Jump to content

Removed MS Security Essentials but still have problems


Recommended Posts

I had an issue with the fake Microsoft Security Essentials yesterday and after much aggravation it was removed. Sadly, it appears to have altered my browser and I keep getting errors that want to shut down various programs such as Outlook and Excel. Once it shuts them down I end up with my network connection being killed and I can no longer access or share files in the office.

Below is the OTL report but I could not get Rootkit Unhooker to scan. It said it was but did absolutely nothing for 45 minutes.

OTL logfile created on: 10/8/2010 4:05:43 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 49.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 130.64 Gb Free Space | 87.68% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STATION13

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - c:\Program Files\Digital Hands\Agent\AgentMon.exe (Kaseya)

PRC - C:\Program Files\Digital Hands\Agent\KaUsrTsk.exe (Kaseya)

PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)

PRC - C:\Program Files\SiteAdvisor\6173\SAService.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\WINDOWS\system32\PSIService.exe ()

PRC - C:\WINDOWS\system32\FreezeScreenSaver.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (6to4) -- C:\WINDOWS\System32\6to4ex.dll File not found

SRV - (myAgtSvc) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Enterprise Service) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)

SRV - (EngineServer) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (KaseyaAgent) -- c:\program files\Digital Hands\Agent\AgentMon.exe (Kaseya)

SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)

SRV - (SiteAdvisor Service) -- C:\Program Files\SiteAdvisor\6173\SAService.exe ()

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (FreezeScreenSaver) -- C:\WINDOWS\system32\FreezeScreenSaver.exe ()

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found

DRV - (lmimirr) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys File not found

DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (MfeRKDK) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (MfeBOPK) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (MfeAVFK) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (kbdhid) -- C:\WINDOWS\system32\drivers\kbdhid.sy@ (Microsoft Corporation)

DRV - (KAPFA) -- C:\WINDOWS\system32\drivers\KaPFA.sys (Kaseya)

DRV - (dot4ufd) -- C:\WINDOWS\system32\drivers\Hppaufd0.sys (HP)

DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)

DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60252

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60252

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.13

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 22:17:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/18 15:07:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/04/20 18:33:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/08 15:48:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 12:03:43 | 000,000,000 | ---D | M]

[2008/09/09 12:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2008/09/09 12:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/07 09:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mc19wesz.default\extensions

[2009/07/17 08:00:36 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mc19wesz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

[2009/08/11 10:05:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mc19wesz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/07 09:39:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/16 12:03:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/18 15:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/09/16 12:03:33 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/16 12:03:33 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2010/02/18 15:07:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2008/03/20 18:21:26 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2010/09/16 12:03:37 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/08/13 06:58:22 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/07/09 08:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/07/09 08:22:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/07/09 08:22:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/07/09 08:22:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/07/09 08:22:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/07/09 08:22:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/07/09 08:22:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2008/01/17 14:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll

[2007/08/21 20:42:32 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

[2007/08/09 14:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll

[2007/08/09 14:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

[2010/01/27 14:33:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/27 14:33:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2008/03/06 06:12:18 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml

[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

[2010/01/27 14:33:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/27 14:33:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/01 19:51:32 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

[2010/01/27 14:33:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/27 14:33:38 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/06/03 10:08:56 | 000,248,237 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 8665 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found

O3 - HKLM\..\Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found

O4 - HKLM..\Run: [Digital Hands Agent] C:\Program Files\Digital Hands\Agent\KaUsrTsk.exe (Kaseya)

O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe (McAfee, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKLM..\RunOnceEx: [] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\WSToolbar4IE.dll (CNET-Networks)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: verizon.com ([]http in Local intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab (SpinTop Games Launcher)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\armhelper.ocx (ArmHelper Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab (Dell PC Checkup Installer Control)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.250.0.12 71.250.0.12

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/10/05 21:57:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{76062cc6-164d-11df-ba4f-0013203fd17f}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found

O33 - MountPoints2\{e74c69d1-f6ae-11dd-ba0b-0013203fd17f}\Shell - "" = AutoRun

O33 - MountPoints2\{e74c69d1-f6ae-11dd-ba0b-0013203fd17f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e74c69d1-f6ae-11dd-ba0b-0013203fd17f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\System32\6to4ex.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 16:00:30 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/10/08 12:13:39 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sy@

[2010/10/08 01:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/10/08 01:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun

[2010/10/07 18:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/07 18:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/07 17:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/07 17:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/10/07 11:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/10/07 11:41:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/07 11:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/07 11:41:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/07 11:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/07 10:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FF5670D377F0F83483266B480F25662D

[2010/10/07 10:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update

[2010/10/07 10:06:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2007/04/25 11:33:04 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/08 16:08:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job

[2010/10/08 15:33:34 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/10/08 15:15:35 | 000,016,263 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/10/08 15:15:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/08 15:14:39 | 000,081,328 | ---- | M] () -- C:\log.html

[2010/10/08 15:14:31 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration RunOnce Task.job

[2010/10/08 15:14:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/10/08 15:14:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/08 15:13:45 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/10/08 15:13:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/10/08 15:13:09 | 003,997,636 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010/10/08 14:31:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/10/08 14:23:55 | 030,912,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gcm.mdb

[2010/10/08 14:10:05 | 209,618,944 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Archive Copy 12-10-2004 Gulf Coast Metals Co Inc.QBW

[2010/10/08 13:31:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/10/08 12:31:08 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/10/08 10:31:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/10/08 09:31:15 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/10/08 08:31:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/10/07 18:31:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/10/07 17:31:07 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/10/07 16:35:30 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/10/07 12:58:58 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/10/07 12:04:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/07 11:42:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/07 11:34:31 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/10/07 10:24:40 | 000,505,686 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/10/07 10:24:40 | 000,444,450 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/07 10:24:40 | 000,072,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/07 10:12:48 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/10/07 10:12:45 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/10/07 10:12:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/10/07 10:12:39 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/10/07 10:12:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/10/07 10:10:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/10/07 10:10:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/10/07 10:10:16 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/10/07 10:10:06 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/10/07 10:09:25 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/10/07 10:09:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/10/07 10:09:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/10/07 10:08:43 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/10/07 10:08:26 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\444.bat

[2010/10/07 10:08:18 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\asdsada.bat

[2010/10/05 09:02:34 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\LearningTeamCharter+1.doc

[2010/10/04 13:46:21 | 000,168,453 | ---- | M] () -- C:\logfile

[2010/10/04 13:43:39 | 002,502,656 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010/10/04 13:43:38 | 001,247,232 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2010/10/01 14:25:00 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Application Times.xls

[2010/10/01 13:26:16 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\LearningTeamCharter.doc

[2010/09/30 14:12:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2010/09/30 12:41:58 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Week 1 discussion.doc

[2010/09/23 16:44:17 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Federal Funding and Public Universities.ppt

[2010/09/23 16:17:55 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Federal Funding.doc

[2010/09/23 09:20:09 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Riverpoint Writer.doc

[2010/09/23 08:19:58 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Julie.doc

[2010/09/16 13:46:06 | 000,000,901 | ---- | M] () -- C:\MFW3.xml

[2010/09/15 18:04:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/09/15 09:50:41 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Resume-1.doc

[2010/09/15 09:47:25 | 000,053,658 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ResumeExport.pdf

[2010/09/14 16:07:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/07 12:04:01 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/07 11:42:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/07 10:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/10/07 10:12:43 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/10/07 10:12:40 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/10/07 10:12:38 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/10/07 10:12:26 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/10/07 10:12:24 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/10/07 10:12:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/10/07 10:12:19 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/10/07 10:12:17 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/10/07 10:12:12 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/10/07 10:12:10 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/10/07 10:12:06 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/10/07 10:12:04 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/10/07 10:11:58 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/10/07 10:10:59 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/10/07 10:10:48 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/10/07 10:10:41 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/10/07 10:10:33 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/10/07 10:10:14 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/10/07 10:10:05 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/10/07 10:09:24 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/10/07 10:09:10 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/10/07 10:09:02 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/10/07 10:08:44 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job

[2010/10/07 10:08:41 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/10/07 10:08:26 | 000,002,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\444.bat

[2010/10/07 10:08:18 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\asdsada.bat

[2010/10/05 09:02:32 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\LearningTeamCharter+1.doc

[2010/10/01 13:57:43 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Application Times.xls

[2010/10/01 13:26:15 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\LearningTeamCharter.doc

[2010/09/30 12:41:41 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Week 1 discussion.doc

[2010/09/23 16:44:17 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Federal Funding and Public Universities.ppt

[2010/09/23 16:17:54 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Federal Funding.doc

[2010/09/23 08:59:05 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Riverpoint Writer.doc

[2010/09/23 08:19:58 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Julie.doc

[2010/09/16 13:46:05 | 000,000,901 | ---- | C] () -- C:\MFW3.xml

[2010/09/15 09:50:40 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Resume-1.doc

[2010/09/15 09:47:25 | 000,053,658 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ResumeExport.pdf

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2008/09/23 12:06:59 | 000,000,336 | ---- | C] () -- C:\Program Files\temp995.bat

[2008/05/27 07:50:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2008/04/14 07:54:15 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2008/04/14 07:54:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2008/03/11 15:50:19 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WPMail-MAPI-0.1.log.txt

[2008/03/11 15:18:29 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2008/03/11 15:18:29 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\FEB3C4A35E.sys

[2008/02/05 14:45:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Administrator.ini

[2007/11/29 14:04:21 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2007/09/12 11:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2007/05/02 08:24:03 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini

[2007/03/28 11:53:10 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/10/09 11:31:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2006/10/06 07:35:01 | 000,000,176 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2006/10/05 23:11:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/10/05 22:10:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2006/10/03 17:33:47 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2004/10/06 17:45:06 | 000,026,910 | ---- | C] () -- C:\WINDOWS\System32\EK1400LM.DLL

[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1999/01/04 13:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll

[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== LOP Check ==========

[2008/05/16 12:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\7Wonders

[2008/05/15 15:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore

[2009/02/17 18:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon

[2010/10/07 16:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fecazo

[2010/10/07 10:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FF5670D377F0F83483266B480F25662D

[2010/09/01 09:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GoodSync

[2007/09/20 12:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWin

[2010/03/22 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech

[2009/09/24 12:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MP3Rocket

[2010/10/07 10:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mupuyt

[2008/03/31 16:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12

[2009/10/20 10:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

[2010/09/30 12:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Riverpoint Writer

[2008/09/23 11:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SpinTop

[2008/04/14 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut

[2009/10/12 12:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird

[2010/03/18 08:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

[2007/05/09 15:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint

[2008/03/28 13:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2009/02/17 18:05:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/08/06 09:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ

[2009/04/21 11:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX

[2009/02/17 18:26:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2009/02/17 18:24:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2009/02/17 18:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu

[2008/04/14 07:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2007/03/26 15:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2007/06/26 13:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2007/03/16 13:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

[2010/01/21 09:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2008/04/14 07:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut

[2008/09/23 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/07/02 12:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio

[2010/10/07 11:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update

[2008/06/03 10:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2010/10/07 10:08:43 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/10/08 09:31:15 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/10/08 10:31:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/10/07 11:34:31 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/10/08 12:31:08 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/10/08 13:31:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/10/08 14:31:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/10/08 15:33:34 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/10/07 16:35:30 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/10/07 17:31:07 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/10/07 18:31:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/10/07 10:09:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/10/07 10:12:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/10/07 10:12:39 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/10/07 10:12:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/10/07 10:12:45 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/10/07 10:12:48 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/10/07 10:09:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/10/07 10:09:25 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/10/07 10:10:06 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/10/07 10:10:16 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/10/07 10:10:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/10/07 10:10:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/10/08 08:31:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/10/08 15:14:31 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job

[2010/09/30 14:12:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

[2010/10/08 16:08:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/11/12 14:58:49 | 000,001,024 | ---- | M] () -- C:\.rnd

[2006/10/05 21:57:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/06/10 15:08:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2008/03/20 14:10:35 | 000,216,742 | ---- | M] () -- C:\ClearLog.txt

[2006/10/05 21:57:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/10/05 21:57:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2007/04/27 13:24:19 | 000,202,957 | ---- | M] () -- C:\lma_log.html

[2010/10/08 15:14:39 | 000,081,328 | ---- | M] () -- C:\log.html

[2010/10/04 13:46:21 | 000,168,453 | ---- | M] () -- C:\logfile

[2008/11/12 17:24:17 | 000,000,594 | ---- | M] () -- C:\MFW0.xml

[2009/02/26 23:53:22 | 000,000,594 | ---- | M] () -- C:\MFW1.xml

[2010/01/27 12:30:18 | 000,000,601 | ---- | M] () -- C:\MFW2.xml

[2010/09/16 13:46:06 | 000,000,901 | ---- | M] () -- C:\MFW3.xml

[2006/10/05 21:57:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/06/14 09:53:35 | 000,028,672 | ---- | M] () -- C:\NewData.xls

[2007/05/01 08:16:16 | 000,757,567 | ---- | M] () -- C:\new_log.html

[2004/08/12 09:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/12/22 09:08:41 | 000,250,048 | ---- | M] () -- C:\ntldr

[2010/10/08 15:14:22 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2009/01/09 12:57:30 | 000,000,050 | ---- | M] () -- C:\wizard.txt

< %systemroot%\system32\*.dll/lockedfiles >

Invalid Switch: lockedfiles

< %systemroot%\Tasks\*.job/lockedfiles >

Invalid Switch: lockedfiles

< %systemroot%\System32\config\*.sav >

[2006/10/05 17:46:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006/10/05 17:46:22 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2006/10/05 17:46:22 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys/90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/04/01 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9F.DLL

[2008/04/01 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9F.DLL

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/04/25 06:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43e.DLL

[2004/03/22 18:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887

< End of report >

OTL Extras logfile created on: 10/8/2010 4:05:43 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 49.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 130.64 Gb Free Space | 87.68% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STATION13

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)

"C:\WINDOWS\Temp\alg.exe" = C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found

"C:\WINDOWS\system32\lsass.exe" = C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:

Link to post
Share on other sites

  • Root Admin

Hello , and welcome to Malwarebytes.org

Someone will work with you one on one to assist you in that forum.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.