe
    2009-04-19 20:29:31 . 2009-04-19 20:29:30 25740144 ----a-w- C:\Program Files\wmp11-windowsxp-x86-enu.exe
    2009-04-17 15:26:54 . 2009-04-17 15:26:17 387983200 ----a-w- C:\Program Files\ZunePackage31.exe
    2009-04-17 14:52:02 . 2009-04-17 14:51:59 137572496 ----a-w- C:\Program Files\zunesetuppkg-x86.exe
    2009-04-07 23:49:44 . 2009-02-07 18:39:32 2051072 ----a-w- C:\Program Files\i550xp190usz.exe
    2009-03-28 14:26:05 . 2009-03-28 14:26:00 9708961 ----a-w- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
    2009-03-28 12:42:19 . 2008-11-19 18:34:33 113136 ----a-w- C:\Program Files\Machinist2.setup.exe
    2009-03-01 23:06:13 . 2009-03-01 23:06:10 1948608 ----a-w- C:\Program Files\R150860.EXE
    2009-02-06 01:08:02 . 2009-02-06 01:07:52 8004480 ----a-w- C:\Program Files\DVDFab5232.exe
    2009-01-10 05:31:55 . 2009-01-10 05:31:46 8002152 ----a-w- C:\Program Files\DVDFab5230.exe
    2008-11-30 07:46:55 . 2008-11-30 07:46:52 6126416 ----a-w- C:\Program Files\seatoolsforwindowssetup.exe
    2008-11-30 07:45:56 . 2008-11-30 07:45:56 3997231 ----a-w- C:\Program Files\FreeAgentCN.exe
    2008-11-26 21:47:25 . 2008-11-26 21:47:18 1971378 ----a-w- C:\Program Files\SetupImgBurn_2.4.2.0.exe
    2008-11-19 18:40:06 . 2008-11-19 18:39:56 568576 ----a-w- C:\Program Files\DVD43_4-4-0_Setup.exe
    2008-11-10 19:23:40 . 2008-11-10 19:23:40 149120 ----a-w- C:\Program Files\startzune.exe
    2008-10-05 18:49:55 . 2008-10-05 18:49:51 1851944 ----a-w- C:\Program Files\vso_inspector_setup.exe
    2008-10-01 03:41:33 . 2008-10-01 03:41:24 3229288 ----a-w- C:\Program Files\DBsignWebSigner.exe
    2008-08-23 15:58:52 . 2008-08-23 03:17:46 6543440 ----a-w- C:\Program Files\AWCSetup.exe
    2008-08-23 03:22:40 . 2008-08-23 03:22:36 7507296 ----a-w- C:\Program Files\rminstall.exe
    2008-06-29 01:51:52 . 2008-06-29 01:51:47 636192 ----a-w- C:\Program Files\DMSetup-Serial.exe
    2008-06-06 04:15:52 . 2008-06-06 04:15:49 667688 ----a-w- C:\Program Files\WindowsXP-KB941644-x86-ENU.exe
    2008-05-29 02:31:40 . 2008-05-29 02:31:28 7056016 ----a-w- C:\Program Files\DVDFab5025.exe
    2008-04-30 02:53:56 . 2008-04-30 02:43:08 2403400 ----a-w- C:\Program Files\SetupAnyDVD6412.exe
    2008-03-29 19:56:56 . 2008-03-29 19:56:47 6678400 ----a-w- C:\Program Files\DVDFabPlatinum4120.exe
    1998-12-09 03:53:54 . 1998-12-09 03:53:54 99840 ----a-w- C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 03:53:54 . 1998-12-09 03:53:54 70144 ----a-w- C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 03:53:54 . 1998-12-09 03:53:54 48640 ----a-w- C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 03:53:54 . 1998-12-09 03:53:54 31744 ----a-w- C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 03:53:54 . 1998-12-09 03:53:54 186368 ----a-w- C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 03:53:54 . 1998-12-09 03:53:54 17920 ----a-w- C:\Program Files\Common Files\IRASRIAL.DLL


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da30eff8-ccc6-4162-a20d-67402a26a215}"= "C:\Program Files\Best_Security_Tips\tbBes1.dll" [2008-05-03 05:35:54 1470488]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 23:54:02 175912]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 23:54:02 175912 ----a-w- C:\Program Files\ConduitEngine\prxConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 23:54:02 175912 ----a-w- C:\Program Files\Vuze_Remote\prxtbVuze.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    2008-05-03 05:35:54 1470488 ----a-w- C:\Program Files\Best_Security_Tips\tbBes1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{da30eff8-ccc6-4162-a20d-67402a26a215}"= "C:\Program Files\Best_Security_Tips\tbBes1.dll" [2008-05-03 05:35:54 1470488]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 23:54:02 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 23:54:02 175912]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "C:\Program Files\Best_Security_Tips\tbBes1.dll" [2008-05-03 05:35:54 1470488]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "C:\Program Files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 23:54:02 175912]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-19 00:55:20 451872]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-10 19:55:18 2424192]
    "Advanced SystemCare 4"="C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 23:54:40 402832]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21:28 16270848]
    "SkyTel"="SkyTel.EXE" [2006-05-17 02:04:26 2879488]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 00:39:20 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 00:36:06 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 00:40:02 118784]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 09:12:02 483328]
    "HostManager"="C:\Program Files\Common Files\AOL\1180737898\ee\AOLSoftware.exe" [2010-03-08 07:27:49 41800]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 23:57:48 282624]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 06:16:38 39792]
    "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 23:21:06 169328]
    "accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 23:08:08 293168]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 22:57:24 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 16:25:06 1828136]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-11-10 19:23:40 157312]
    "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 17:54:08 150016]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 20:08:54 49208]
    "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-04-05 18:50:44 1195408]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 20:12:22 253672]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
    Adobe Acrobat Speed Launcher.lnk - [N/A]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-23 113664]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2007-05-15 23:08:16 112640 ----a-w- C:\WINDOWS\system32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2007-05-15 23:08:12 281088 ----a-w- C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2011-03-09 22:39:52 13672 ----a-w- C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1180737898\\ee\\aolsoftware.exe"=
    "C:\\Program Files\\AOL 9.0a\\waol.exe"=
    "C:\\Program Files\\AOL 9.1\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Omemo\\Omemo.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
    "C:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
    "C:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "C:\\Documents and Settings\\WD\\Application Data\\mjusbsp\\magicJack.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

    R1 mfetdi2k;McAfee Inc. mfetdi2k;C:\WINDOWS\system32\drivers\mfetdi2k.sys [3/31/2011 3:54:56 PM 84200]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:48 AM 12872]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41:30 AM 67656]
    R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08:40 PM 182576]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [5/15/2011 11:34:59 AM 352656]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54:48 PM 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54:48 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54:48 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe [3/31/2011 3:55:10 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\system32\mfevtps.exe [3/31/2011 3:46:17 PM 148520]
    R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\system32\drivers\cfwids.sys [3/31/2011 3:54:55 PM 56064]
    R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\system32\drivers\mfefirek.sys [3/31/2011 3:54:56 PM 314088]
    R3 mfendiskmp;mfendiskmp;C:\WINDOWS\system32\drivers\mfendisk.sys [3/31/2011 3:54:56 PM 88736]
    R3 SCR3XX2K;SCR3xx USB SmartCardReader;C:\WINDOWS\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11:00 PM 56448]
    S2 gupdate1cac859c20c6b1e;Google Update Service (gupdate1cac859c20c6b1e);C:\Program Files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18:35 AM 133104]
    S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18:35 AM 133104]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;C:\WINDOWS\system32\drivers\mfendisk.sys [3/31/2011 3:54:56 PM 88736]
    S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\system32\drivers\mferkdet.sys [3/31/2011 3:54:56 PM 84488]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-07-19 00:53:40 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

    Contents of the 'Scheduled Tasks' folder

    2011-05-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 22:21:02 . 2006-08-29 22:21:02]

    2011-05-17 C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
    - C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-15 18:34:59 . 2011-04-21 23:54:38]

    2011-05-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18:35 . 2010-03-20 18:18:30]

    2011-05-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18:35 . 2010-03-20 18:18:30]


    ------- Supplementary Scan -------

    uStart Page = hxxp://www.aol.com
    uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: navy.mil\webmail.west.nmci
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab

    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    WebBrowser-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
     
  6. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Combofix log is incomplete.
    Open the log again (C:\combofix.txt) and post the lower part, starting at:

    - - - ORPHANS REMOVED - - - -
     
  7. waltd15

    waltd15 TS Rookie Topic Starter

    Mcadee Real Time Scan will not Stay on

    The last Combofix.txt log ended at orphans removed. Ran Combofix again, log follows
    ;

    ComboFix 11-05-16.04 - WD 05/17/2011 8:18.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.475 [GMT -7:00]
    Running from: c:\documents and settings\WD\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\check_LSA7.txt
    c:\documents and settings\WD\Application Data\inst.exe
    c:\program files\autorun.inf
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    C:\readme.txt
    J:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-17 02:53 . 2011-05-17 02:53 -------- d-----w- c:\program files\7-Zip
    2011-05-17 02:53 . 2011-05-17 02:53 1110476 ----a-w- c:\program files\7z920.exe
    2011-05-15 20:43 . 2011-05-15 20:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
    2011-05-15 19:14 . 2011-05-15 19:14 -------- d-----w- c:\windows\system32\winrm
    2011-05-15 19:14 . 2011-05-15 19:14 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-05-15 19:14 . 2011-05-15 19:14 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-05-15 19:13 . 2011-05-15 19:13 -------- d-----w- C:\6a54e3f4187a462bf31491
    2011-05-15 18:35 . 2011-05-15 18:35 -------- d-----w- c:\documents and settings\WD\Application Data\IObit
    2011-05-15 18:33 . 2011-05-15 18:33 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe
    2011-05-15 10:00 . 2011-05-15 10:00 -------- d-----w- C:\eb76c42999948a7165180c8c
    2011-05-14 20:51 . 2011-05-14 20:51 -------- d-----w- c:\documents and settings\WD\Application Data\Malwarebytes
    2011-05-14 20:51 . 2011-05-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-14 20:51 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-14 20:51 . 2011-05-14 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-14 20:51 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-14 20:47 . 2011-05-14 20:47 -------- d-----w- c:\program files\YouTube Downloader
    2011-05-14 20:46 . 2011-05-14 20:46 4700823 ----a-w- c:\program files\YouTubeDownloaderSetup272.exe
    2011-05-14 20:42 . 2011-05-14 20:51 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
    2011-05-14 20:24 . 2011-05-14 20:25 -------- d-----w- C:\7e67a608736e539e308dff8ee164c3
    2011-05-14 15:29 . 2011-05-14 15:29 -------- d-----w- c:\program files\SiteAdvisor
    2011-05-13 10:00 . 2011-05-13 10:00 -------- d-----w- C:\c3e06d72f5b5c351cbdc97cb
    2011-05-12 02:19 . 2011-05-12 02:19 3063136 ----a-w- c:\program files\ccsetup306.exe
    2011-05-11 17:36 . 2011-05-17 03:15 -------- d-----w- c:\documents and settings\WD\Application Data\Azureus
    2011-05-11 17:36 . 2011-05-16 02:27 -------- d-----w- c:\program files\Vuze
    2011-05-11 17:36 . 2011-05-14 20:23 -------- d-----w- c:\documents and settings\WD\Local Settings\Application Data\Vuze_Remote
    2011-05-11 17:35 . 2011-05-14 20:23 -------- d-----w- c:\documents and settings\WD\Local Settings\Application Data\ConduitEngine
    2011-05-11 17:35 . 2011-05-11 17:35 -------- d-----w- c:\program files\ConduitEngine
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-14 21:01 . 2011-03-31 22:55 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 21:01 . 2011-03-31 22:54 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 21:01 . 2011-03-31 22:54 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 21:01 . 2011-03-31 22:54 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 21:01 . 2011-03-31 22:54 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 21:01 . 2011-03-31 22:54 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 21:01 . 2011-03-31 22:54 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 21:01 . 2011-03-31 22:54 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 12:07 . 2011-01-23 00:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-14 09:40 . 2007-09-01 02:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-05 16:57 . 2011-04-05 16:57 231224 ----a-w- c:\program files\RapportSetup.exe
    2011-03-31 23:00 . 2011-03-31 23:02 458096 ----a-w- c:\program files\MVTInstaller.exe
    2011-03-28 18:59 . 2009-04-06 00:48 38808920 ----a-w- c:\program files\FileFormatConverters.exe
    2011-03-28 18:57 . 2009-04-06 00:44 25685128 ----a-w- c:\program files\wordview_en-us.exe
    2011-03-27 17:14 . 2011-03-27 17:14 103 ----a-w- c:\program files\oas-disabled-fix.cmd
    2011-03-23 18:38 . 2011-03-23 18:36 478512 ----a-w- c:\program files\vlcmediaplayer-setup.exe
    2011-03-21 02:07 . 2011-01-21 23:38 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-03-21 02:07 . 2011-01-21 23:37 6449984 ----a-w- c:\program files\HitmanPro35.exe
    2011-03-19 20:40 . 2011-03-19 20:32 10904766 ----a-w- c:\program files\dvdnextcopy_ultimate_setup.exe
    2011-03-13 18:45 . 2011-03-31 22:46 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-03-13 18:20 . 2010-10-14 05:28 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-03-13 18:20 . 2010-10-14 05:28 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-03-11 14:10 . 2006-02-28 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
    2011-03-09 21:54 . 2011-03-09 21:54 2195440 ----a-w- c:\program files\aol_toolbar.exe
    2011-03-07 05:33 . 2007-04-27 17:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-04-17 11:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-01-21 23:21 . 2011-01-21 23:21 4622344 ----a-w- c:\program files\avg_avct_stb_all_2011_1191_cnet.exe
    2011-01-21 23:09 . 2011-01-21 23:08 4622344 ----a-w- c:\program files\avg_free_stb_all_2011_1191_cnet.exe
    2011-01-21 23:07 . 2011-01-21 22:55 58833152 ----a-w- c:\program files\setup_av_free.exe
    2010-04-11 02:31 . 2010-04-11 02:31 1180952 ----a-w- c:\program files\DivXInstaller.exe
    2010-04-10 19:33 . 2010-04-10 19:33 13856752 ----a-w- c:\program files\DVDFab7030.exe
    2010-03-24 02:01 . 2010-03-24 02:01 24023528 ----a-w- c:\program files\WordPerfectLightningInstaller.exe
    2010-03-24 01:52 . 2010-03-24 01:52 360710968 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
    2010-03-22 00:40 . 2010-03-22 00:19 35001856 ----a-w- c:\program files\eav_nt32_enu.msi
    2010-02-24 20:54 . 2010-02-24 20:54 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
    2010-02-12 01:16 . 2010-02-12 01:16 209784 ----a-w- c:\program files\AOLDNLD.exe
    2010-02-02 03:04 . 2010-02-02 03:03 8246504 ----a-w- c:\program files\Babylon8_setup.exe
    2009-11-26 03:18 . 2009-11-26 03:18 13249536 ----a-w- c:\program files\DVDFab6205.exe
    2009-11-07 23:51 . 2009-11-07 23:51 10307238 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
    2009-09-21 22:09 . 2009-09-21 22:09 4855296 ----a-w- c:\program files\epson10245.exe
    2009-08-14 00:17 . 2008-08-23 02:47 1045536 ----a-w- c:\program files\DriverDetective.exe
    2009-08-13 23:56 . 2009-08-13 23:05 8319598 ----a-w- c:\program files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
    2009-08-13 23:11 . 2009-08-13 23:11 113328018 ----a-w- c:\program files\sdat5707.exe
    2009-08-11 16:17 . 2008-05-03 17:01 18863384 ----a-w- c:\program files\LimeWireWin.exe
    2009-04-19 20:29 . 2009-04-19 20:29 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
    2009-04-17 15:26 . 2009-04-17 15:26 387983200 ----a-w- c:\program files\ZunePackage31.exe
    2009-04-17 14:52 . 2009-04-17 14:51 137572496 ----a-w- c:\program files\zunesetuppkg-x86.exe
    2009-04-07 23:49 . 2009-02-07 18:39 2051072 ----a-w- c:\program files\i550xp190usz.exe
    2009-03-28 14:26 . 2009-03-28 14:26 9708961 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
    2009-03-28 12:42 . 2008-11-19 18:34 113136 ----a-w- c:\program files\Machinist2.setup.exe
    2009-03-01 23:06 . 2009-03-01 23:06 1948608 ----a-w- c:\program files\R150860.EXE
    2009-02-06 01:08 . 2009-02-06 01:07 8004480 ----a-w- c:\program files\DVDFab5232.exe
    2009-01-10 05:31 . 2009-01-10 05:31 8002152 ----a-w- c:\program files\DVDFab5230.exe
    2008-11-30 07:46 . 2008-11-30 07:46 6126416 ----a-w- c:\program files\seatoolsforwindowssetup.exe
    2008-11-30 07:45 . 2008-11-30 07:45 3997231 ----a-w- c:\program files\FreeAgentCN.exe
    2008-11-26 21:47 . 2008-11-26 21:47 1971378 ----a-w- c:\program files\SetupImgBurn_2.4.2.0.exe
    2008-11-19 18:40 . 2008-11-19 18:39 568576 ----a-w- c:\program files\DVD43_4-4-0_Setup.exe
    2008-11-10 19:23 . 2008-11-10 19:23 149120 ----a-w- c:\program files\startzune.exe
    2008-10-05 18:49 . 2008-10-05 18:49 1851944 ----a-w- c:\program files\vso_inspector_setup.exe
    2008-10-01 03:41 . 2008-10-01 03:41 3229288 ----a-w- c:\program files\DBsignWebSigner.exe
    2008-08-23 15:58 . 2008-08-23 03:17 6543440 ----a-w- c:\program files\AWCSetup.exe
    2008-08-23 03:22 . 2008-08-23 03:22 7507296 ----a-w- c:\program files\rminstall.exe
    2008-06-29 01:51 . 2008-06-29 01:51 636192 ----a-w- c:\program files\DMSetup-Serial.exe
    2008-06-06 04:15 . 2008-06-06 04:15 667688 ----a-w- c:\program files\WindowsXP-KB941644-x86-ENU.exe
    2008-05-29 02:31 . 2008-05-29 02:31 7056016 ----a-w- c:\program files\DVDFab5025.exe
    2008-04-30 02:53 . 2008-04-30 02:43 2403400 ----a-w- c:\program files\SetupAnyDVD6412.exe
    2008-03-29 19:56 . 2008-03-29 19:56 6678400 ----a-w- c:\program files\DVDFabPlatinum4120.exe
    1998-12-09 03:53 . 1998-12-09 03:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
    1998-12-09 03:53 . 1998-12-09 03:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
    1998-12-09 03:53 . 1998-12-09 03:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
    1998-12-09 03:53 . 1998-12-09 03:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
    1998-12-09 03:53 . 1998-12-09 03:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
    1998-12-09 03:53 . 1998-12-09 03:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes1.dll" [2008-05-03 1470488]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 23:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 23:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    2008-05-03 05:35 1470488 ----a-w- c:\program files\Best_Security_Tips\tbBes1.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes1.dll" [2008-05-03 1470488]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "c:\program files\Best_Security_Tips\tbBes1.dll" [2008-05-03 1470488]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-19 451872]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-10 2424192]
    "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]
    "AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
    "SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
    "HostManager"="c:\program files\Common Files\AOL\1180737898\ee\AOLSoftware.exe" [2010-03-08 41800]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
    Adobe Acrobat Speed Launcher.lnk - [N/A]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-23 113664]
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2011-03-09 22:39 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1180737898\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\AOL 9.0a\\waol.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Omemo\\Omemo.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "c:\\Documents and Settings\\WD\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/31/2011 3:54 PM 84200]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
    R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08 PM 182576]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/15/2011 11:34 AM 352656]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54 PM 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/31/2011 3:55 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/31/2011 3:46 PM 148520]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/31/2011 3:54 PM 56064]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/31/2011 3:54 PM 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/31/2011 3:54 PM 88736]
    R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11 PM 56448]
    S2 gupdate1cac859c20c6b1e;Google Update Service (gupdate1cac859c20c6b1e);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18 AM 133104]
    S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18 AM 133104]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/31/2011 3:54 PM 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/31/2011 3:54 PM 84488]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-07-19 00:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 22:21]
    .
    2011-05-17 c:\windows\Tasks\ASC4_PerformanceMonitor.job
    - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-15 23:54]
    .
    2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18]
    .
    2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com
    uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: navy.mil\webmail.west.nmci
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-17 08:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\05\03\0b\11$!?"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1148)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\ackpbsc.dll
    c:\windows\system32\aclog.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
    c:\windows\system32\ACLIBEAY.dll
    c:\windows\system32\acevtsub.dll
    c:\windows\system32\asphat32.dll
    c:\windows\system32\acerrmes.dll
    c:\windows\system32\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
    c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\windows\system32\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
    .
    - - - - - - - > 'explorer.exe'(5720)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\siteadvisor\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-05-17 08:28:03
    ComboFix-quarantined-files.txt 2011-05-17 15:28
    .
    Pre-Run: 68,622,524,416 bytes free
    Post-Run: 68,644,515,840 bytes free
    .
    - - End Of File - - BA5C5B6ADE797340DBCF80E2F9A6280E
     
  8. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good.

    How is McAfee behaving?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. waltd15

    waltd15 TS Rookie Topic Starter

    Thank-you Broni, Mcafee real time will not stay active

    OTL. txt log Part 1 of 2

    OTL logfile created on: 5/17/2011 3:36:11 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\WD\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,013.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 47.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 63.62 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
    Drive D: | 2.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DESKTOP-CC34A4D | User Name: WD | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
    PRC - [2011/05/10 12:55:18 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
    PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
    PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/04/05 11:50:44 | 001,159,888 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
    PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/10/12 14:56:44 | 000,233,912 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McInsUpd.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe
    PRC - [2008/11/10 12:23:40 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ZUNE\ZuneLauncher.exe
    PRC - [2008/11/10 12:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    PRC - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    PRC - [2007/05/15 16:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    PRC - [2007/05/15 16:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    PRC - [2007/05/15 16:08:00 | 000,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    PRC - [1998/09/03 23:09:08 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
    MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
    SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2011/03/09 15:39:54 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
    SRV - [2011/01/26 11:30:32 | 000,822,104 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0270651305659229mcinst.exe -- (0270651305659229mcinstcleanup) McAfee Application Installer Cleanup (0270651305659229)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2008/11/10 12:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2008/11/10 12:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2008/11/10 12:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
    SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
    SRV - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
    SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
    DRV - [2006/11/15 15:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/11/08 16:00:10 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/11/08 15:59:36 | 000,257,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2006/11/08 15:59:30 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/07/05 15:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
    DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = AOL search
    IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
    IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\URLSearchHook: {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/28 16:55:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 14:10:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2009/03/12 18:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WD\Application Data\Mozilla\Extensions
    [2009/03/12 18:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WD\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2011/05/16 20:58:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110514082840.dll (McAfee, Inc.)
    O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - Reg Error: Value error. File not found
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Best Security Tips Toolbar) - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Best Security Tips Toolbar) - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\Toolbar\WebBrowser: (Best Security Tips Toolbar) - {DA30EFF8-CCC6-4162-A20D-67402A26A215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe (AOL Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
    O4 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: navy.mil ([webmail.west.nmci] https in Trusted sites)
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
    O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
    O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\WD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\WD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/03/30 15:32:43 | 000,000,030 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/17 15:30:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
    [2011/05/17 12:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/05/17 06:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/05/16 20:20:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/16 20:15:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/16 20:15:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/16 20:15:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/16 20:15:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/16 20:15:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/05/16 20:14:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/16 19:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
    [2011/05/16 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/05/15 19:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\Vuze Downloads
    [2011/05/15 13:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
    [2011/05/15 12:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2011/05/15 12:14:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2011/05/15 12:14:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011/05/15 12:14:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2011/05/15 12:13:49 | 000,000,000 | ---D | C] -- C:\6a54e3f4187a462bf31491
    [2011/05/15 11:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
    [2011/05/15 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Application Data\IObit
    [2011/05/15 11:33:06 | 030,459,048 | ---- | C] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe
    [2011/05/15 03:00:26 | 000,000,000 | ---D | C] -- C:\eb76c42999948a7165180c8c
    [2011/05/14 13:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Application Data\Malwarebytes
    [2011/05/14 13:51:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/14 13:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/14 13:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/05/14 13:51:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/14 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/14 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
    [2011/05/14 13:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
    [2011/05/14 13:42:35 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
    [2011/05/14 13:24:59 | 000,000,000 | ---D | C] -- C:\7e67a608736e539e308dff8ee164c3
    [2011/05/14 08:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
    [2011/05/13 03:00:52 | 000,000,000 | ---D | C] -- C:\c3e06d72f5b5c351cbdc97cb
    [2011/05/12 08:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\Albany May11 Docs
    [2011/05/11 19:19:25 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
    [2011/05/11 19:17:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WD\Recent
    [2011/05/11 13:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\my Downloads
    [2011/05/11 12:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\Credit and Banking
    [2011/05/11 10:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Application Data\Azureus
    [2011/05/11 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
    [2011/05/11 10:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Local Settings\Application Data\Vuze_Remote
    [2011/05/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
    [2011/05/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Local Settings\Application Data\ConduitEngine
    [2011/05/11 10:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
    [2011/05/11 10:27:21 | 008,902,072 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
    [2011/04/05 09:57:42 | 000,231,224 | ---- | C] (Trusteer Ltd.) -- C:\Program Files\RapportSetup.exe
    [2011/03/31 16:02:33 | 000,458,096 | ---- | C] (McAfee Inc.) -- C:\Program Files\MVTInstaller.exe
    [2011/03/19 13:32:37 | 010,904,766 | ---- | C] (DVDneXtCOPY Inc.) -- C:\Program Files\dvdnextcopy_ultimate_setup.exe
    [2011/03/09 14:54:56 | 002,195,440 | ---- | C] (AOL Inc.) -- C:\Program Files\aol_toolbar.exe
    [2011/01/21 16:37:25 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
    [2011/01/21 16:21:25 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
    [2011/01/21 16:08:55 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
    [2010/04/10 19:31:58 | 001,180,952 | ---- | C] (DivX, Inc. ) -- C:\Program Files\DivXInstaller.exe
    [2010/04/10 12:33:13 | 013,856,752 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab7030.exe
    [2010/03/23 19:01:22 | 024,023,528 | ---- | C] (Corel Corporation ) -- C:\Program Files\WordPerfectLightningInstaller.exe
    [2010/03/23 18:52:05 | 360,710,968 | ---- | C] (Acresso Software Inc. ) -- C:\Program Files\WordPerfectOfficeInstaller.exe
    [2010/02/24 13:54:21 | 027,386,256 | ---- | C] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
    [2010/02/11 18:16:55 | 000,209,784 | ---- | C] (AOL LLC.) -- C:\Program Files\AOLDNLD.exe
    [2009/11/25 20:18:01 | 013,249,536 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab6205.exe
    [2009/08/13 16:11:05 | 113,328,018 | ---- | C] (McAfee, Inc.) -- C:\Program Files\sdat5707.exe
    [2009/04/19 13:29:30 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
    [2009/04/17 08:26:17 | 387,983,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePackage31.exe
    [2009/04/17 07:51:59 | 137,572,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\zunesetuppkg-x86.exe
    [2009/04/05 17:48:54 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
    [2009/04/05 17:44:46 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
    [2009/02/05 18:07:52 | 008,004,480 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5232.exe
    [2009/01/09 22:31:46 | 008,002,152 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5230.exe
    [2008/11/26 14:47:18 | 001,971,378 | ---- | C] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
    [2008/11/19 11:39:56 | 000,568,576 | ---- | C] ( ) -- C:\Program Files\DVD43_4-4-0_Setup.exe
    [2008/11/10 12:23:40 | 000,149,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\startzune.exe
    [2008/10/05 11:49:51 | 001,851,944 | ---- | C] (VSO-Software SARL ) -- C:\Program Files\vso_inspector_setup.exe
    [2008/09/30 20:41:24 | 003,229,288 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\DBsignWebSigner.exe
    [2008/08/22 20:22:36 | 007,507,296 | ---- | C] (PC Tools ) -- C:\Program Files\rminstall.exe
    [2008/08/22 20:17:46 | 006,543,440 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe
    [2008/08/22 19:47:30 | 001,045,536 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Program Files\DriverDetective.exe
    [2008/06/28 18:51:47 | 000,636,192 | ---- | C] (McAfee, Inc.) -- C:\Program Files\DMSetup-Serial.exe
    [2008/06/05 21:15:49 | 000,667,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB941644-x86-ENU.exe
    [2008/05/28 19:31:28 | 007,056,016 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5025.exe
    [2008/05/03 10:01:40 | 018,863,384 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
    [2008/03/29 12:57:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\WD\Application Data\pcouffin.sys
    [2008/03/29 12:56:47 | 006,678,400 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabPlatinum4120.exe
    [1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
    [1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
    [1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
    [1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
    [1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
    [1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
    [2011/05/17 15:08:09 | 000,094,360 | ---- | M] () -- C:\VETlog.dmp
    [2011/05/17 15:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/17 15:03:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/17 08:28:04 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
    [2011/05/17 08:16:02 | 004,350,228 | R--- | M] () -- C:\Documents and Settings\WD\Desktop\ComboFix.exe
    [2011/05/17 06:12:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/17 06:11:59 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security Suite.lnk
    [2011/05/17 06:11:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/16 20:58:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/16 20:20:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/05/16 20:01:20 | 000,040,205 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.7z
    [2011/05/16 20:00:16 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\WD\My Documents\bootkit_remover.rar
    [2011/05/16 20:00:16 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.rar
    [2011/05/16 19:53:24 | 001,110,476 | ---- | M] () -- C:\Program Files\7z920.exe
    [2011/05/16 16:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/05/16 12:27:04 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\dds.scr
    [2011/05/16 12:17:06 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\ggsp3301.exe
    [2011/05/15 18:12:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/05/15 11:35:16 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
    [2011/05/15 11:35:14 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
    [2011/05/15 11:35:13 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
    [2011/05/15 11:33:08 | 030,459,048 | ---- | M] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe
    [2011/05/14 13:51:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/14 13:51:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
    [2011/05/14 13:47:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
    [2011/05/14 13:46:38 | 004,700,823 | ---- | M] () -- C:\Program Files\YouTubeDownloaderSetup272.exe
    [2011/05/14 12:56:10 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
    [2011/05/13 18:28:38 | 008,902,072 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
    [2011/05/13 03:32:40 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/11 20:50:53 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\Microsoft Word.lnk
    [2011/05/11 19:20:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/05/11 19:19:37 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
    [2011/05/11 10:36:32 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2011/05/11 10:36:31 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
  10. waltd15

    waltd15 TS Rookie Topic Starter

    OTL.txt log Part 2 of 2


    ========== Files Created - No Company Name ==========

    [2011/05/16 20:20:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/05/16 20:20:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/05/16 20:15:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/16 20:15:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/16 20:15:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/16 20:15:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/16 20:15:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/16 20:06:31 | 004,350,228 | R--- | C] () -- C:\Documents and Settings\WD\Desktop\ComboFix.exe
    [2011/05/16 20:03:06 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\WD\My Documents\bootkit_remover.rar
    [2011/05/16 20:01:19 | 000,040,205 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.7z
    [2011/05/16 19:56:52 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.rar
    [2011/05/16 19:53:17 | 001,110,476 | ---- | C] () -- C:\Program Files\7z920.exe
    [2011/05/16 12:27:03 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\dds.scr
    [2011/05/16 12:17:05 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\ggsp3301.exe
    [2011/05/15 18:14:47 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
    [2011/05/15 18:12:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/05/15 11:35:30 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
    [2011/05/15 11:35:16 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
    [2011/05/15 11:35:14 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
    [2011/05/15 11:35:13 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
    [2011/05/14 13:51:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/14 13:47:05 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
    [2011/05/14 13:46:32 | 004,700,823 | ---- | C] () -- C:\Program Files\YouTubeDownloaderSetup272.exe
    [2011/05/14 08:30:11 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security Suite.lnk
    [2011/05/11 19:20:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/05/11 10:36:32 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2011/05/11 10:36:31 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
    [2011/05/11 10:36:31 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
    [2011/03/27 10:14:45 | 000,000,103 | ---- | C] () -- C:\Program Files\oas-disabled-fix.cmd
    [2011/03/25 08:40:34 | 000,691,385 | ---- | C] () -- C:\Program Files\RAVselect.zip
    [2011/03/23 11:36:55 | 000,478,512 | ---- | C] () -- C:\Program Files\vlcmediaplayer-setup.exe
    [2011/01/21 16:38:20 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/01/21 16:10:41 | 000,000,560 | ---- | C] () -- C:\Program Files\Shortcut to setup_av_free.exe.lnk
    [2011/01/21 15:55:41 | 058,833,152 | ---- | C] () -- C:\Program Files\setup_av_free.exe
    [2010/03/24 14:17:55 | 000,509,257 | ---- | C] () -- C:\Program Files\SKMBT_50009102212580.pdf
    [2010/03/24 14:17:05 | 000,000,022 | ---- | C] () -- C:\Program Files\Karen Charles Profile.zip
    [2010/03/24 14:15:17 | 000,523,597 | ---- | C] () -- C:\Program Files\3566_001.pdf
    [2010/03/24 14:08:03 | 000,259,360 | ---- | C] () -- C:\Program Files\Offer.zip
    [2010/03/24 14:03:26 | 001,117,766 | ---- | C] () -- C:\Program Files\4051_001.pdf
    [2010/03/24 14:00:18 | 000,047,642 | ---- | C] () -- C:\Program Files\4054_001.pdf
    [2010/03/24 13:58:21 | 000,150,802 | ---- | C] () -- C:\Program Files\3714_001.pdf
    [2010/03/24 13:57:39 | 000,112,032 | ---- | C] () -- C:\Program Files\3715_001.pdf
    [2010/03/24 13:57:22 | 000,636,269 | ---- | C] () -- C:\Program Files\4053_001.pdf
    [2010/03/24 13:48:08 | 001,024,197 | ---- | C] () -- C:\Program Files\SBSA Avocado_001.pdf
    [2010/03/24 08:56:14 | 000,025,374 | ---- | C] () -- C:\Program Files\4419 Avocado Blvd Amended Commission Instructions.zip
    [2010/03/21 17:19:59 | 035,001,856 | ---- | C] () -- C:\Program Files\eav_nt32_enu.msi
    [2010/02/01 20:03:51 | 008,246,504 | ---- | C] () -- C:\Program Files\Babylon8_setup.exe
    [2010/01/28 16:54:25 | 000,023,107 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
    [2009/12/07 06:45:03 | 000,077,371 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
    [2009/11/26 20:56:16 | 000,061,710 | ---- | C] () -- C:\Program Files\baby charles.php
    [2009/11/07 16:51:27 | 010,307,238 | ---- | C] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
    [2009/10/15 18:12:08 | 000,068,027 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
    [2009/10/15 17:48:50 | 000,188,700 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
    [2009/10/15 17:48:50 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
    [2009/09/21 15:09:01 | 004,855,296 | ---- | C] () -- C:\Program Files\epson10245.exe
    [2009/08/13 16:05:33 | 008,319,598 | ---- | C] () -- C:\Program Files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
    [2009/08/07 13:33:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2009/08/03 19:26:20 | 007,908,106 | ---- | C] () -- C:\Program Files\VSE870P1.zip
    [2009/08/03 19:26:11 | 059,489,250 | ---- | C] () -- C:\Program Files\VSE870LML.zip
    [2009/03/29 15:00:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009/03/28 07:26:00 | 009,708,961 | ---- | C] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
    [2009/03/16 12:21:33 | 000,207,580 | ---- | C] () -- C:\Program Files\Prepped 2008 TaxReturn.pdf
    [2009/03/01 16:06:10 | 001,948,608 | ---- | C] () -- C:\Program Files\R150860.EXE
    [2009/02/07 11:39:32 | 002,051,072 | ---- | C] () -- C:\Program Files\i550xp190usz.exe
    [2009/01/26 06:01:48 | 000,129,896 | ---- | C] () -- C:\Program Files\neac_jazzfest_09_final.pdf
    [2009/01/24 07:26:59 | 000,001,086 | ---- | C] () -- C:\Program Files\The_Top_100_Lovemaking_Techniques_of_All_Time_-_A_MUST_HAVE!_extreme_seed_RK_banner_[mininova].torrent
    [2008/11/30 00:46:52 | 006,126,416 | ---- | C] () -- C:\Program Files\seatoolsforwindowssetup.exe
    [2008/11/30 00:45:56 | 003,997,231 | ---- | C] () -- C:\Program Files\FreeAgentCN.exe
    [2008/11/19 11:34:33 | 000,113,136 | ---- | C] () -- C:\Program Files\Machinist2.setup.exe
    [2008/11/19 11:14:59 | 000,041,817 | ---- | C] () -- C:\Program Files\machinist2.zip
    [2008/08/16 06:53:12 | 006,187,805 | ---- | C] () -- C:\Program Files\Version23Navfit98.zip
    [2008/08/11 19:45:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/06/26 13:07:31 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2008/04/29 19:43:08 | 002,403,400 | ---- | C] () -- C:\Program Files\SetupAnyDVD6412.exe
    [2008/03/30 15:27:39 | 000,514,443 | ---- | C] () -- C:\Program Files\Samsung User Manual H-S203N_Eng.pdf
    [2008/03/29 13:57:50 | 000,736,467 | ---- | C] () -- C:\Program Files\170_rpc1.zip
    [2008/03/29 13:48:37 | 000,741,512 | ---- | C] () -- C:\Program Files\170bbt_orig.zip
    [2008/03/29 13:35:35 | 000,740,200 | ---- | C] () -- C:\Program Files\111b_orig.zip
    [2008/03/29 12:57:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\pcouffin.cat
    [2008/03/29 12:57:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\pcouffin.inf
    [2008/03/29 07:04:05 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2007/12/26 08:15:37 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/12/26 08:15:37 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/12/26 08:15:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
    [2007/11/30 06:49:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\cbtsys.ini
    [2007/08/06 20:22:25 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\WD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/07/21 05:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/07/20 15:26:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
    [2007/06/29 14:22:05 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
    [2007/06/01 15:46:52 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
    [2007/06/01 15:44:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/05/23 18:06:16 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
    [2007/05/18 17:33:42 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
    [2007/05/18 17:33:42 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
    [2007/05/18 17:33:42 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
    [2007/05/18 17:33:42 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
    [2007/05/18 17:33:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2007/05/18 17:33:40 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
    [2007/05/18 17:01:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/05/18 16:52:11 | 000,000,932 | ---- | C] () -- C:\WINDOWS\Epsonem.ini
    [2007/05/18 15:29:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/05/18 15:29:36 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2007/05/18 15:29:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2007/04/27 12:19:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/04/27 11:17:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2007/04/27 10:36:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/04/27 10:32:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2007/04/27 03:19:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/04/27 03:18:50 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/02/28 05:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/02/28 05:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/01/20 10:56:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Machinist2.dll
    [2000/02/23 09:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
    [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2008/07/10 19:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/03/09 15:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2011/03/19 13:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DShield
    [2011/03/28 12:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDneXtCOPY
    [2010/03/21 17:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2011/01/21 16:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2007/05/25 10:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2008/07/30 16:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2011/01/23 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2008/08/22 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2007/11/28 16:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2008/03/29 07:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2008/08/23 08:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/06/15 06:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/04/02 19:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2011/05/16 20:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Azureus
    [2008/09/30 20:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\DBsign
    [2009/03/16 17:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\ICAClient
    [2008/11/26 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\ImgBurn
    [2011/05/15 11:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\IObit
    [2009/09/04 18:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\LimeWire
    [2010/03/19 13:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\mjusbsp
    [2009/03/16 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Runaware
    [2007/06/15 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Viewpoint
    [2010/04/10 12:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Vso
    [2011/05/17 08:28:04 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/08/29 18:04:02 | 048,287,568 | ---- | M] () -- C:\20090829-019-v5i32.exe
    [2007/12/31 15:30:18 | 000,084,485 | ---- | M] () -- C:\3226203698.htm
    [2008/02/16 13:48:39 | 006,281,272 | ---- | M] (IObit ) -- C:\Advanced Windows Care Setup.exe
    [2007/06/01 16:59:51 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2007/06/01 16:59:51 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2008/03/30 15:32:43 | 000,000,030 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/03/19 17:03:21 | 000,097,511 | ---- | M] () -- C:\Barack Obama 18Mar08 Speech watch.htm
    [2007/05/18 08:12:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/05/16 20:20:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2008/02/16 14:25:56 | 002,733,928 | ---- | M] (Piriform Ltd) -- C:\ccsetup204.exe
    [2000/08/19 10:52:36 | 008,658,944 | ---- | M] () -- C:\ce2kmain.exe
    [2008/01/02 22:50:00 | 001,660,495 | ---- | M] () -- C:\CleanWipe.exe
    [2008/01/02 22:50:00 | 000,012,629 | ---- | M] () -- C:\CleanWipeRevisionHistory.txt
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/05/17 08:28:04 | 000,028,134 | ---- | M] () -- C:\ComboFix.txt
    [2008/03/30 15:32:43 | 000,000,046 | ---- | M] () -- C:\CONFIG.SYS
    [2007/09/03 18:20:08 | 000,128,344 | ---- | M] (Digital River) -- C:\Download_PlatoDVDRipper_CE.exe
    [2011/03/19 13:21:05 | 000,000,000 | ---- | M] () -- C:\DVDPlayer.log
    [2007/05/18 16:39:36 | 000,000,032 | ---- | M] () -- C:\e.txt
    [2007/05/23 12:33:40 | 004,855,296 | ---- | M] () -- C:\epson10245.exe
    [2007/05/18 16:51:55 | 000,000,006 | ---- | M] () -- C:\epson1200.txt
    [2007/05/18 16:52:02 | 000,000,009 | ---- | M] () -- C:\epson1201.txt
    [2008/07/02 10:01:33 | 000,000,138 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210032687.log
    [2008/07/02 10:01:35 | 000,000,129 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210135750.log
    [2008/07/02 10:01:35 | 000,000,131 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210135906.log
    [2008/07/02 10:01:36 | 000,000,134 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210136312.log
    [2008/07/02 10:01:36 | 000,000,134 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210136625.log
    [2009/03/27 16:40:56 | 122,792,840 | ---- | M] () -- C:\HighLogging.log
    [2007/05/23 12:50:04 | 006,722,560 | ---- | M] () -- C:\i550 B645mux.exe
    [2011/03/23 17:00:03 | 000,030,013 | ---- | M] () -- C:\install.log
    [2007/04/27 10:34:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/01/01 12:13:04 | 000,594,880 | ---- | M] (Sharman Networks Ltd) -- C:\kazaa_setup.exe
    [2007/09/15 07:25:27 | 001,957,620 | ---- | M] (WebSpeeders LLC) -- C:\LimeWireTurboAccelerator_installer.exe
    [2007/10/05 20:31:21 | 002,982,334 | ---- | M] () -- C:\LYT0869-001B.pdf
    [2007/06/01 17:26:18 | 000,000,010 | ---- | M] () -- C:\mmjbaltlog.txt
    [2007/06/01 17:26:18 | 000,016,418 | ---- | M] () -- C:\mmjblog.txt
    [2007/04/27 10:34:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2007/12/09 21:25:50 | 001,851,580 | ---- | M] () -- C:\mybizinfo.pdf
    [2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/30 22:07:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2008/03/19 17:05:15 | 000,097,221 | ---- | M] () -- C:\Obama 18Mar08 Speechwatch.htm
    [2011/05/17 06:11:19 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2007/04/27 11:17:20 | 000,000,206 | ---- | M] () -- C:\realtek.log
    [2007/04/27 11:17:20 | 000,000,499 | ---- | M] () -- C:\RHDSetup.log
    [2009/04/19 04:35:05 | 000,002,215 | ---- | M] () -- C:\rollback.ini
    [2009/08/29 17:17:05 | 078,801,969 | ---- | M] () -- C:\SEP.zip
    [2007/11/27 20:11:29 | 039,735,296 | -H-- | M] () -- C:\SyncToy_0aad269d-e2ed-4ec6-bec7-98185c8b755c.dat
    [2007/06/01 17:26:18 | 000,002,978 | ---- | M] () -- C:\UserInfo.dat
    [2011/05/17 15:08:09 | 000,094,360 | ---- | M] () -- C:\VETlog.dmp
    [2011/05/17 15:08:10 | 003,749,380 | ---- | M] () -- C:\VETlog.txt
    [2008/02/24 08:03:18 | 000,039,590 | ---- | M] () -- C:\video-i-have-a-dream-speech.htm

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2007/04/27 10:34:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2005/11/29 21:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD49.DLL
    [2005/11/30 06:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP49.DLL
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll
    [1998/12/11 18:29:52 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OLFPNT40.DLL
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [1999/11/05 14:58:52 | 000,072,704 | ---- | M] () -- C:\WINDOWS\PhotoDeluxe.scr
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/03/29 13:35:42 | 000,740,200 | ---- | M] () -- C:\Program Files\111b_orig.zip
    [2008/03/29 13:48:41 | 000,741,512 | ---- | M] () -- C:\Program Files\170bbt_orig.zip
    [2008/03/29 13:57:54 | 000,736,467 | ---- | M] () -- C:\Program Files\170_rpc1.zip
    [2010/03/24 14:15:19 | 000,523,597 | ---- | M] () -- C:\Program Files\3566_001.pdf
    [2010/03/24 14:03:41 | 000,150,802 | ---- | M] () -- C:\Program Files\3714_001.pdf
    [2010/03/24 14:03:54 | 000,112,032 | ---- | M] () -- C:\Program Files\3715_001.pdf
    [2010/03/24 14:03:28 | 001,117,766 | ---- | M] () -- C:\Program Files\4051_001.pdf
    [2010/03/24 13:59:04 | 000,636,269 | ---- | M] () -- C:\Program Files\4053_001.pdf
    [2010/03/24 14:00:19 | 000,047,642 | ---- | M] () -- C:\Program Files\4054_001.pdf
    [2010/03/24 08:56:16 | 000,025,374 | ---- | M] () -- C:\Program Files\4419 Avocado Blvd Amended Commission Instructions.zip
    [2011/05/16 19:53:24 | 001,110,476 | ---- | M] () -- C:\Program Files\7z920.exe
    [2008/12/01 15:28:26 | 000,104,448 | ---- | M] () -- C:\Program Files\aabwordapp.doc
    [2010/02/24 13:54:22 | 027,386,256 | ---- | M] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
    [2010/02/11 18:16:55 | 000,209,784 | ---- | M] (AOL LLC.) -- C:\Program Files\AOLDNLD.exe
    [2011/03/09 14:54:59 | 002,195,440 | ---- | M] (AOL Inc.) -- C:\Program Files\aol_toolbar.exe
    [2011/05/15 11:33:08 | 030,459,048 | ---- | M] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe
    [2011/01/21 16:21:30 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
    [2011/01/21 16:09:02 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
    [2008/08/23 08:58:52 | 006,543,440 | ---- | M] (IObit ) -- C:\Program Files\AWCSetup.exe
    [2009/11/26 20:56:18 | 000,061,710 | ---- | M] () -- C:\Program Files\baby charles.php
    [2010/02/01 20:04:04 | 008,246,504 | ---- | M] () -- C:\Program Files\Babylon8_setup.exe
    [2011/05/11 19:19:37 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
    [2008/09/30 20:41:33 | 003,229,288 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\DBsignWebSigner.exe
    [2009/08/13 16:56:26 | 008,319,598 | ---- | M] () -- C:\Program Files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
    [2010/04/10 19:31:59 | 001,180,952 | ---- | M] (DivX, Inc. ) -- C:\Program Files\DivXInstaller.exe
    [2008/06/28 18:51:52 | 000,636,192 | ---- | M] (McAfee, Inc.) -- C:\Program Files\DMSetup-Serial.exe
    [2009/08/13 17:17:56 | 001,045,536 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Program Files\DriverDetective.exe
    [2008/11/19 11:40:06 | 000,568,576 | ---- | M] ( ) -- C:\Program Files\DVD43_4-4-0_Setup.exe
    [2008/05/28 19:31:40 | 007,056,016 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5025.exe
    [2009/01/09 22:31:55 | 008,002,152 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5230.exe
    [2009/02/05 18:08:02 | 008,004,480 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5232.exe
    [2009/11/25 20:18:08 | 013,249,536 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab6205.exe
    [2010/04/10 12:33:19 | 013,856,752 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab7030.exe
    [2008/03/29 12:56:56 | 006,678,400 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabPlatinum4120.exe
    [2011/03/19 13:40:37 | 010,904,766 | ---- | M] (DVDneXtCOPY Inc.) -- C:\Program Files\dvdnextcopy_ultimate_setup.exe
    [2009/03/28 07:26:05 | 009,708,961 | ---- | M] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
    [2009/11/07 16:51:33 | 010,307,238 | ---- | M] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
    [2010/03/21 17:40:00 | 035,001,856 | ---- | M] () -- C:\Program Files\eav_nt32_enu.msi
    [2009/09/21 15:09:09 | 004,855,296 | ---- | M] () -- C:\Program Files\epson10245.exe
    [2011/03/28 11:59:50 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
    [2008/11/30 00:45:56 | 003,997,231 | ---- | M] () -- C:\Program Files\FreeAgentCN.exe
    [2011/03/20 19:07:24 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
    [2009/04/07 16:49:44 | 002,051,072 | ---- | M] () -- C:\Program Files\i550xp190usz.exe
    [2010/03/24 14:36:14 | 000,000,022 | ---- | M] () -- C:\Program Files\Karen Charles Profile.zip
    [2009/08/11 09:17:10 | 018,863,384 | ---- | M] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
    [2009/03/28 05:42:19 | 000,113,136 | ---- | M] () -- C:\Program Files\Machinist2.setup.exe
    [2008/11/19 11:14:59 | 000,041,817 | ---- | M] () -- C:\Program Files\machinist2.zip
    [2011/05/14 13:51:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
    [2011/03/31 16:00:50 | 000,458,096 | ---- | M] (McAfee Inc.) -- C:\Program Files\MVTInstaller.exe
    [2009/01/26 06:01:48 | 000,129,896 | ---- | M] () -- C:\Program Files\neac_jazzfest_09_final.pdf
    [2011/03/27 10:14:38 | 000,000,103 | ---- | M] () -- C:\Program Files\oas-disabled-fix.cmd
    [2010/03/24 14:08:04 | 000,259,360 | ---- | M] () -- C:\Program Files\Offer.zip
    [2009/03/16 12:21:34 | 000,207,580 | ---- | M] () -- C:\Program Files\Prepped 2008 TaxReturn.pdf
    [2009/03/01 16:06:13 | 001,948,608 | ---- | M] () -- C:\Program Files\R150860.EXE
    [2011/04/05 09:57:42 | 000,231,224 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\RapportSetup.exe
    [2011/03/25 08:40:35 | 000,691,385 | ---- | M] () -- C:\Program Files\RAVselect.zip
    [2008/08/22 20:22:40 | 007,507,296 | ---- | M] (PC Tools ) -- C:\Program Files\rminstall.exe
    [2008/03/30 15:27:42 | 000,514,443 | ---- | M] () -- C:\Program Files\Samsung User Manual H-S203N_Eng.pdf
    [2010/03/24 13:48:11 | 001,024,197 | ---- | M] () -- C:\Program Files\SBSA Avocado_001.pdf
    [2009/08/13 16:11:08 | 113,328,018 | ---- | M] (McAfee, Inc.) -- C:\Program Files\sdat5707.exe
    [2008/11/30 00:46:55 | 006,126,416 | ---- | M] () -- C:\Program Files\seatoolsforwindowssetup.exe
    [2008/04/29 19:53:56 | 002,403,400 | ---- | M] () -- C:\Program Files\SetupAnyDVD6412.exe
    [2008/11/26 14:47:25 | 001,971,378 | ---- | M] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
    [2011/01/21 16:07:54 | 058,833,152 | ---- | M] () -- C:\Program Files\setup_av_free.exe
    [2011/01/21 16:10:41 | 000,000,560 | ---- | M] () -- C:\Program Files\Shortcut to setup_av_free.exe.lnk
    [2010/03/24 14:17:56 | 000,509,257 | ---- | M] () -- C:\Program Files\SKMBT_50009102212580.pdf
    [2008/11/10 12:23:40 | 000,149,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\startzune.exe
    [2009/08/13 16:38:41 | 000,055,564 | ---- | M] () -- C:\Program Files\SuperDAT.log
    [2009/01/24 07:26:59 | 000,001,086 | ---- | M] () -- C:\Program Files\The_Top_100_Lovemaking_Techniques_of_All_Time_-_A_MUST_HAVE!_extreme_seed_RK_banner_[mininova].torrent
    [2009/01/06 17:50:23 | 006,187,805 | ---- | M] () -- C:\Program Files\Version23Navfit98.zip
    [2011/03/23 11:38:40 | 000,478,512 | ---- | M] () -- C:\Program Files\vlcmediaplayer-setup.exe
    [2009/08/13 16:17:10 | 059,489,250 | ---- | M] () -- C:\Program Files\VSE870LML.zip
    [2009/08/13 16:17:41 | 007,908,106 | ---- | M] () -- C:\Program Files\VSE870P1.zip
    [2008/10/05 11:49:55 | 001,851,944 | ---- | M] (VSO-Software SARL ) -- C:\Program Files\vso_inspector_setup.exe
    [2011/05/13 18:28:38 | 008,902,072 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
    [2008/06/05 21:15:52 | 000,667,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB941644-x86-ENU.exe
    [2009/04/19 13:29:31 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
    [2010/03/23 19:01:23 | 024,023,528 | ---- | M] (Corel Corporation ) -- C:\Program Files\WordPerfectLightningInstaller.exe
    [2010/03/23 18:52:51 | 360,710,968 | ---- | M] (Acresso Software Inc. ) -- C:\Program Files\WordPerfectOfficeInstaller.exe
    [2011/03/28 11:57:19 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
    [2011/05/14 13:46:38 | 004,700,823 | ---- | M] () -- C:\Program Files\YouTubeDownloaderSetup272.exe
    [2009/04/17 08:26:54 | 387,983,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ZunePackage31.exe
    [2009/04/17 07:52:02 | 137,572,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\zunesetuppkg-x86.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/04/27 03:17:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/04/27 03:17:56 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/04/27 03:17:56 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/30 22:12:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/05/18 08:12:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2007/05/18 08:12:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2007/08/31 20:01:30 | 023,402,288 | ---- | M] ( ) -- C:\Documents and Settings\WD\Desktop\AdbeRdr810_en_US.exe
    [2011/05/17 08:16:02 | 004,350,228 | R--- | M] () -- C:\Documents and Settings\WD\Desktop\ComboFix.exe
    [2008/07/07 06:07:06 | 026,451,968 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\FreeAgent-DT-WW.exe
    [2011/05/16 12:17:06 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\ggsp3301.exe
    [2008/07/07 07:12:27 | 004,898,144 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\WD\Desktop\LimeWireWin.exe
    [2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [1998/12/08 20:53:54 | 000,099,840 | ---- | M] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
    [1998/12/08 20:53:54 | 000,048,640 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
    [1998/12/08 20:53:54 | 000,070,144 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
    [1998/12/08 20:53:54 | 000,186,368 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
    [1998/12/08 20:53:54 | 000,017,920 | ---- | M] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
    [1998/12/08 20:53:54 | 000,031,744 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2008/07/07 06:05:03 | 024,051,251 | ---- | M] () -- C:\Documents and Settings\WD\My Documents\FreeAgent-DT-WW.exe
    [2009/08/13 16:57:24 | 001,948,608 | ---- | M] () -- C:\Documents and Settings\WD\My Documents\R150860.EXE
    [3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/05/18 08:12:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\WD\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2008/07/10 06:17:13 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\WD\Cookies\desktop.ini
    [2011/05/17 15:32:42 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\WD\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 11:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 11:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 11:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
     
  11. waltd15

    waltd15 TS Rookie Topic Starter

    OTL Extras logfile

    OTL Extras logfile created on: 5/17/2011 3:36:11 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\WD\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,013.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 47.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 63.62 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
    Drive D: | 2.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DESKTOP-CC34A4D | User Name: WD | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = aolfile_HTM] -- C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- C:\PROGRA~1\AOL9~1.0\aol.exe -u"%1" (AOL, LLC.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "ANTIVIRUSDISABLENOTIFY" = 0
    "FIREWALLDISABLENOTIFY" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\HP Software Update\hpwucli.exe" = C:\Program Files\Hp\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
    "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
    "C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
    "C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
    "C:\Program Files\Omemo\Omemo.exe" = C:\Program Files\Omemo\Omemo.exe:*:Enabled:Omemo -- (MP2P Technologies)
    "C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\HP Software Update\hpwucli.exe" = C:\Program Files\Hp\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Documents and Settings\WD\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\WD\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
    "{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
    "{118792B0-F470-11D3-86A9-00C04F6E09F2}" = Microsoft Project 2000
    "{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
    "{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 25
    "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
    "{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{87F1FB43-548D-49A9-B524-7AD058900944}" = Risk+ 2.0 for Microsoft Project
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
    "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
    "{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
    "{EE8AB204-580F-432F-AD82-21A838EE1033}" = Nero 8
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
    "{FF04A828-ABA4-11D7-A021-0060979CE4D3}" = V92 PCI Voice Faxmodem
    "{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
    "7-Zip" = 7-Zip 9.20
    "8461-7759-5462-8226" = Vuze
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe PhotoDeluxe Home Edition 4.0" = Adobe PhotoDeluxe Home Edition 4.0
    "Advanced SystemCare 4_is1" = Advanced SystemCare 4
    "Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
    "AOL Regclient" = AOL Registration
    "AOL Toolbar" = AOL Toolbar
    "AOL Toolbar 5.0" =
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Best Security Tips Toolbar" = Best Security Tips Toolbar
    "CANONBJ_Deinstall_CNMCP49.DLL" = Canon i550
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_207C14F1" = Soft Voice SoftRing Modem with SmartSP
    "conduitEngine" = Conduit Engine
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    "DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
    "DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
    "DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
    "DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
    "DVDneXtCOPY 3 Ultimate" = DVDneXtCOPY 3 Ultimate
    "GoToAssist" = GoToAssist Corporate
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 12.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 12.0
    "HPOCR" = OCR Software by I.R.I.S. 12.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
    "InterActual Player" = InterActual Player
    "LimeWire" = LimeWire 5.2.13
    "Machinist2DLL" = Machinist2DLL
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Virtual Technician" = McAfee Virtual Technician
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSC" = McAfee Internet Security Suite
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Omemo" = Omemo 0.27 Beta
    "Shop for HP Supplies" = Shop for HP Supplies
    "SmartForce Player" = SmartForce Player
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "ST6UNST #1" = P_CS
    "ST6UNST #2" = NavFit98A
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "VSO Inspector_is1" = VSO Inspector 1.4.2
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "wInsight 5.0" = wInsight 5.0
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
    "Yahoo! Companion" = Yahoo! Toolbar
    "Zune" = Zune

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/2/2011 6:04:08 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 10005
    Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
    problem with this Windows Installer package. Please refer to the setup log for
    more information.

    Error - 4/2/2011 6:04:26 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 1023
    Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB980773'
    could not be installed. Error code 1603. Additional information is available in
    the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
    2.0-KB2418241_20110402_100232906-Msi0.txt.

    Error - 4/2/2011 6:04:26 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 1023
    Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2418241'
    could not be installed. Error code 1603. Additional information is available in
    the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
    2.0-KB2418241_20110402_100232906-Msi0.txt.

    Error - 4/2/2011 6:04:26 AM | Computer Name = DESKTOP-CC34A4D | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
    P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 4/2/2011 6:06:00 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 10005
    Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
    problem with this Windows Installer package. Please refer to the setup log for
    more information.

    Error - 4/2/2011 6:06:18 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 1023
    Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB983583'
    could not be installed. Error code 1603. Additional information is available in
    the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
    2.0-KB983583_20110402_100432453-Msi0.txt.

    Error - 4/2/2011 6:06:19 AM | Computer Name = DESKTOP-CC34A4D | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983583,
    P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 4/2/2011 9:12:59 AM | Computer Name = DESKTOP-CC34A4D | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

    Error - 4/2/2011 1:49:06 PM | Computer Name = DESKTOP-CC34A4D | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

    Error - 4/2/2011 3:30:16 PM | Computer Name = DESKTOP-CC34A4D | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

    [ System Events ]
    Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:05:30 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:05:39 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/17/2011 11:20:54 AM | Computer Name = DESKTOP-CC34A4D | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 5/17/2011 4:17:16 PM | Computer Name = DESKTOP-CC34A4D | Source = SCR3XX2K | ID = 0
    Description =


    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Uninstall Advanced SystemCare 4.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - Reg Error: Value error. File not found
      O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
      O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: internet ([]about in Trusted sites)
      O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: navy.mil ([webmail.west.nmci] https in Trusted sites)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      [2011/01/21 16:21:25 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
      [2011/01/21 16:08:55 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
      [1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
      [1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
      [1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
      [1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
      [1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
      [1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
      [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2007/06/15 06:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2007/06/15 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Viewpoint
      @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. waltd15

    waltd15 TS Rookie Topic Starter

    Broni, deleted advanced windows care and followed other guidance, mcafee real time scan will not stay active. OTL log follows

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk moved successfully.
    Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\navy.mil\webmail.west.nmci\ deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe moved successfully.
    C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe moved successfully.
    C:\Program Files\Common Files\IRAREG.DLL moved successfully.
    C:\Program Files\Common Files\IRAABOUT.DLL moved successfully.
    C:\Program Files\Common Files\IRAMDMTR.DLL moved successfully.
    C:\Program Files\Common Files\IRALPTTR.DLL moved successfully.
    C:\Program Files\Common Files\IRAWEBTR.DLL moved successfully.
    C:\Program Files\Common Files\IRASRIAL.DLL moved successfully.
    C:\WINDOWS\002779_.tmp deleted successfully.
    C:\WINDOWS\DUMP33a2.tmp deleted successfully.
    C:\WINDOWS\DUMP33f0.tmp deleted successfully.
    C:\WINDOWS\DUMP4352.tmp deleted successfully.
    C:\WINDOWS\SE264ACA6.tmp deleted successfully.
    C:\WINDOWS\SET25.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\Documents and Settings\WD\My Documents\~WRL0001.tmp deleted successfully.
    C:\Documents and Settings\WD\My Documents\~WRL0002.tmp deleted successfully.
    C:\Documents and Settings\WD\My Documents\~WRL0012.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\WD\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Flash cache emptied: 149 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 33 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65737 bytes
    ->Flash cache emptied: 33 bytes

    User: WD
    ->Temp folder emptied: 1188223 bytes
    ->Temporary Internet Files folder emptied: 25171923 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 3633 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 225376990 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 240.00 mb


    [EMPTYFLASH]

    User: All Users
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: WD
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Error: Unable to interpret <[Reboot]•> in the current context!

    OTL by OldTimer - Version 3.2.22.3 log created on 05172011_163210

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\HPSLPSVC0003.log moved successfully.

    Registry entries deleted on Reboot...
     
  14. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Still out there?
     
  15. waltd15

    waltd15 TS Rookie Topic Starter

    Yes, still out here

    Mcafee is currently "green" w/real time scanning "on", but the real time scanniing has not been staying "on"
     
  16. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  17. waltd15

    waltd15 TS Rookie Topic Starter

    Thank-you Broni,

    I'll re-install and provide feedback

    V/r,
    waltd15
     
  18. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    OK.................
     
  19. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Still with me?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.