Cannot finish scan

[eternalsotsm]

*sorry for posting in the wrong location. I was freaking out at that point

My siblings has reeked havoc on my dads computer.

It will not run system restore

I scaned with Malwarebytes, the box will tell me to click ok, but then malware bytes disappears/shuts down

Icons disappeared before

Windows starts up but it's just a blank desktop without a taskbar or icons. You have to hit ctrl/alt/del then run and type system restore. Then error messages come up and finally you can run the system.

It will not read drives

etc etc

PLEASE HELP. This is CRAZY. Nothing fixes it. Every virus scan shuts down.

I went through the guide to rule out other possibilities. I downloaded DeFogger and went through the disable the cd emulation. I clicked ok, then DeFogger restarted my computer. Then, to my horror, the blue screen came up saying there was something wrong and it was running a check: Then the check crashed! and my computer kept going through this cycle of rebooting and disk checking!

I hit F8, went to last known configuration and finally everything was back to where it was before the Defogger mess.

*sigh* I give up. This is the ONLY thing i could gather. Please help.

Info is from Rootrepeal files.

ROOTREPEAL

[eternalsotsm]

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/06/20 17:41

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\system32\hjgruijwntkvrt.dat

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruilog.dat

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruinnryufox.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruixptqrytr.dll

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\George\Application Data\SecuROM

Status: Could not get file information (Error 0xc0000008)

Path: C:\WINDOWS\system32\drivers\hjgruimcyjamum.sys

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\George\My Documents\Downloads\USERS7~2:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\CabLibrary.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\CabLibrary.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\CommandParserLibrary.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\CommandParserLibrary.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Core.Framework.Basic.Sh.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Core.Framework.Basic.Sh.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\log4net.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\log4net.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Uif.Splash.cl.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Uif.Splash.cl.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Uif.Settings.cl.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Uif.Settings.cl.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Uif.IUifInit.cl.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\Uif.IUifInit.cl.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\PackageManagerClient.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\PackageManager.Sh.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\PackageManager.Sh.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\PackageManagerClientLibrary.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\PackageManagerClientLibrary.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\SerializableDictionary.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\SerializableDictionary.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UI.Framework.Sh.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UI.Framework.Sh.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UIExec.46954.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UIExec.46954.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UIExec.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\PackageManagerClient.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UIExec.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UtilityLibrary.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\UtilityLibrary.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\zlib.net.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\George\Local Settings\Apps\2.0\L9TK9Q3H.NTG\NBRMMELC.BPR\manifests\zlib.net.manifest

Status: Locked to the Windows API!

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and re-enable all active protection when done.
  

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  
• GMER log
  

[eternalsotsm]

Here are the results of what you asked for. Thanks so much, in advance, for helping...

It's broken up in parts because the post said it's too large...

OTL logfile created on: 6/21/2010 5:13:46 PM - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\George\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 101.54 Gb Free Space | 43.60% Space Free | Partition Type: NTFS

Drive D: | 510.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 510.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAIN

Current User Name: George

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 17:12:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe

PRC - [2010/06/02 01:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\George\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/03/20 08:08:12 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2009/08/28 09:42:44 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/28 09:42:43 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/28 09:42:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/05/17 21:13:29 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2009/05/17 21:12:51 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe

PRC - [2009/03/11 11:08:48 | 000,070,928 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe

PRC - [2009/02/04 10:15:44 | 000,667,920 | ---- | M] (CANON INC) -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe

PRC - [2008/05/28 11:07:12 | 000,092,656 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe

PRC - [2008/05/19 18:26:29 | 000,020,480 | ---- | M] () -- C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe

PRC - [2008/05/06 07:15:16 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2008/04/18 05:30:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

PRC - [2008/04/09 01:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2008/03/14 19:50:59 | 000,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2008/01/07 16:02:54 | 000,495,616 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe

PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2007/08/01 21:02:12 | 000,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/05/08 17:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

PRC - [2007/02/10 09:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2007/01/06 21:32:53 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE

PRC - [2006/06/01 14:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2005/09/24 01:28:44 | 000,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

PRC - [2003/04/06 02:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003/04/06 01:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

PRC - [2003/04/06 01:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

PRC - [2003/04/06 01:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

========== Modules (SafeList) ==========

MOD - [2010/06/21 17:12:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe

MOD - [2010/06/01 09:49:07 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\system32\disktify.dll

MOD - [2009/01/28 16:50:01 | 000,123,904 | ---- | M] () -- C:\WINDOWS\system32\aeiwuv.dll

MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2006/02/28 08:00:00 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\opengl32.dll

MOD - [2006/02/28 08:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll

MOD - [2006/02/28 08:00:00 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\glu32.dll

MOD - [2006/02/28 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006/02/28 08:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSSQL$UDASERVER) SQL Server (UDASERVER)

SRV - [2009/08/28 09:42:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/02/04 10:15:44 | 000,667,920 | ---- | M] (CANON INC) [Auto | Running] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)

SRV - [2008/05/28 11:07:12 | 000,092,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01)

SRV - [2008/05/19 18:26:29 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe -- (HPWJAUpdateService)

SRV - [2008/04/18 05:30:42 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

SRV - [2008/04/09 18:40:21 | 000,028,672 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe -- (HPWJAService)

SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2007/05/21 09:43:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/02/10 09:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$HPWJA) SQL Server (HPWJA)

SRV - [2007/02/10 09:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2007/01/06 21:55:27 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2007/01/06 21:32:53 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)

SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

========== Driver Services (SafeList) ==========

DRV - [2010/01/01 12:36:19 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/08/28 09:42:44 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/28 09:42:44 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/05/05 09:24:34 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2008/03/14 02:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2007/11/15 22:38:16 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)

DRV - [2007/11/15 16:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

DRV - [2007/01/06 21:32:53 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)

DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/07/24 04:15:04 | 004,353,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/07/12 09:56:00 | 000,248,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2452474

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-1844237615-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Mario Forever Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2247187&SearchSource=13"

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014

FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.0.0

FF - prefs.js..extensions.enabledItems: {707db484-2428-402d-afb5-d85b387544c7}:2.3.0.4

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/06 07:15:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 23:46:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{00458E45-C078-4584-8781-8276F7BBB450}: C:\Documents and Settings\George\Local Settings\Application Data\{00458E45-C078-4584-8781-8276F7BBB450} [2008/12/05 15:25:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/08 20:06:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 12:25:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 12:25:21 | 000,000,000 | ---D | M]

[2009/02/08 20:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions

[2010/02/26 17:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ksvakt17.default\extensions

[2009/02/12 08:30:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ksvakt17.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/01/30 10:01:53 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ksvakt17.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}

[2010/01/01 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ksvakt17.default\extensions\DTToolbar@toolbarnet.com

[2009/03/18 18:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ksvakt17.default\extensions\moveplayer@movenetworks.com

[2009/09/01 13:05:46 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ksvakt17.default\searchplugins\conduit.xml

[2010/02/26 19:28:38 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ksvakt17.default\searchplugins\daemon-search.xml

[2010/02/26 17:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/02/05 22:10:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{A2271039-009F-4A57-8C74-AA94105427B4}

[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/07/12 18:12:32 | 000,316,381 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 10879 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O2 - BHO: (TChkBHO Class) - {8926BF9F-D996-48C9-99E1-D27AA5164133} - C:\WINDOWS\System32\obvjcrj.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-117609710-1844237615-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\S-1-5-21-117609710-1844237615-725345543-1003\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {707DB484-2428-402D-AFB5-D85B387544C7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-117609710-1844237615-725345543-1003\..\Toolbar\WebBrowser: (Oryte Games 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [2c7e513c] C:\WINDOWS\System32\ydmqpjdf.DLL File not found

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [barbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe ()

O4 - HKLM..\Run: [bture] C:\WINDOWS\ubodejex.DLL File not found

O4 - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.)

O4 - HKLM..\Run: [Framework Windows] File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

O4 - HKLM..\Run: [lenepehosi] C:\WINDOWS\System32\fahihufo.DLL File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [Nfifeciqusoletu] C:\WINDOWS\Cqikoledunumul.DLL File not found

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PC-Antispy] C:\Program Files\PC-Antispy\PC-Antispy.exe File not found

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [qzsnhsljwcjm] C:\WINDOWS\System32\ehqwttxdqwaojgadl.dll File not found

O4 - HKLM..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe File not found

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe File not found

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [kiro] C:\PROGRA~1\COMMON~1\kiro\kirom.exe File not found

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [MSFox] C:\DOCUME~1\George\LOCALS~1\Temp\a.exe File not found

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [sfKg6wIP] C:\Documents and Settings\George\Application Data\Microsoft\Windows\fgvhdx.exe File not found

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [speedRunner] C:\Documents and Settings\George\Application Data\SpeedRunner\SpeedRunner.exe File not found

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [utilMntDsc] C:\WINDOWS\System32\hcjebcxw.exe File not found

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found

O4 - HKU\S-1-5-21-117609710-1844237615-725345543-1003..\Run: [VnrPack23] C:\Program Files\VnrPack\VnrPack23.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.security ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\imagePROGRAF Status Monitor.lnk = C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe (CANON INC.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\.security ()

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: XXpkEodMnY = C:\Documents and Settings\All Users\Application Data\bivexuzq\lwruvidc.exe File not found

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-117609710-1844237615-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/3/B...tualEarth3D.cab (Reg Error: Value error.)

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celartem.com/en/download/data...ntrol_en_US.cab (DjVuCtl Class)

O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} http://www1.skillground.com/cab1819/SkillGround.cab (SkillGround Game Manager)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://domino5.ncat.edu/dwa7W.cab (Domino Web Access 7 Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\mukakuhe.dll) - C:\WINDOWS\System32\mukakuhe.dll File not found

O20 - AppInit_DLLs: (aeiwuv.dll) - C:\WINDOWS\System32\aeiwuv.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (logon.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkLCssP) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/01/06 14:08:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/01/26 04:20:42 | 000,000,000 | R--D | M] - D:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2007/01/26 04:15:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2007/01/26 03:06:20 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ CDFS ]

O32 - AutoRun File - [2007/01/26 04:20:10 | 000,000,149 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2007/01/26 04:20:42 | 000,000,000 | R--D | M] - F:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2007/01/26 04:15:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2007/01/26 03:06:20 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]

O32 - AutoRun File - [2007/01/26 04:20:10 | 000,000,149 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{2997aa78-b5c8-11dd-a9b6-0016e66c8acb}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2997aa78-b5c8-11dd-a9b6-0016e66c8acb}\Shell\Explore\command - "" = autorun.exe

O33 - MountPoints2\{2997aa78-b5c8-11dd-a9b6-0016e66c8acb}\Shell\Open\command - "" = autorun.exe

O33 - MountPoints2\{4d29f5e3-b222-11dc-a919-0016e66c8acb}\Shell - "" = AutoRun

O33 - MountPoints2\{4d29f5e3-b222-11dc-a919-0016e66c8acb}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{937aed9d-d32b-11dd-a9cc-0016e66c8acb}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found

O33 - MountPoints2\{f8ceb8c5-b0fe-11de-8d32-0016e66c8acb}\Shell - "" = AutoRun

O33 - MountPoints2\{f8ceb8c5-b0fe-11de-8d32-0016e66c8acb}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f8ceb8c5-b0fe-11de-8d32-0016e66c8acb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: dwwiinst - (C:\WINDOWS\system32\disktify.dll) - C:\WINDOWS\system32\disktify.dll ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 17:12:36 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe

[2010/06/20 17:17:46 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\George\My Documents\RootRepeal.exe

[2010/06/08 10:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded Audio

[2010/06/08 10:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV

[2010/06/06 18:45:31 | 000,000,000 | ---D | C] -- C:\3dhmedlx

[2010/05/30 16:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\NoLimits Coasters Demo v1.6

[2010/05/28 08:52:09 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\George\My Documents\ChromeSetup (1).exe

[2010/05/26 12:25:32 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[2010/05/22 20:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\My Documents\EElS

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\George\My Documents\*.tmp files -> C:\Documents and Settings\George\My Documents\*.tmp -> ]

[2 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/21 17:12:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe

[2010/06/21 17:08:19 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/06/21 16:55:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/21 16:55:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/06/21 16:54:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/21 10:50:04 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\George\ntuser.ini

[2010/06/21 10:50:03 | 015,466,496 | ---- | M] () -- C:\Documents and Settings\George\ntuser.dat

[2010/06/21 10:49:26 | 000,263,248 | -H-- | M] () -- C:\Documents and Settings\George\Local Settings\Application Data\IconCache.db

[2010/06/21 08:31:52 | 061,273,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/20 18:38:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/20 18:11:42 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\George\defogger_reenable

[2010/06/20 17:20:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gqlj.sys

[2010/06/20 17:18:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\George\My Documents\settings.dat

[2010/06/20 17:00:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jetoeie.sys

[2010/06/20 16:38:17 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ueiqs.sys

[2010/06/20 16:25:56 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\tmshpxqy.sys

[2010/06/16 22:44:26 | 000,033,919 | ---- | M] () -- C:\Documents and Settings\George\Desktop\n1465547124_30254816_3336338.jpg

[2010/06/16 22:09:28 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\George\Desktop\~$ssonplntthom.doc

[2010/06/16 19:27:19 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX

[2010/06/16 19:27:19 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx

[2010/06/16 17:52:26 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Lessonplntthom.doc

[2010/06/16 17:49:00 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\George\My Documents\art lesson 1.doc

[2010/06/16 11:31:27 | 001,102,546 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Fine_Arts_Careers_2009.pdf

[2010/06/16 11:20:07 | 000,202,961 | ---- | M] () -- C:\Documents and Settings\George\Desktop\AcademicStandards010DraftVisualArts.pdf

[2010/06/16 08:12:42 | 001,046,388 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.dwg

[2010/06/15 22:09:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\George\My Documents\~$t lesson 1.doc

[2010/06/15 21:12:55 | 000,089,818 | ---- | M] () -- C:\Documents and Settings\George\Desktop\mount beulah united methodist church 2.pdf

[2010/06/15 21:12:04 | 001,046,388 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.bak

[2010/06/15 21:11:51 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.dwl

[2010/06/15 21:10:19 | 000,001,423 | ---- | M] () -- C:\Documents and Settings\George\My Documents\acad.err

[2010/06/15 17:39:00 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2010/06/15 17:39:00 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2010/06/15 17:39:00 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010/06/14 13:02:58 | 000,070,882 | ---- | M] () -- C:\Documents and Settings\George\Desktop\MOUNT BEALHAH UNITED METHODIST.pdf

[2010/06/14 12:40:23 | 000,012,353 | ---- | M] () -- C:\Documents and Settings\George\My Documents\acadstk.dmp

[2010/06/12 08:40:10 | 000,288,706 | ---- | M] () -- C:\Documents and Settings\George\My Documents\2008 Heavy.UBK

[2010/06/12 08:40:08 | 000,161,758 | ---- | M] () -- C:\Documents and Settings\George\Desktop\2008 Construction.UBK

[2010/06/12 08:37:27 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\George\My Documents\Estimate2.~BK$

[2010/06/11 10:20:06 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Thomas Construction business Cards.pub

[2010/06/10 15:42:59 | 000,288,706 | ---- | M] () -- C:\Documents and Settings\George\My Documents\2008 Heavy.SAV

[2010/06/10 15:08:56 | 000,161,758 | ---- | M] () -- C:\Documents and Settings\George\Desktop\2008 Construction.SAV

[2010/06/10 12:25:11 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\George\Desktop\fax cover sheet.lnk

[2010/06/10 08:49:57 | 000,008,192 | ---- | M] () -- C:\Super Mario All-Stars (E) [!].srm

[2010/06/07 20:16:56 | 000,000,367 | ---- | M] () -- C:\WINDOWS\3DHOME.INI

[2010/06/07 01:06:18 | 002,785,200 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mfafactorsfreemium1.pdf

[2010/06/06 19:04:09 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml

[2010/06/05 20:43:53 | 003,413,896 | ---- | M] () -- C:\Documents and Settings\George\My Documents\Robert_Greene_The_Art_Of_Seduction.pdf

[2010/06/04 09:27:20 | 000,000,046 | -H-- | M] () -- C:\Documents and Settings\George\My Documents\wood_frame_constuction_sheathing_and_lath.dwl

[2010/06/03 11:35:12 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\George\My Documents\MY BIRTHDAY LIST.doc

[2010/06/01 09:49:07 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\System32\disktify.dll

[2010/05/29 21:11:04 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\George\Application Data\avdrn.dat

[2010/05/28 08:52:38 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/28 08:50:13 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\George\My Documents\ChromeSetup (1).exe

[2010/05/26 12:25:32 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\George\My Documents\*.tmp files -> C:\Documents and Settings\George\My Documents\*.tmp -> ]

[2 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 18:11:33 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\George\defogger_reenable

[2010/06/20 17:20:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gqlj.sys

[2010/06/20 17:18:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George\My Documents\settings.dat

[2010/06/20 17:00:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jetoeie.sys

[2010/06/20 16:38:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ueiqs.sys

[2010/06/20 16:25:56 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmshpxqy.sys

[2010/06/16 22:44:26 | 000,033,919 | ---- | C] () -- C:\Documents and Settings\George\Desktop\n1465547124_30254816_3336338.jpg

[2010/06/16 22:09:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\George\Desktop\~$ssonplntthom.doc

[2010/06/16 17:52:26 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Lessonplntthom.doc

[2010/06/16 11:31:27 | 001,102,546 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Fine_Arts_Careers_2009.pdf

[2010/06/16 11:20:07 | 000,202,961 | ---- | C] () -- C:\Documents and Settings\George\Desktop\AcademicStandards010DraftVisualArts.pdf

[2010/06/15 22:09:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\George\My Documents\~$t lesson 1.doc

[2010/06/15 21:12:52 | 000,089,818 | ---- | C] () -- C:\Documents and Settings\George\Desktop\mount beulah united methodist church 2.pdf

[2010/06/15 21:11:51 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.dwl

[2010/06/14 13:02:53 | 000,070,882 | ---- | C] () -- C:\Documents and Settings\George\Desktop\MOUNT BEALHAH UNITED METHODIST.pdf

[2010/06/10 15:08:56 | 000,161,758 | ---- | C] () -- C:\Documents and Settings\George\Desktop\2008 Construction.UBK

[2010/06/10 15:08:56 | 000,161,758 | ---- | C] () -- C:\Documents and Settings\George\Desktop\2008 Construction.SAV

[2010/06/10 12:25:11 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\George\Desktop\fax cover sheet.lnk

[2010/06/08 08:05:52 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\George\My Documents\art lesson 1.doc

[2010/06/07 01:06:18 | 002,785,200 | ---- | C] () -- C:\Documents and Settings\George\My Documents\mfafactorsfreemium1.pdf

[2010/06/05 20:43:53 | 003,413,896 | ---- | C] () -- C:\Documents and Settings\George\My Documents\Robert_Greene_The_Art_Of_Seduction.pdf

[2010/06/04 09:27:20 | 000,000,046 | -H-- | C] () -- C:\Documents and Settings\George\My Documents\wood_frame_constuction_sheathing_and_lath.dwl

[2010/06/03 11:35:11 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\George\My Documents\MY BIRTHDAY LIST.doc

[2010/05/29 21:11:46 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\disktify.dll

[2010/05/29 21:11:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\George\Application Data\avdrn.dat

[2010/01/01 12:36:19 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/07/14 22:05:14 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll

[2009/06/29 17:34:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/05/19 23:04:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/02/07 20:19:09 | 000,000,978 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/01/28 16:50:02 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\aeiwuv.dll

[2009/01/28 16:50:01 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\jpaenjep.dll

[2008/12/24 18:32:23 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/12/24 18:32:22 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/07/19 17:20:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008/05/19 15:37:37 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini

[2008/05/19 15:37:08 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll

[2008/05/03 20:45:00 | 000,000,367 | ---- | C] () -- C:\WINDOWS\3DHOME.INI

[2008/03/04 14:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2007/11/17 09:26:49 | 000,000,316 | ---- | C] () -- C:\WINDOWS\mybc32.INI

[2007/09/08 07:12:34 | 000,003,657 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/07/22 12:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2007/06/01 13:29:40 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FinalAlert2.ini

[2007/01/31 09:12:41 | 000,000,096 | ---- | C] () -- C:\WINDOWS\bizpub32.INI

[2007/01/17 13:53:58 | 000,000,070 | ---- | C] () -- C:\WINDOWS\Morpheus.INI

[2007/01/07 16:21:49 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2007/01/07 16:21:49 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2007/01/07 16:21:28 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\agissi.dll

[2007/01/07 16:21:24 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\zhhp_res.dll

[2007/01/07 16:21:23 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll

[2007/01/07 16:20:39 | 000,000,635 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2007/01/06 21:21:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/01/06 14:30:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/01/06 14:22:15 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005/12/05 08:58:18 | 000,251,392 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll

[2005/06/19 12:45:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\glide3x.dll

[2005/06/19 12:45:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\glide2x.dll

[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[1996/02/23 15:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\declw.dll

[1996/02/22 13:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\decln.dll

< End of report >

[eternalsotsm]

OTL Extras logfile created on: 6/21/2010 5:13:46 PM - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\George\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 101.54 Gb Free Space | 43.60% Space Free | Partition Type: NTFS

Drive D: | 510.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 510.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAIN

Current User Name: George

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-117609710-1844237615-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1434:UDP" = 1434:UDP:*:Enabled:UDASQL2

"1433:TCP" = 1433:TCP:*:Enabled:UDASQL3

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell -- File not found

"D:\SETUP.EXE" = D:\SETUP.EXE:*:Enabled:Setup -- File not found

"C:\Program Files\Xolox\XoloxEXE.exe" = C:\Program Files\Xolox\XoloxEXE.exe:*:Enabled:Xolox -- File not found

"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()

"C:\Program Files\SkillGround\Games\UTG\Main.exe" = C:\Program Files\SkillGround\Games\UTG\Main.exe:*:Enabled:UTG -- ()

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()

"C:\Program Files\UDA Technologies\UDA ConstructionSuite 2007\udacrm.exe" = C:\Program Files\UDA Technologies\UDA ConstructionSuite 2007\udacrm.exe:*:Enabled:UDA2007 -- File not found

"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)

"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- File not found

"C:\Program Files\Hewlett-Packard\HP Download Manager\hpjdwnld.exe" = C:\Program Files\Hewlett-Packard\HP Download Manager\hpjdwnld.exe:*:Enabled:HP Networked Printer Installer -- (Hewlett Packard Company)

"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" = c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:UDASQL -- File not found

"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:UDASQL2 -- (Microsoft Corporation)

"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:

[eternalsotsm]

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-21 17:42:57

Windows 5.1.2600 Service Pack 2

Running: dfwecfk4.exe; Driver: C:\DOCUME~1\George\LOCALS~1\Temp\pxtdypob.sys

---- System - GMER 1.0.15 ----

INT 0x62 ? 87368BF8

INT 0x63 ? 8724DBF8

INT 0x73 ? 87368BF8

INT 0x73 ? 87368BF8

INT 0x73 ? 8724DBF8

INT 0x73 ? 87368BF8

INT 0x83 ? 8724DBF8

INT 0xB4 ? 8724DBF8

Code 870733C8 ZwEnumerateKey

Code 86FA2630 ZwFlushInstructionCache

Code 8700F136 IofCallDriver

Code 870161AE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF0BC 5 Bytes JMP 8700F13B

.text ntkrnlpa.exe!IofCompleteRequest 804EF14C 5 Bytes JMP 870161B3

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B528A 5 Bytes JMP 86FA2634

PAGE ntkrnlpa.exe!ZwEnumerateKey 80622950 5 Bytes JMP 870733CC

? spwy.sys The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF607B360, 0x24BB1D, 0xE8000020]

.text USBPORT.SYS!DllUnload F605C62C 5 Bytes JMP 8724D1D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D000A

.text C:\WINDOWS\Explorer.exe[472] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B7000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[728] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005F000A

.text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0050000A

.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0069000A

.text ...

.text C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 00413A70 C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb/Orb Networks)

.text C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DC000A

.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003E000A

.text C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 012B000A

.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CD000A

.text C:\Program Files\Winamp Remote\bin\Orb.exe[3924] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 00402CA0 C:\Program Files\Winamp Remote\bin\Orb.exe (Orb Application/Orb Networks, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72A9042] spwy.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72A913E] spwy.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72A90C0] spwy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72A9800] spwy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72A96D6] spwy.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[384] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\Explorer.exe [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\Explorer.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00E552BD

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E552BD

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E55209

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E551A4

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E55172

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00E5582C

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00E5582C

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00E55582

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00E55582

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00E5582C

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E552BD

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E352BD

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E35209

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E351A4

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E35172

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00E35209

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E352BD

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00E35209

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00E351A4

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00E35582

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00E3582C

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00E3582C

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00E35582

IAT C:\WINDOWS\system32\lsass.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00E3582C

IAT C:\WINDOWS\system32\svchost.exe[996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C15172

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C452BD

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C45209

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C451A4

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C45172

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00C45582

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00C4582C

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00C4582C

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00C45582

IAT C:\WINDOWS\system32\svchost.exe[1084] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00C4582C

IAT C:\WINDOWS\system32\svchost.exe[1084] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C452BD

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C452BD

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C45209

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C451A4

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C45172

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00C45582

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00C4582C

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00C4582C

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00C45582

IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00C4582C

IAT C:\WINDOWS\System32\svchost.exe[1188] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C452BD

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1200] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1200] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1200] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[1496] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1600] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1728] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352BD

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135209

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351A4

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135172

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135582

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 0013582C

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 0013582C

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 0013582C

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135582

IAT C:\Program Files\iPod\bin\iPodService.exe[1900] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352BD

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\RTHDCPL.EXE[2068] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\PowerISO\PWRISOVM.EXE[2128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452BD

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145209

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001451A4

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145172

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00145582

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 0014582C

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 0014582C

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 0014582C

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 00145582

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452BD

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2176] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2272] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\iTunes\iTunesHelper.exe[2752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[2864] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\ctfmon.exe[3304] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\OrbTray.exe[3344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3432] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3492] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Documents and Settings\George\Desktop\dfwecfk4.exe[3760] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452BD

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145209

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001451A4

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145172

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 0014582C

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00145582

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 0014582C

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00145582

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 0014582C

IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452BD

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45400] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C883205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C883200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\Program Files\Winamp Remote\bin\Orb.exe[3924] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45405] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873671F8

Device \FileSystem\Fastfat \FatCdrom 870F0500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8725A1F8

Device \Driver\usbuhci \Device\USBPDO-1 8725A1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D81F8

Device \Driver\dmio \Device\DmControl\DmConfig 873D81F8

Device \Driver\dmio \Device\DmControl\DmPnP 873D81F8

Device \Driver\dmio \Device\DmControl\DmInfo 873D81F8

Device \Driver\usbuhci \Device\USBPDO-2 8725A1F8

Device \Driver\usbuhci \Device\USBPDO-3 8725A1F8

Device \Driver\usbehci \Device\USBPDO-4 872591F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 873691F8

Device \Driver\Cdrom \Device\CdRom0 871851F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 8709F500

Device \Driver\PCI_PNP3428 \Device\0000004a spwy.sys

Device \Driver\NetBT \Device\NetbiosSmb 8709F500

Device \Driver\sptd \Device\3876733428 spwy.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8725A1F8

Device \Driver\usbuhci \Device\USBFDO-1 8725A1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 87098500

Device \Driver\usbuhci \Device\USBFDO-2 8725A1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 87098500

Device \Driver\usbuhci \Device\USBFDO-3 8725A1F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{C414F504-B7EF-4121-B88D-1BDEB44A4C9A} 8709F500

Device \Driver\usbehci \Device\USBFDO-4 872591F8

Device \Driver\Ftdisk \Device\FtControl 873691F8

Device \Driver\azuk6tjv \Device\Scsi\azuk6tjv1Port4Path0Target0Lun0 870D61F8

Device \Driver\azuk6tjv \Device\Scsi\azuk6tjv1 870D61F8

Device \FileSystem\Fastfat \Fat 870F0500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 87097500

---- EOF - GMER 1.0.15 ----

[Elise]

Hello there,

Based on the way your log gets cut off, I suspect a rootkit.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[eternalsotsm]

My computer would not allow me to scan. It said, "Some files could not be created. Reboot and reinstall.

I did, but the error message kept coming up.

I tried to go into safe mode, but the computer would not allow for me to do this either. It was acting like it would, then it would reboot and follow the cycle of shutting down and rebooting.

[Elise]

Can you please try and download a new copy of combofix? Does this have the same issue? Are you running combofix from a useraccount with Administrator privileges?

[eternalsotsm]

Yes, it has the same issue after installing from both locations you have provided for me. And no, there are no administrator privileges.

[Elise]

My computer would not allow me to scan. It said, "Some files could not be created. Reboot and reinstall.

At what point did this happen? Was this when the Recovery Console was installed? If so, rerun combofix and select NO when asked if you want to install the Recovery Console.

[eternalsotsm]

No, it was at the beginning. I didn't click on anything. It loaded, but that message immediately came up. Then the combofix stayed on the desktop, stuck.

[Elise]

Did you copy the file to the desktop, or did you run it from a flash drive/CD?

[eternalsotsm]

Desktop

[Elise]

Hello again, lets try something else first.

• Please download TDSSKiller.zip and save it to your desktop.
  
• Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  
• Click Start > Run and copy paste the following bolded text in the run box
  "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  
• When it finished press any key to continue.
  
• If needed reboot the computer.
  

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

[eternalsotsm]

Ok. I can't log on. I'm going to type exactly what happened:

Everything seemed fine, the computer shut down after everything was finished.

Then a blue screen came up after starting up. It said: Disk checking NTFS. I clicked to end the disk checking, then the welcome screen came up for george (hasn't happened in a long time. There was no where to click for admin.)

Every time i clicked, it would say loading settings, then closing network connection, then the screen would be as before...George.)

Restarted Computer

Hit F8, tried safe mode but it didn't work.

Checked for consistency came back up, and i decided not to click and let it check

CHKDSK Went through all the stages 1-3, but at verifying indexes (stage 2 of 3) It said: Deleting index entry SecuROM in index $I30 of file 10263. Security descriptors (stage 3 of 3) went through fine.

It then shut itself of, rebooted, went through start up, and now i'm back to the logon screen, but i still can't get past George. It still repeats itself---"Every time i clicked, it would say loading settings, then closing network connection, then the screen would be as before...George."

What should i do? It seems like a hardware issue now...

[Elise]

This doesn't sound like hardware, more like a broken userinit value.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  
• Double-click on the OTLPE icon.
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the OTL.txt file in your reply.
  

[eternalsotsm]

Yay! Something that finally worked! heheh:

OTL logfile created on: 6/24/2010 5:49:52 PM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 766.00 Mb Available Physical Memory | 75.00% Memory free

907.00 Mb Paging File | 844.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 101.34 Gb Free Space | 43.52% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet006

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (MSSQL$UDASERVER) SQL Server (UDASERVER)

SRV - [2009/08/28 09:42:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2008/05/19 18:26:29 | 000,020,480 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe -- (HPWJAUpdateService)

SRV - [2008/04/18 05:30:42 | 000,204,800 | ---- | M] () [Auto] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

SRV - [2008/04/09 18:40:21 | 000,028,672 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe -- (HPWJAService)

SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2007/05/21 09:43:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/02/10 09:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$HPWJA) SQL Server (HPWJA)

SRV - [2007/02/10 09:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2007/01/06 21:55:27 | 000,077,944 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2007/01/06 21:32:53 | 000,054,784 | ---- | M] (Macrovision) [Auto] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)

SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Boot] -- -- (ati6vuxx)

DRV - File not found [Kernel | Boot] -- -- (ati1cbxx)

DRV - [2010/01/01 12:36:19 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009/08/28 09:42:44 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/28 09:42:44 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/05/05 09:24:34 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2008/03/14 02:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2007/11/15 22:38:16 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)

DRV - [2007/11/15 16:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

DRV - [2007/01/06 21:32:53 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)

DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/07/24 04:15:04 | 004,353,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/07/12 09:56:00 | 000,248,192 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2452474

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\George_ON_C\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

IE - HKU\George_ON_C\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

IE - HKU\George_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\George_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"

FF - prefs.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="

FF - prefs.js..browser.search.selectedEngine: "Yoog Search"

FF - prefs.js..extensions.enabledItems: {A2271039-009F-4A57-8C74-AA94105427B4}:1.0

FF - prefs.js..extensions.enabledItems: {00458E45-C078-4584-8781-8276F7BBB450}:1.0

FF - prefs.js..keyword.URL: "http://www13.yoog.com/search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"

FF - user.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="

FF - user.js..browser.search.selectedEngine: "Yoog Search"

FF - user.js..keyword.URL: "http://www13.yoog.com/search.php?q="

FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/06 07:15:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 23:46:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{00458E45-C078-4584-8781-8276F7BBB450}: C:\Documents and Settings\George\Local Settings\Application Data\{00458E45-C078-4584-8781-8276F7BBB450} [2008/12/05 15:25:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/08 20:06:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 12:25:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 12:25:21 | 000,000,000 | ---D | M]

[2009/02/07 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2009/02/07 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4j3adtpk.default\extensions

[2009/02/07 20:19:50 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4j3adtpk.default\searchplugins\Yoog Search.xml

[2010/02/26 17:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/02/05 22:10:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{A2271039-009F-4A57-8C74-AA94105427B4}

[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/07/12 18:12:32 | 000,316,381 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 10879 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O2 - BHO: (TChkBHO Class) - {8926BF9F-D996-48C9-99E1-D27AA5164133} - C:\WINDOWS\System32\obvjcrj.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {707DB484-2428-402D-AFB5-D85B387544C7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (Oryte Games 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [2c7e513c] C:\WINDOWS\System32\ydmqpjdf.DLL File not found

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [barbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe ()

O4 - HKLM..\Run: [bture] C:\WINDOWS\ubodejex.DLL File not found

O4 - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.)

O4 - HKLM..\Run: [Framework Windows] File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

O4 - HKLM..\Run: [lenepehosi] C:\WINDOWS\System32\fahihufo.DLL File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [Nfifeciqusoletu] C:\WINDOWS\Cqikoledunumul.DLL File not found

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PC-Antispy] C:\Program Files\PC-Antispy\PC-Antispy.exe File not found

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [qzsnhsljwcjm] C:\WINDOWS\System32\ehqwttxdqwaojgadl.dll File not found

O4 - HKLM..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe File not found

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe File not found

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\George_ON_C..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\George_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKU\George_ON_C..\Run: [kiro] C:\PROGRA~1\COMMON~1\kiro\kirom.exe File not found

O4 - HKU\George_ON_C..\Run: [MSFox] C:\DOCUME~1\George\LOCALS~1\Temp\a.exe File not found

O4 - HKU\George_ON_C..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)

O4 - HKU\George_ON_C..\Run: [sfKg6wIP] C:\Documents and Settings\George\Application Data\Microsoft\Windows\fgvhdx.exe File not found

O4 - HKU\George_ON_C..\Run: [speedRunner] C:\Documents and Settings\George\Application Data\SpeedRunner\SpeedRunner.exe File not found

O4 - HKU\George_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\George_ON_C..\Run: [utilMntDsc] C:\WINDOWS\System32\hcjebcxw.exe File not found

O4 - HKU\George_ON_C..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found

O4 - HKU\George_ON_C..\Run: [VnrPack23] C:\Program Files\VnrPack\VnrPack23.exe File not found

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB2092] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB3101] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB392] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB6065] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB7470] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB8594] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB9040] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD2713] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD3588] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD456] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD4733] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD4971] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD5653] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD8608] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\George_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.security ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\imagePROGRAF Status Monitor.lnk = C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe (CANON INC.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\.security ()

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: XXpkEodMnY = C:\Documents and Settings\All Users\Application Data\bivexuzq\lwruvidc.exe File not found

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/3/B...tualEarth3D.cab (Reg Error: Value error.)

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celartem.com/en/download/data...ntrol_en_US.cab (DjVuCtl Class)

O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} http://www1.skillground.com/cab1819/SkillGround.cab (SkillGround Game Manager)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://domino5.ncat.edu/dwa7W.cab (Domino Web Access 7 Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\mukakuhe.dll) - C:\WINDOWS\System32\mukakuhe.dll File not found

O20 - AppInit_DLLs: (aeiwuv.dll) - C:\WINDOWS\System32\aeiwuv.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (logon.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop BackupWallPaper:

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkLCssP) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/01/06 14:08:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: dwwiinst - (C:\WINDOWS\system32\disktify.dll) - C:\WINDOWS\system32\disktify.dll ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/24 14:12:48 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\George\Desktop\TDSSKiller.exe

[2010/06/23 08:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\SystemRequirementsLab

[2010/06/22 16:44:46 | 000,000,000 | ---D | C] -- C:\pebuilder3110a

[2010/06/22 16:29:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/06/22 16:18:17 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/21 17:12:36 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe

[2010/06/20 17:17:46 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\George\My Documents\RootRepeal.exe

[2010/06/06 18:45:31 | 000,000,000 | ---D | C] -- C:\3dhmedlx

[2010/05/30 16:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\NoLimits Coasters Demo v1.6

[2010/05/28 08:52:09 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\George\My Documents\ChromeSetup (1).exe

[2010/05/26 12:25:32 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[2005/09/24 01:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\George\My Documents\*.tmp files -> C:\Documents and Settings\George\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/24 17:50:16 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/06/24 16:42:42 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/06/24 16:42:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/24 16:13:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\George\ntuser.ini

[2010/06/24 16:13:55 | 015,466,496 | ---- | M] () -- C:\Documents and Settings\George\ntuser.dat

[2010/06/24 16:13:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/06/24 14:21:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/24 08:37:42 | 061,375,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/22 16:27:06 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/06/22 16:20:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/22 16:20:11 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Shortcut to ComboFix.lnk

[2010/06/21 23:48:32 | 000,072,745 | ---- | M] () -- C:\Documents and Settings\George\Desktop\downsize.jpg

[2010/06/21 17:22:39 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\George\Desktop\dfwecfk4.exe

[2010/06/21 17:12:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe

[2010/06/21 10:49:26 | 000,263,248 | -H-- | M] () -- C:\Documents and Settings\George\Local Settings\Application Data\IconCache.db

[2010/06/20 18:11:42 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\George\defogger_reenable

[2010/06/20 17:20:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gqlj.sys

[2010/06/20 17:18:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\George\My Documents\settings.dat

[2010/06/20 17:00:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jetoeie.sys

[2010/06/20 16:38:17 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ueiqs.sys

[2010/06/20 16:25:56 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\tmshpxqy.sys

[2010/06/16 22:44:26 | 000,033,919 | ---- | M] () -- C:\Documents and Settings\George\Desktop\n1465547124_30254816_3336338.jpg

[2010/06/16 22:09:28 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\George\Desktop\~$ssonplntthom.doc

[2010/06/16 19:27:19 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX

[2010/06/16 19:27:19 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx

[2010/06/16 17:52:26 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Lessonplntthom.doc

[2010/06/16 17:49:00 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\George\My Documents\art lesson 1.doc

[2010/06/16 11:31:27 | 001,102,546 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Fine_Arts_Careers_2009.pdf

[2010/06/16 11:20:07 | 000,202,961 | ---- | M] () -- C:\Documents and Settings\George\Desktop\AcademicStandards010DraftVisualArts.pdf

[2010/06/16 08:12:42 | 001,046,388 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.dwg

[2010/06/15 22:09:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\George\My Documents\~$t lesson 1.doc

[2010/06/15 21:12:55 | 000,089,818 | ---- | M] () -- C:\Documents and Settings\George\Desktop\mount beulah united methodist church 2.pdf

[2010/06/15 21:12:04 | 001,046,388 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.bak

[2010/06/15 21:11:51 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.dwl

[2010/06/15 21:10:19 | 000,001,423 | ---- | M] () -- C:\Documents and Settings\George\My Documents\acad.err

[2010/06/15 17:39:00 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2010/06/15 17:39:00 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2010/06/15 17:39:00 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010/06/14 13:02:58 | 000,070,882 | ---- | M] () -- C:\Documents and Settings\George\Desktop\MOUNT BEALHAH UNITED METHODIST.pdf

[2010/06/14 12:40:23 | 000,012,353 | ---- | M] () -- C:\Documents and Settings\George\My Documents\acadstk.dmp

[2010/06/12 08:40:10 | 000,288,706 | ---- | M] () -- C:\Documents and Settings\George\My Documents\2008 Heavy.UBK

[2010/06/12 08:40:08 | 000,161,758 | ---- | M] () -- C:\Documents and Settings\George\Desktop\2008 Construction.UBK

[2010/06/12 08:37:27 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\George\My Documents\Estimate2.~BK$

[2010/06/11 10:20:06 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Thomas Construction business Cards.pub

[2010/06/10 15:42:59 | 000,288,706 | ---- | M] () -- C:\Documents and Settings\George\My Documents\2008 Heavy.SAV

[2010/06/10 15:08:56 | 000,161,758 | ---- | M] () -- C:\Documents and Settings\George\Desktop\2008 Construction.SAV

[2010/06/10 12:25:11 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\George\Desktop\fax cover sheet.lnk

[2010/06/10 08:49:57 | 000,008,192 | ---- | M] () -- C:\Super Mario All-Stars (E) [!].srm

[2010/06/07 20:16:56 | 000,000,367 | ---- | M] () -- C:\WINDOWS\3DHOME.INI

[2010/06/07 01:06:18 | 002,785,200 | ---- | M] () -- C:\Documents and Settings\George\My Documents\mfafactorsfreemium1.pdf

[2010/06/06 19:04:09 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml

[2010/06/05 20:43:53 | 003,413,896 | ---- | M] () -- C:\Documents and Settings\George\My Documents\Robert_Greene_The_Art_Of_Seduction.pdf

[2010/06/04 09:27:20 | 000,000,046 | -H-- | M] () -- C:\Documents and Settings\George\My Documents\wood_frame_constuction_sheathing_and_lath.dwl

[2010/06/03 11:35:12 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\George\My Documents\MY BIRTHDAY LIST.doc

[2010/06/01 09:49:07 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\System32\disktify.dll

[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\George\Desktop\TDSSKiller.exe

[2010/05/29 21:11:04 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\George\Application Data\avdrn.dat

[2010/05/28 08:52:38 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/28 08:50:13 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\George\My Documents\ChromeSetup (1).exe

[2010/05/26 12:25:32 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\George\My Documents\*.tmp files -> C:\Documents and Settings\George\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/22 16:20:11 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Shortcut to ComboFix.lnk

[2010/06/21 23:48:30 | 000,072,745 | ---- | C] () -- C:\Documents and Settings\George\Desktop\downsize.jpg

[2010/06/21 17:22:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\George\Desktop\dfwecfk4.exe

[2010/06/20 18:11:33 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\George\defogger_reenable

[2010/06/20 17:20:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gqlj.sys

[2010/06/20 17:18:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George\My Documents\settings.dat

[2010/06/20 17:00:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jetoeie.sys

[2010/06/20 16:38:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ueiqs.sys

[2010/06/20 16:25:56 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmshpxqy.sys

[2010/06/16 22:44:26 | 000,033,919 | ---- | C] () -- C:\Documents and Settings\George\Desktop\n1465547124_30254816_3336338.jpg

[2010/06/16 22:09:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\George\Desktop\~$ssonplntthom.doc

[2010/06/16 17:52:26 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Lessonplntthom.doc

[2010/06/16 11:31:27 | 001,102,546 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Fine_Arts_Careers_2009.pdf

[2010/06/16 11:20:07 | 000,202,961 | ---- | C] () -- C:\Documents and Settings\George\Desktop\AcademicStandards010DraftVisualArts.pdf

[2010/06/15 22:09:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\George\My Documents\~$t lesson 1.doc

[2010/06/15 21:12:52 | 000,089,818 | ---- | C] () -- C:\Documents and Settings\George\Desktop\mount beulah united methodist church 2.pdf

[2010/06/15 21:11:51 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\George\My Documents\mount beulah united methodist church.dwl

[2010/06/14 13:02:53 | 000,070,882 | ---- | C] () -- C:\Documents and Settings\George\Desktop\MOUNT BEALHAH UNITED METHODIST.pdf

[2010/06/10 15:08:56 | 000,161,758 | ---- | C] () -- C:\Documents and Settings\George\Desktop\2008 Construction.UBK

[2010/06/10 15:08:56 | 000,161,758 | ---- | C] () -- C:\Documents and Settings\George\Desktop\2008 Construction.SAV

[2010/06/10 12:25:11 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\George\Desktop\fax cover sheet.lnk

[2010/06/08 08:05:52 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\George\My Documents\art lesson 1.doc

[2010/06/07 01:06:18 | 002,785,200 | ---- | C] () -- C:\Documents and Settings\George\My Documents\mfafactorsfreemium1.pdf

[2010/06/05 20:43:53 | 003,413,896 | ---- | C] () -- C:\Documents and Settings\George\My Documents\Robert_Greene_The_Art_Of_Seduction.pdf

[2010/06/04 09:27:20 | 000,000,046 | -H-- | C] () -- C:\Documents and Settings\George\My Documents\wood_frame_constuction_sheathing_and_lath.dwl

[2010/06/03 11:35:11 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\George\My Documents\MY BIRTHDAY LIST.doc

[2010/05/29 21:11:46 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\disktify.dll

[2010/05/29 21:11:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\George\Application Data\avdrn.dat

[2009/11/27 14:40:26 | 000,003,229 | ---- | C] () -- C:\Documents and Settings\George\Application Data\glide_wrapper.zbag.ini

[2009/07/14 22:05:14 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll

[2009/06/29 17:34:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/05/19 23:04:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/05/15 02:05:45 | 015,466,496 | ---- | C] () -- C:\Documents and Settings\George\ntuser.dat

[2009/02/11 21:32:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/07 20:19:09 | 000,000,978 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/02/07 19:56:02 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2009/02/07 19:56:00 | 000,065,536 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG

[2009/02/07 19:55:59 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2009/01/28 16:50:02 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\aeiwuv.dll

[2009/01/28 16:50:01 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\jpaenjep.dll

[2009/01/18 14:24:47 | 000,659,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2008/12/24 18:32:23 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/12/24 18:32:22 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/07/19 17:20:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008/06/16 21:24:00 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George\Application Data\Classic Thick

[2008/05/19 15:37:37 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini

[2008/05/19 15:37:08 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll

[2008/05/03 20:45:00 | 000,000,367 | ---- | C] () -- C:\WINDOWS\3DHOME.INI

[2008/03/04 14:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2007/11/17 09:26:49 | 000,000,316 | ---- | C] () -- C:\WINDOWS\mybc32.INI

[2007/09/08 07:12:34 | 000,003,657 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/09/03 14:42:22 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George\Application Data\Chiller

[2007/07/22 12:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2007/06/06 10:00:07 | 000,231,899 | ---- | C] () -- C:\Documents and Settings\George\AdobeFnt10.lst

[2007/06/01 13:29:40 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FinalAlert2.ini

[2007/01/31 09:12:41 | 000,000,096 | ---- | C] () -- C:\WINDOWS\bizpub32.INI

[2007/01/17 13:53:58 | 000,000,070 | ---- | C] () -- C:\WINDOWS\Morpheus.INI

[2007/01/07 16:40:49 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\fusioncache.dat

[2007/01/07 16:21:49 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2007/01/07 16:21:49 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2007/01/07 16:21:28 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\agissi.dll

[2007/01/07 16:21:24 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\zhhp_res.dll

[2007/01/07 16:21:23 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll

[2007/01/07 16:20:39 | 000,000,635 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2007/01/06 21:21:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/01/06 21:21:25 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/01/06 14:30:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/01/06 14:22:15 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2007/01/06 14:12:54 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\George\ntuser.dat.LOG

[2007/01/06 14:12:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\George\ntuser.ini

[2007/01/06 14:12:16 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2007/01/06 14:12:16 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2007/01/06 14:12:16 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini

[2007/01/06 14:11:36 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2007/01/06 14:11:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2007/01/06 14:11:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini

[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005/12/05 08:58:18 | 000,251,392 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll

[2005/06/19 12:45:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\glide3x.dll

[2005/06/19 12:45:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\glide2x.dll

[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/11/01 16:00:10 | 000,061,818 | R--- | C] () -- C:\Program Files\Uninstal.exe

[1996/02/23 15:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\declw.dll

[1996/02/22 13:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\decln.dll

========== LOP Check ==========

[2009/02/05 23:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR

[2009/02/11 21:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR

[2008/05/19 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Autodesk

[2009/05/14 23:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\AVGTOOLBAR

[2010/06/16 23:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\BitTorrent

[2008/04/07 09:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\BlitzSoft

[2007/02/22 23:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\CopyPod

[2010/02/26 19:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\DAEMON Tools Lite

[2008/07/17 11:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\DNA

[2010/05/19 21:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Facebook

[2007/01/28 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Leadertech

[2007/12/22 23:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\LEGO Company

[2009/06/24 21:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Mattel

[2007/01/07 00:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Morpheus

[2008/06/16 21:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Nikon

[2007/07/03 23:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Opera

[2007/07/14 19:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\PlayFirst

[2007/12/17 16:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Riverdeep

[2010/06/23 08:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\SystemRequirementsLab

[2008/10/02 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\UDA ConstructionSuite 2009

[2008/10/02 10:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\UDA Technologies

[2008/10/02 10:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\UDA Technologies Inc

[2009/01/15 18:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Unity

[2007/04/07 18:15:50 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1168202779.job

========== Purity Check ==========

< End of report >

[Elise]

I see the problem here indeed. Before fixing it, we first need to find a replacement copy for a file.

Please rerun OTLPE and copy/paste the following text into the "custom scan/fix" field. Click the NONE button and then Run Scan. Post me the resulting log.

/md5start
userinit.exe
/md5stop

[eternalsotsm]

Error: Unable to interpret </md5start> in the current context!

Error: Unable to interpret <userinit.exe> in the current context!

Error: Unable to interpret </md5stop> in the current context!

OTLPE by OldTimer - Version 3.1.39.0 log created on 06252010_165352

[Elise]

Ouch, sorry, I meant, click Run Scan, I fixed it in my last post. My apologies

[eternalsotsm]

OTL logfile created on: 6/25/2010 6:32:43 PM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 696.00 Mb Available Physical Memory | 68.00% Memory free

907.00 Mb Paging File | 802.00 Mb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 101.34 Gb Free Space | 43.52% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet006

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKU\.DEFAULT\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2452474

IE - HKU\George_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\George_ON_C\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

IE - HKU\George_ON_C\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

IE - HKU\George_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\George_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\George_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"

FF - prefs.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="

FF - prefs.js..browser.search.selectedEngine: "Yoog Search"

FF - prefs.js..extensions.enabledItems: {A2271039-009F-4A57-8C74-AA94105427B4}:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {00458E45-C078-4584-8781-8276F7BBB450}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6

FF - prefs.js..keyword.URL: "http://www13.yoog.com/search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"

FF - user.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="

FF - user.js..browser.search.selectedEngine: "Yoog Search"

FF - user.js..keyword.URL: "http://www13.yoog.com/search.php?q="

FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/06 07:15:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 23:46:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{00458E45-C078-4584-8781-8276F7BBB450}: C:\Documents and Settings\George\Local Settings\Application Data\{00458E45-C078-4584-8781-8276F7BBB450} [2008/12/05 15:25:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/17 21:13:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/08 20:06:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 12:25:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 12:25:21 | 000,000,000 | ---D | M]

[2009/02/07 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2009/02/07 19:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/02/07 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4j3adtpk.default\extensions

[2009/02/07 20:19:50 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4j3adtpk.default\searchplugins\Yoog Search.xml

[2010/02/26 17:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/12/18 14:04:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/02/05 22:10:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{A2271039-009F-4A57-8C74-AA94105427B4}

[2007/05/12 19:15:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

[2007/08/09 16:26:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2009/01/18 14:21:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008/07/19 07:28:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/12/18 14:04:31 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/12/18 14:04:31 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2008/08/06 16:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2009/05/17 21:12:51 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/13 20:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

[2009/12/18 14:04:33 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/05/10 22:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2008/05/06 07:15:38 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2009/09/04 17:48:38 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/09/04 17:48:38 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/09/04 17:48:38 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/09/04 17:48:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/09/04 17:48:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/09/04 17:48:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/09/04 17:48:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2008/05/06 07:15:55 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2008/05/06 07:15:30 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/11/19 20:15:28 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/11/19 20:15:28 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/06/28 00:46:24 | 000,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2009/11/19 20:15:28 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/11/19 20:15:28 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/11/19 20:15:28 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/11/19 20:15:28 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/11/19 20:15:28 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/07/12 18:12:32 | 000,316,381 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 10879 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O2 - BHO: (TChkBHO Class) - {8926BF9F-D996-48C9-99E1-D27AA5164133} - C:\WINDOWS\System32\obvjcrj.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\George_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {707DB484-2428-402D-AFB5-D85B387544C7} - C:\Program Files\Mario_Forever\tbMar0.dll (Conduit Ltd.)

O3 - HKU\George_ON_C\..\Toolbar\WebBrowser: (Oryte Games 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [2c7e513c] C:\WINDOWS\System32\ydmqpjdf.DLL File not found

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [barbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe ()

O4 - HKLM..\Run: [bture] C:\WINDOWS\ubodejex.DLL File not found

O4 - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.)

O4 - HKLM..\Run: [Framework Windows] File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

O4 - HKLM..\Run: [lenepehosi] C:\WINDOWS\System32\fahihufo.DLL File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [Nfifeciqusoletu] C:\WINDOWS\Cqikoledunumul.DLL File not found

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PC-Antispy] C:\Program Files\PC-Antispy\PC-Antispy.exe File not found

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [qzsnhsljwcjm] C:\WINDOWS\System32\ehqwttxdqwaojgadl.dll File not found

O4 - HKLM..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe File not found

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\George_ON_C..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\George_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\George_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKU\George_ON_C..\Run: [Google Update] C:\Documents and Settings\George\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKU\George_ON_C..\Run: [kiro] C:\PROGRA~1\COMMON~1\kiro\kirom.exe File not found

O4 - HKU\George_ON_C..\Run: [MSFox] C:\DOCUME~1\George\LOCALS~1\Temp\a.exe File not found

O4 - HKU\George_ON_C..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)

O4 - HKU\George_ON_C..\Run: [sfKg6wIP] C:\Documents and Settings\George\Application Data\Microsoft\Windows\fgvhdx.exe File not found

O4 - HKU\George_ON_C..\Run: [speedRunner] C:\Documents and Settings\George\Application Data\SpeedRunner\SpeedRunner.exe File not found

O4 - HKU\George_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\George_ON_C..\Run: [utilMntDsc] C:\WINDOWS\System32\hcjebcxw.exe File not found

O4 - HKU\George_ON_C..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found

O4 - HKU\George_ON_C..\Run: [VnrPack23] C:\Program Files\VnrPack\VnrPack23.exe File not found

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB2092] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB3101] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB392] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB6065] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB7470] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB8594] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingB9040] C:\WINDOWS\System32\command.com ()

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD2713] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD3588] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD456] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD4733] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD4971] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD5653] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\RunOnce: [spybotDeletingD8608] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\George_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.security ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\imagePROGRAF Status Monitor.lnk = C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe (CANON INC.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\.security ()

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: XXpkEodMnY = C:\Documents and Settings\All Users\Application Data\bivexuzq\lwruvidc.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/3/B...tualEarth3D.cab (Reg Error: Value error.)

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celartem.com/en/download/data...ntrol_en_US.cab (DjVuCtl Class)

O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} http://www1.skillground.com/cab1819/SkillGround.cab (SkillGround Game Manager)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://domino5.ncat.edu/dwa7W.cab (Domino Web Access 7 Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\mukakuhe.dll) - C:\WINDOWS\System32\mukakuhe.dll File not found

O20 - AppInit_DLLs: (aeiwuv.dll) - C:\WINDOWS\System32\aeiwuv.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (logon.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkLCssP) - File not found

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/01/06 14:08:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: dwwiinst - (C:\WINDOWS\system32\disktify.dll) - C:\WINDOWS\system32\disktify.dll ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Custom Scans ==========

< MD5 for: USERINIT.EXE >

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

< End of report >

< MD5 for: [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (MICROSOFT CORPORATION) >

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

< End of report >

[Elise]

Hello again,

Please rerun OTLPE, copy/paste the following text into the "custom scan/fix" field and click Run Fix. When done, try to reboot normally and let me know how things are running.

:files
c:\windows\system32\userinit.exe|C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe /replace

:otl
O4 - HKLM..\Run: [2c7e513c] C:\WINDOWS\System32\ydmqpjdf.DLL File not found
O4 - HKLM..\Run: [lenepehosi] C:\WINDOWS\System32\fahihufo.DLL File not found
O4 - HKLM..\Run: [Nfifeciqusoletu] C:\WINDOWS\Cqikoledunumul.DLL File not found
O4 - HKLM..\Run: [PC-Antispy] C:\Program Files\PC-Antispy\PC-Antispy.exe File not found
O4 - HKLM..\Run: [qzsnhsljwcjm] C:\WINDOWS\System32\ehqwttxdqwaojgadl.dll File not found
O4 - HKLM..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.security ()
O4 - HKU\George_ON_C..\Run: [MSFox] C:\DOCUME~1\George\LOCALS~1\Temp\a.exe File not found
O4 - HKU\George_ON_C..\Run: [SfKg6wIP] C:\Documents and Settings\George\Application Data\Microsoft\Windows\fgvhdx.exe File not found
O4 - HKU\George_ON_C..\Run: [UtilMntDsc] C:\WINDOWS\System32\hcjebcxw.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: XXpkEodMnY = C:\Documents and Settings\All Users\Application Data\bivexuzq\lwruvidc.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\George_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkLCssP) - File not found
O36 - AppCertDlls: dwwiinst - (C:\WINDOWS\system32\disktify.dll) - C:\WINDOWS\system32\disktify.dll ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\mukakuhe.dll) - C:\WINDOWS\System32\mukakuhe.dll File not found
O20 - AppInit_DLLs: (aeiwuv.dll) - C:\WINDOWS\System32\aeiwuv.dll ()
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found

:commands
[emptytemp]

[eternalsotsm]

It actually started up normally!You're truly a life saver!

The only problem was something at startup that said: Could not find c:\windows\ubodejex.dll. Should i just ignore this?

Also, it will not let me see our network computers. I thought that it was weird, so i tried to create a new one, but when i click, it will not let me set one up.

[eternalsotsm]

Here's what it said: The network connections folder was unable to retrieve the list of network adapters on your machine. Please make sure that the network connections service is enabled and running.

But i'm on the internet right now...so it's obviously running...