# Windows xp failed updates



## APPACHE (Jul 2, 2010)

first thank you for having me.
I have a dell lap top vostro 1520,I somehow got a real bad virus(virus:win32/alureon.h
I used super antispy.search and desroy malawarebytes,microsoft security essentials.
when scanning now after 4 days I am not seeing the virus any more,my volume icon keeps disapearing and coming back.I am keeping the yellow icon to install updates,but they fail every time I try to run the updates.can you help me with these problems?


----------



## daz1 (Nov 4, 2006)

go to internet explorer, go to tools, go to windows update, follow instructions, if does not work you will be given the reasons why there. post back then


----------



## flavallee (May 12, 2002)

APPACHE said:


> first thank you for having me.
> I have a dell lap top vostro 1520,I somehow got a real bad virus(virus:win32/alureon.h
> I used super antispy.search and desroy malawarebytes,microsoft security essentials.
> when scanning now after 4 days I am not seeing the virus any more,my volume icon keeps disapearing and coming back.I am keeping the yellow icon to install updates,but they fail every time I try to run the updates.can you help me with these problems?


Go here and click the installer link in version 2.0.4 to download and save *HiJackThis 2.0.4*.

After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it. Allow it to install in its default location.

After it's been installed, start it and then click "Do a system scan and save a log file".

When the scan is finished in less than 30 seconds, a log file will appear. Save that log file.

Return here to your thread, then copy-and-paste the entire log file here.

-------------------------------------------------------------------


----------



## APPACHE (Jul 2, 2010)

daz1 said:


> go to internet explorer, go to tools, go to windows update, follow instructions, if does not work you will be given the reasons why there. post back then


 Failed Updates
For help installing an update successfully, see the solution under each problem description.

*Problem: End User License Agreement (EULA) Not Accepted*
Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.

*Problem: Not Enough Disk Space*
Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you dont use. For directions, see Help and Support on your computer.

*Problem: Automatic Updates is currently installing updates*
Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website. 
Note: To view Automatic Updates progress, click the updating icon in your System Tray.

*Problem: Please check your update history for a description.*

*Microsoft Windows XP*
Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524)

all give this error







Installation Failure

*Error Code: *0x643 Try to install the update again, or request help from one of the following resources.


----------



## Macboatmaster (Jan 15, 2010)

http://support.microsoft.com/kb/923100
See this please


----------



## APPACHE (Jul 2, 2010)

flavallee said:


> Go here and click the installer link in version 2.0.4 to download and save *HiJackThis 2.0.4*.
> 
> After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it. Allow it to install in its default location.
> 
> ...


 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:49 PM, on 7/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SUPERAntiSpyware\SASCore.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259537752765
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GenericMount Helper Service - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCore.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymSnapService - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11447 bytes

I also would like to add.after starting this thread my computer is locking up and non responsive even to ctrl+alt delete.


----------



## Macboatmaster (Jan 15, 2010)

I will leave the HiJack log to Flavallee, he is expert at interpreting those, but in the meantime if the computer will boot, open My Computer, hold the mouse on the hard drive AND post the size of the drive and the free space.
Then right click the drive, click properties, click Tools, click Error checking, click Check Now, click to check automatically fix file system errors. Click start. You will receive a message asking do you wish to reschedule for next restart. Click Yes and restart.
DO NOT INTERRUPT. Allow it to run.


----------



## APPACHE (Jul 2, 2010)

I am downloading the .net frame and installing,i hope I'm suppose to do all of them,it wouldn't let me remove some of them..from add or remove.downloading now.


----------



## flavallee (May 12, 2002)

APPACHE:

Start HijackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button. 

Click on the "Open Uninstall Manager" button. 

Click the "Save List" button. 

Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

------------------------------------------------------------------


----------



## APPACHE (Jul 2, 2010)

it did not help it,still won't install updates,the volume icon comes and goes.i can follow instuctions,but I think I have to many .net frame's now)I have no idea which ones I need and don't need)also when I restart or turn my computer on,it goes to the black operating system page now.ok thanks so far on to the next step.I see I have another reply just come in.wow you are so cool and fast..


----------



## APPACHE (Jul 2, 2010)

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advanced SystemCare 3
AnyDVD
CloneDVD2
ConvertXtoDVD 4.0.3.313
Dell 5530 Wireless Broadband Package
Dell Resource CD
Dell Support Center (Support Software)
Dell Wireless WLAN Card Utility
Dell Wireless WLAN Card Utility
DivX Setup
Free Download Manager 3.0
GEAR driver installer for x86 and x64
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
IObit Security 360
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 4.9.5
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Antimalware
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office InfoPath MUI (English) 2010 (Beta)
Microsoft Office Mondo 2010
Microsoft Office Mondo 2010 (Beta)
Microsoft Office MondoOnly MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Project MUI (English) 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
Microsoft Office Visio MUI (English) 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
O2Micro Flash Memory Card Windows Driver
O2Micro Flash Memory Card Windows Driver
OGA Notifier 2.0.0048.0
Perfect Uninstaller v5.5
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RealUpgrade 1.0
Roxio Drag-to-Disc
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Smart Defrag
SUPERAntiSpyware Free Edition
TeamViewer 5
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WIDCOMM Bluetooth Software
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

I can remove what ever it takes if needed,I ryed to uninstall that spybot search and remove but couldn't..one thing at a time..your all great so happy I found ya


----------



## APPACHE (Jul 2, 2010)

Macboatmaster said:


> I will leave the HiJack log to Flavallee, he is expert at interpreting those, but in the meantime if the computer will boot, open My Computer, hold the mouse on the hard drive AND post the size of the drive and the free space.
> Then right click the drive, click properties, click Tools, click Error checking, click Check Now, click to check automatically fix file system errors. Click start. You will receive a message asking do you wish to reschedule for next restart. Click Yes and restart.
> DO NOT INTERRUPT. Allow it to run.


 can you tell me where or what the hard drive is marked.sorry but I see local disk c dvd-ram drive D local disk E local disk F


----------



## flavallee (May 12, 2002)

You've got several unneeded and outdated programs in that computer, but that's not your main problem.

According to your original comments, your problems begin after your computer got infected, and it appears that some serious damage was done.

Click "Report" in the lower right of the reply window, then request to have your thread moved to the malware section for assistance.

If the problem is unable to get resolved, be prepared to wipe out that hard drive and do a reinstall of Windows XP.

--------------------------------------------------------------


----------



## APPACHE (Jul 2, 2010)

I was wondering if you could answer a question for me,I have a brand new hard drive dell sent me when they thought mine was out,but it turned out it wasn't.my computer was bought new the first of august last year.If I change my hard drive what will that do,and would it fix my problem??thank you so much for your help.I always pay my bills


----------



## APPACHE (Jul 2, 2010)

ok I figured to reply to say I have figured out how to fix my updates.I did this and yes it really works.For failed updates:
Start?Run?type ?services.msc? (without quotes)?open Automatic Updates properties?Stop the service (keep window open). Navigate to C:\Windows\SoftwareDistribution?rename this file. Restart Automatic Updates in the above Services window. Retry update.


----------



## flavallee (May 12, 2002)

APPACHE said:


> I was wondering if you could answer a question for me,I have a brand new hard drive dell sent me when they thought mine was out,but it turned out it wasn't.my computer was bought new the first of august last year.If I change my hard drive what will that do,and would it fix my problem??thank you so much for your help.I always pay my bills


If you replace the hard drive in that computer, it will have nothing - no operating system, no programs, nothing.

You would have to format the new hard drive, then install the operating system, then get the operating system up-to-date, then install all your programs.

I can tell you from experience from resurrecting several older Windows XP computers that it's about a 15 - 20 hour job.

---------------------------------------------------------------


----------



## APPACHE (Jul 2, 2010)

that sounds alful.back to square 1.I don't no what else to do.I don't have a backup,maybe a old one some-where,when I redone my computer somewhere between aug and november.almost new computer,I couldn't get my windows to validate.dell gave me a hard time to where I was in tears saying I would have to pay to have that done,it wouldn't take the serial on my computer..I stuck that backup in and it has ran great until now.I am so afraid this will happen again.


----------



## flavallee (May 12, 2002)

You appear to have both *Malwarebytes Anti-Malware* and *SUPERAntiSpyware* installed, so I'm going to have you put them to use. Follow the below instructions carefully.

Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - Perform quick scan - Scan".

If infections are found during the scan, the number of infections will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *everything* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

Start SUPERAntiSpyware.

Click "Check for Updates".

When the definition files have updated, click "Close".

Click "Scan your Computer - Perform Quick Scan - Next".

If infections or problems are found during the scan, a list will appear.

When the scan is finished and the scan summary window appears, click "OK".

Make sure that *everything* in the list is selected, then click "Next".

If you're prompted to restart to finish the removal process, click "Yes".

Start SUPERAntiSpyware again.

Click "Preferences - Statistics/Logs"(tab).

Highlight the scan log entry, then click "View Log".

When the scan log appears in Notepad, copy-and-paste it here.

----------------------------------------------------------------


----------



## APPACHE (Jul 2, 2010)

the update icon came back and is right back to updates failed

nothing in Malwarebytes 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/04/2010 at 09:37 PM
Application Version : 4.90.1018
Core Rules Database Version : 5155
Trace Rules Database Version: 2967
Scan type : Quick Scan
Total Scan Time : 00:08:17
Memory items scanned : 540
Memory threats detected : 0
Registry items scanned : 510
Registry threats detected : 0
File items scanned : 6925
File threats detected : 5
Adware.Tracking Cookie
C:\Documents and Settings\pamela salyers young\Cookies\[email protected][2].txt
Adware.Flash Tracking Cookie
C:\Documents and Settings\pamela salyers young\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q2QJN5NG\IA.MEDIA-IMDB.COM
C:\Documents and Settings\pamela salyers young\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q2QJN5NG\A.ADS2.MSADS.NET
C:\Documents and Settings\pamela salyers young\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q2QJN5NG\ADS2.MSADS.NET
C:\Documents and Settings\pamela salyers young\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q2QJN5NG\B.ADS2.MSADS.NET


----------



## flavallee (May 12, 2002)

I think one of your problems is where and what you're downloading and installing in that computer.

The current version of *SUPERAntiSpyware* is 4.40.0.1002. You appear to have installed and used a beta version of it.

You have a beta version of *Microsoft Office 2010* installed.

I think you're beating your head against the wall.

----------------------------------------------------------------


----------



## APPACHE (Jul 2, 2010)

I am will to remove what ever has to be removed.the SUPERAntiSpyware was just installed a few days ago,because I read on here to use it,so I down loaded the wrong verson no problem,microsoft has been on here for months,also no problem unstalling,I am only listening to you all here at this time.this way I no and you no I'm not doing what peter and paul said to do.I am removing this items at this time.thank you again,so thiese steps are being taken care of.


----------



## flavallee (May 12, 2002)

Besides getting rid of *Microsoft Office 2010 Beta*, also get rid of

*Advanced SystemCare 3* (IObit)

*IObit Security 360

Windows Live OneCare Safety Scanner*

After they've all been uninstalled/removed, restart your computer.

Start HiJackThis and run a scan, then save that new log and submit it here.

I don't know if you're going to get your update problem resolved, but you need to get rid of the useless and unneeded crap in that computer.

-------------------------------------------------------------


----------



## APPACHE (Jul 2, 2010)

what else kinda crap do I need to get rid of,I download alot of movies?
well here is the log,and right now the update icon is gone..lets cross our fingers hope you don't charge by the hour.( jk) 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:07 PM, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259537752765
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GenericMount Helper Service - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (file missing)
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Office Software Protection Platform (osppsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAS Core Service (SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCore.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymSnapService - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10741 bytes


----------



## eddie5659 (Mar 19, 2001)

Hiya

Moved this to the Malware forum, to help you clean up the computer 

Okay, as flavallee said, you have a lot of things you don't need. So, lets firstly run these programs:

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *30*

Under the Custom Scan box paste this in

*netsvcs
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
*

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.


Regards

eddie


----------



## APPACHE (Jul 2, 2010)

OTL Extras logfile created on: 7/5/2010 4:20:20 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\pamela salyers young\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.85 Gb Total Space | 214.22 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAM
Current User Name: pamela salyers young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpywareOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- File not found
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- File not found
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2DCEFEFF-7831-4D79-BC28-11D1B8D7E076}" = Dell 5530 Wireless Broadband Package
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}" = O2Micro Flash Memory Card Windows Driver
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"Free Download Manager_is1" = Free Download Manager 3.0
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}" = O2Micro Flash Memory Card Windows Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Perfect Uninstaller_is1" = Perfect Uninstaller v5.5
"RealHideIP" = Real Hide IP
"RealPlayer 12.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 0.9.9
"VSO ConvertXtoDVD 4_is1" = ConvertXtoDVD 4.0.3.313
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Microsoft Office\Office14\Microsoft.Web.Authoring.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:35 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Microsoft Office\Office14\Microsoft.Web.Design.Client.dll
. Error code = 0x80131047

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog 
to create the log fil

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = System.EnterpriseServices | ID = 0
Description =

[ System Events ]
Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Remote Procedure Call (RPC) Net service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (DellSupportCenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 7/5/2010 3:46:28 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following 
error: %%2

< End of report >


----------



## APPACHE (Jul 2, 2010)

OTL logfile created on: 7/5/2010 4:20:20 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\pamela salyers young\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.85 Gb Total Space | 214.22 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAM
Current User Name: pamela salyers young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/05 16:14:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pamela salyers young\Desktop\OTL.exe
PRC - [2010/06/09 12:10:26 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/02 23:40:25 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/30 23:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/06/03 18:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 18:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/02/20 22:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe
PRC - [2009/01/08 15:55:00 | 000,072,224 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/07/05 16:14:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pamela salyers young\Desktop\OTL.exe
MOD - [2008/04/13 19:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (SASCORE)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010/06/09 12:10:26 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/29 21:05:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/03 18:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/02/20 22:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe -- (STacSV)
SRV - [2009/01/08 15:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (PCIIde)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\GenericMount.sys -- (GenericMount)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/07/02 08:16:05 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KBDHID.SYS -- (kbdhid)
DRV - [2010/07/02 06:10:42 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iastor)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/27 14:40:40 | 000,045,648 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/08 11:06:09 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/12/03 05:14:07 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/26 13:57:34 | 000,025,768 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/14 10:35:16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/30 15:51:28 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/20 22:36:00 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/20 22:35:00 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 19:54:00 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/15 12:19:36 | 000,023,848 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/08 15:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/08 15:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/12/12 22:33:58 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/08/11 12:40:34 | 000,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 09:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 04:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/14 04:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/14 04:15:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/14 04:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 04:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 04:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/14 04:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/14 04:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 20:16:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/13 20:16:26 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/13 20:16:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/13 20:16:22 | 000,121,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/04/13 20:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 20:09:52 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/13 19:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 19:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 19:00:00 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 19:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 19:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 19:00:00 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 19:00:00 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 19:00:00 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 19:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 19:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2008/04/13 19:00:00 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 19:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 19:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 19:00:00 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 19:00:00 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:00:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2008/04/13 19:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2008/04/13 19:00:00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 19:00:00 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 19:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 19:00:00 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 19:00:00 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 19:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 19:00:00 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)
DRV - [2008/04/13 19:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 19:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 19:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 19:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 19:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 19:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 19:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 19:00:00 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 19:00:00 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 19:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 19:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 19:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 19:00:00 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 19:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 19:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 19:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 19:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 19:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 19:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 19:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 19:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 19:00:00 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 19:00:00 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 19:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 19:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 19:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 19:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 19:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 19:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/04/13 19:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2008/04/13 19:00:00 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 19:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 19:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 19:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 19:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 19:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 19:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 19:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 19:00:00 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 19:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 19:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 19:00:00 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 19:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 19:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2008/04/13 19:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/13 19:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2008/04/13 19:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 19:00:00 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 19:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 19:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 19:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 19:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2008/04/13 19:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2008/04/13 19:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/04/13 19:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 19:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2008/04/13 19:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2008/04/13 19:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 19:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 19:00:00 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 19:00:00 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 19:00:00 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 19:00:00 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 19:00:00 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 19:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/04/13 19:00:00 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 19:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008/04/13 19:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2008/04/13 19:00:00 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 19:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 19:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 19:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2008/04/13 19:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2008/04/13 19:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2008/04/13 19:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2008/04/13 19:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2007/07/23 19:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 19:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 19:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 19:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 19:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 19:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 19:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 19:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 18:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 18:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 18:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 18:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/03/31 17:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/23 14:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/09/28 23:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 22:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A DD 99 B5 7B 71 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]reedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6
FF - prefs.js..network.proxy.no_proxies_on: "local"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/03 21:32:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/07/01 11:29:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/04 10:59:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/30 22:25:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 22:18:44 | 000,000,000 | ---D | M]

[2010/01/03 19:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pamela salyers young\Application Data\Mozilla\Extensions
[2010/01/03 19:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pamela salyers young\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/04 05:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pamela salyers young\Application Data\Mozilla\Firefox\Profiles\dc41a5cb.default\extensions
[2010/06/30 02:26:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\pamela salyers young\Application Data\Mozilla\Firefox\Profiles\dc41a5cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/30 22:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/30 22:18:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/26 04:41:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/26 04:41:25 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/08/07 10:38:10 | 000,044,544 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2010/06/26 04:41:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/26 03:01:57 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/06/26 03:01:57 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/06/26 03:01:57 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/06/26 03:01:57 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/06/26 03:01:57 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/06/26 03:01:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/06/26 03:01:57 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/02 13:27:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259537752765 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.68.227.1 204.68.227.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/29 11:06:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 16:14:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pamela salyers young\Desktop\OTL.exe
[2010/07/05 15:42:17 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pamela salyers young\Desktop\TFC.exe
[2010/07/04 03:58:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/07/03 19:37:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/03 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/03 03:10:47 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/02 23:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SASCORE
[2010/07/02 23:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/02 21:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\My Documents\MOVIE DOWNLOAD JULY 2010
[2010/07/02 13:44:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/02 13:24:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/02 13:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/02 11:15:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/02 11:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Local Settings\Application Data\ApplicationHistory
[2010/07/02 06:10:42 | 000,324,120 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IASTOR.SYS
[2010/07/02 00:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/01 23:33:53 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/01 23:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/01 17:36:24 | 000,324,120 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\lhyoapjy.sys
[2010/07/01 13:45:30 | 000,324,120 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\mlaoufwq.sys
[2010/07/01 11:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Desktop\FROM DAVE GET RID OF VIRUS
[2010/07/01 04:37:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pamela salyers young\Recent
[2010/07/01 01:29:44 | 000,106,464 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys.upd
[2010/07/01 01:29:43 | 000,153,448 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.upd
[2010/07/01 01:29:26 | 000,291,352 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys.upd
[2010/07/01 01:24:11 | 000,111,312 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.upd
[2010/06/30 21:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/06/30 21:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/06/30 21:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/06/30 20:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/30 20:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/30 18:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/06/30 04:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/29 19:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Local Settings\Application Data\Opera
[2010/06/29 19:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Application Data\Opera
[2010/06/29 19:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/06/29 17:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\My Documents\devils playground,shz and wildwest stuff
[2010/06/29 03:09:21 | 000,000,000 | ---D | C] -- C:\Restored Files
[2010/06/29 02:00:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/06/29 00:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Local Settings\Application Data\ootgxomll
[2010/06/28 23:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/28 23:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Application Data\Uniblue
[2010/06/28 23:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/06/28 21:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/28 19:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/06/28 19:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/06/28 19:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/06/27 17:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/27 16:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/18 01:44:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/06/18 01:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/06/17 18:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Application Data\DivX
[2010/06/17 18:31:49 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/06/17 18:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/10 14:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pamela salyers young\Local Settings\Application Data\PCHealth
[2010/06/10 11:47:02 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

========== Files - Modified Within 30 Days ==========

[2010/07/05 16:14:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pamela salyers young\Desktop\OTL.exe
[2010/07/05 16:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 16:11:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 15:46:30 | 000,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 15:46:27 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/07/05 15:46:23 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/07/05 15:46:23 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/07/05 15:46:08 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
[2010/07/05 15:46:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 15:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 15:45:05 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\ntuser.dat
[2010/07/05 15:45:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\pamela salyers young\ntuser.ini
[2010/07/05 15:42:21 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pamela salyers young\Desktop\TFC.exe
[2010/07/05 15:20:41 | 010,711,192 | -H-- | M] () -- C:\Documents and Settings\pamela salyers young\Local Settings\Application Data\IconCache.db
[2010/07/05 14:55:35 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 14:55:35 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 14:55:35 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 14:43:07 | 000,010,743 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\hijackthis LOG TEST
[2010/07/05 14:37:03 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\HiJackThis.lnk
[2010/07/05 14:25:06 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 12:18:10 | 000,000,555 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/04 19:34:31 | 000,001,041 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Application Data\vso_ts_preview.xml
[2010/07/04 18:15:17 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/04 15:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
[2010/07/04 11:08:42 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\Failed Windows Update 2 of 12.url
[2010/07/03 19:51:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/03 19:40:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/03 17:14:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/03 17:14:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/03 16:09:05 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code 0x643 or Windows Installer error code 1603.url
[2010/07/03 00:27:09 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\Virus Win32-Alureon.H - Tech Support Guy Forums.url
[2010/07/02 17:01:21 | 000,071,784 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/02 13:52:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 13:27:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/02 08:02:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/02 06:10:42 | 000,324,120 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IASTOR.SYS
[2010/07/02 00:14:10 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/01 23:33:51 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/01 18:10:09 | 000,411,396 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100702-010140.backup
[2010/07/01 17:36:24 | 000,324,120 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\lhyoapjy.sys
[2010/07/01 13:45:30 | 000,324,120 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\mlaoufwq.sys
[2010/07/01 11:28:59 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2010/07/01 01:29:44 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys.upd
[2010/07/01 01:29:43 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.upd
[2010/07/01 01:29:26 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys.upd
[2010/07/01 01:24:11 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.upd
[2010/07/01 00:44:36 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat
[2010/07/01 00:44:36 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/06/30 22:24:57 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2010/06/30 22:24:56 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/06/30 22:18:45 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/30 22:18:45 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_sbl.sig
[2010/06/30 21:53:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_bl.sig
[2010/06/30 20:33:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/30 17:37:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/06/28 20:07:12 | 000,001,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/28 19:42:26 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat
[2010/06/25 23:57:07 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\PUTTY.RND
[2010/06/17 23:18:43 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\Shortcut to hjsplit.lnk
[2010/06/17 18:32:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/09 22:06:15 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\My Documents\crack.rar
[2010/06/09 12:10:26 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2010/06/07 03:17:33 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\Shortcut to NEW DOWNLOAD FROM DOWNLOAD MANAGER.lnk
[2010/06/06 17:05:12 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\pamela salyers young\Desktop\Perfect Uninstaller (2).lnk

========== Files Created - No Company Name ==========

[2010/07/05 14:43:07 | 000,010,743 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\hijackthis LOG TEST
[2010/07/04 03:58:35 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\Failed Windows Update 2 of 12.url
[2010/07/03 16:09:05 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code 0x643 or Windows Installer error code 1603.url
[2010/07/03 15:47:00 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\HiJackThis.lnk
[2010/07/02 23:35:24 | 011,010,048 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\ntuser.dat
[2010/07/02 13:24:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/02 13:24:15 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/02 13:04:29 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\Virus Win32-Alureon.H - Tech Support Guy Forums.url
[2010/07/02 00:14:10 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/01 00:44:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/07/01 00:44:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/07/01 00:37:21 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2010/06/30 22:24:57 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2010/06/30 22:24:56 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/06/30 22:18:45 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/30 22:18:45 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_sbl.sig
[2010/06/30 21:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_bl.sig
[2010/06/29 02:03:18 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 19:45:59 | 000,001,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/28 19:42:26 | 000,016,384 | -H-- | C] () -- C:\SZKGFS.dat
[2010/06/17 23:18:46 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\Shortcut to hjsplit.lnk
[2010/06/17 18:53:07 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/06/17 18:32:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/09 22:06:15 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\My Documents\crack.rar
[2010/06/07 03:17:37 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\Shortcut to NEW DOWNLOAD FROM DOWNLOAD MANAGER.lnk
[2010/06/06 17:05:12 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\pamela salyers young\Desktop\Perfect Uninstaller (2).lnk
[2010/04/26 00:57:10 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2010/04/26 00:55:58 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2010/02/25 17:49:42 | 000,000,131 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/12 02:23:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/12 02:23:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/01 06:07:03 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/01 06:07:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/01 06:07:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/01 06:07:00 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/01 06:07:00 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/30 21:35:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/29 19:08:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/11/29 19:08:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/11/29 18:35:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/11/29 11:09:06 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/17 18:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 18:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 16:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 16:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(9).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(78).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(77).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(75).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(74).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(73).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(72).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(71).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(70).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(7).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(69).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(68).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(66).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(65).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(63).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(62).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(61).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(58).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(57).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(56).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(55).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(54).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(53).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(52).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(51).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(50).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(5).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(48).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(47).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(46).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(43).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(41).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(40).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(4).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(39).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(38).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(36).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(35).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(34).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(33).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(32).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(31).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(30).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(3).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(29).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(28).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(27).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(26).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(25).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(25)(2).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(24).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(23).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(22).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(21).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(20).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(18).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(17).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(16).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(15).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(14).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(13).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(12).exe:BAK
@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(11).exe:BAK
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C176AF6C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


----------



## APPACHE (Jul 2, 2010)

I think I lost page 2 I keep getting error on your page..trying again

OTL Extras logfile created on: 7/5/2010 4:20:20 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\pamela salyers young\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.85 Gb Total Space | 214.22 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAM
Current User Name: pamela salyers young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpywareOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- File not found
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- File not found
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2DCEFEFF-7831-4D79-BC28-11D1B8D7E076}" = Dell 5530 Wireless Broadband Package
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}" = O2Micro Flash Memory Card Windows Driver
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"Free Download Manager_is1" = Free Download Manager 3.0
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}" = O2Micro Flash Memory Card Windows Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Perfect Uninstaller_is1" = Perfect Uninstaller v5.5
"RealHideIP" = Real Hide IP
"RealPlayer 12.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 0.9.9
"VSO ConvertXtoDVD 4_is1" = ConvertXtoDVD 4.0.3.313
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:34 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Microsoft Office\Office14\Microsoft.Web.Authoring.dll
. Error code = 0x80131047

Error - 7/5/2010 1:07:35 PM | Computer Name = PAM | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Microsoft Office\Office14\Microsoft.Web.Design.Client.dll
. Error code = 0x80131047

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog 
to create the log fil

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 7/5/2010 2:09:35 PM | Computer Name = PAM | Source = System.EnterpriseServices | ID = 0
Description =

[ System Events ]
Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Remote Procedure Call (RPC) Net service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (DellSupportCenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 7/5/2010 3:44:04 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 7/5/2010 3:46:28 PM | Computer Name = PAM | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following 
error: %%2

< End of report >


----------



## APPACHE (Jul 2, 2010)

I think I should add that most of the time I use FreeAgent usb drive.so if you see alot of short cuts.thats where they are


----------



## eddie5659 (Mar 19, 2001)

Oki doki 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## flavallee (May 12, 2002)

eddie:

I'm going to sit on the sidelines for now while you're doing your thing. Good luck.

-----------------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Not sure why, but it looks like the OTL logs are missing some important info.

Can you do this as well as the ComboFix above:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *30*

Under the Custom Scan box paste this in

*/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
svchost.exe
/md5stop
*

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.


It may only produce one log, but that's okay


----------



## APPACHE (Jul 2, 2010)

I don't no if it worked
ComboFix 10-07-04.04 - pamela salyers young 07/05/2010 22:13:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2426 [GMT -4:00]
Running from: c:\documents and settings\pamela salyers young\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.
2010-07-02 15:03 . 2010-07-03 21:10 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ApplicationHistory
2010-07-02 12:16 . 2010-07-02 12:16 14592 ----a-w- c:\windows\system32\drivers\KBDHID.SYS
2010-07-02 10:10 . 2010-07-02 10:10 324120 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-07-02 04:14 . 2010-07-02 04:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-02 04:01 . 2010-07-02 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-02 03:33 . 2010-07-02 03:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 03:30 . 2010-07-02 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-01 21:36 . 2010-07-01 21:36 324120 ----a-w- c:\windows\system32\drivers\lhyoapjy.sys
2010-07-01 17:45 . 2010-07-01 17:45 324120 ----a-w- c:\windows\system32\drivers\mlaoufwq.sys
2010-07-01 04:44 . 2010-07-01 04:44 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-07-01 04:44 . 2010-07-01 04:44 16 ----a-w- c:\windows\system32\asdict.dat
2010-07-01 04:37 . 2010-07-01 15:28 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\wsbl.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_white.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_black.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords.dat
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\program files\BitDefender
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-07-01 01:38 . 2010-07-01 15:29 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-30 22:03 . 2010-06-30 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-30 08:21 . 2010-06-30 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-30 08:21 . 2010-06-30 08:21 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-06-29 23:06 . 2010-06-29 23:06 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\Opera
2010-06-29 23:05 . 2010-06-29 23:13 -------- d-----w- c:\program files\Opera
2010-06-29 07:09 . 2010-06-29 07:09 -------- d-----w- C:\Restored Files
2010-06-29 05:21 . 2010-06-29 05:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-29 04:46 . 2010-06-29 06:20 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ootgxomll
2010-06-29 03:46 . 2010-06-29 20:59 -------- d-----w- c:\program files\ESET
2010-06-29 03:42 . 2010-06-29 03:42 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Uniblue
2010-06-29 03:27 . 2010-06-29 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-29 01:12 . 2010-06-30 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 23:42 . 2010-06-28 23:42 16384 ---ha-w- C:\SZKGFS.dat
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\program files\Common Files\iS3
2010-06-28 23:41 . 2010-06-29 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-06-18 05:44 . 2010-06-18 05:44 -------- d-----w- c:\windows\XSxS
2010-06-18 05:44 . 2010-06-18 05:44 -------- d-----w- c:\program files\Xenocode
2010-06-17 22:32 . 2010-06-17 22:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-17 22:32 . 2010-06-17 22:27 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-17 22:32 . 2010-06-17 22:27 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-17 22:32 . 2010-06-17 22:32 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\DivX
2010-06-17 22:30 . 2010-06-17 22:30 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-17 22:30 . 2010-06-17 22:30 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-17 22:27 . 2010-06-17 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-10 18:05 . 2010-06-10 18:05 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\PCHealth
2010-06-10 15:47 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 01:26 . 2009-11-29 06:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-06 01:26 . 2009-11-30 00:02 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-06 01:26 . 2009-11-29 15:09 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-07-05 22:23 . 2009-11-29 15:16 36336 ----a-w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 18:03 . 2009-12-03 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-05 16:28 . 2009-12-05 23:25 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SUPERAntiSpyware.com
2010-07-05 16:28 . 2010-07-03 03:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-05 16:16 . 2009-11-29 23:33 -------- d-----w- c:\program files\MSBuild
2010-07-05 16:05 . 2010-01-24 06:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-04 21:42 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Free Download Manager
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\program files\Trend Micro
2010-07-03 03:20 . 2010-07-03 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SASCORE
2010-07-02 17:53 . 2010-05-29 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 05:29 . 2010-07-01 05:29 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2010-07-01 05:24 . 2010-07-01 05:24 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys.upd
2010-07-01 01:20 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 01:20 . 2010-04-26 04:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-01 01:20 . 2009-11-30 07:02 -------- d-----w- c:\program files\Symantec
2010-06-30 22:21 . 2010-02-11 06:58 -------- d-----w- c:\program files\Alwil Software
2010-06-30 08:34 . 2009-12-07 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-30 03:17 . 2009-12-03 08:48 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Vso
2010-06-29 20:47 . 2009-11-30 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-06-29 20:42 . 2009-11-30 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-29 00:07 . 2010-06-28 23:45 1512 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-17 22:32 . 2009-12-16 23:10 -------- d-----w- c:\program files\DivX
2010-06-17 22:31 . 2010-06-17 22:31 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-17 22:30 . 2009-12-16 23:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-09 16:10 . 2009-11-30 00:02 57752 ------w- c:\windows\system32\rpcnet.exe
2010-06-01 17:37 . 2010-07-03 07:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-01 06:38 . 2010-06-01 06:37 -------- d-----w- c:\program files\Free Download Manager
2010-06-01 06:37 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2010-05-30 06:31 . 2010-03-14 21:54 -------- d-----w- c:\program files\LogMeIn
2010-05-28 19:15 . 2010-05-28 19:15 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Tific
2010-05-26 16:58 . 2010-05-26 16:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-05-26 15:22 . 2010-05-26 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-05-26 01:27 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperHideIP
2010-05-25 23:43 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SuperHideIP
2010-05-24 16:44 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-19 05:41 . 2009-12-01 05:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-15 04:26 . 2010-05-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2010-05-06 10:41 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-13 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-29 05:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-29 05:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2010-06-17 22:31 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-07-26 22:22 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-07-26 22:22 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2007-07-26 11:00 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-06-20 11:00 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-27 18:40 . 2007-06-20 11:00 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-04-20 05:30 . 2008-04-13 23:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-11 05:42 . 2010-04-11 05:41 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-07 14:38 . 2010-07-01 02:25 44544 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-03 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-30 01:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^pamela salyers young^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\pamela salyers young\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-04-30 19:51 2396160 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 22:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-13 20:38 39264 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-01-29 05:51 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 16:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-03 03:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/29/2010 1:26 AM 304464]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/29/2009 7:55 PM 112512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/29/2010 1:26 AM 20952]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [11/30/2009 1:34 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [11/30/2009 1:34 AM 41760]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:51 AM 135664]
S2 SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCore.exe" --> c:\program files\SUPERAntiSpyware\SASCore.exe [?]
S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" --> c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [?]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;"c:\program files\Microsoft Office\Office14\GROOVE.EXE" /auditservice --> c:\program files\Microsoft Office\Office14\GROOVE.EXE [?]
S3 osppsvc;Office Software Protection Platform;"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" --> c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [?]
S3 SymSnapService;SymSnapService;"c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe" --> c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPFILTERDRIVER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
2010-07-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = 
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - 
FF - ProfilePath - c:\documents and settings\pamela salyers young\Application Data\Mozilla\Firefox\Profiles\dc41a5cb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\MICROS~4\Office14\URLREDIR.DLL
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-IObit Security 360 - c:\program files\IObit\IObit Security 360\IS360tray.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 22:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ...

c:\windows\system32\autochk(46).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(38).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(39).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(40).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(41).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(43).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(70).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(71).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(72).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(73).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(74).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(75).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(77).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(78).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(47).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(48).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(50).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(51).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(52).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(53).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(54).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(55).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(56).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(57).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(58).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(61).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(62).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(63).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(65).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(66).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(68).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(69).exe:BAK 23040 bytes executable
scan completed successfully
hidden files: 32
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-05 22:23:10
ComboFix-quarantined-files.txt 2010-07-06 02:23
Pre-Run: 231,650,222,080 bytes free
Post-Run: 231,691,284,480 bytes free
- - End Of File - - F4C7A913F38DF4DF8DBD5A5587CFAFA0


----------



## eddie5659 (Mar 19, 2001)

Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install Peazip

Extract *Remover.exe* to your desktop
Right click *Remover.exe* and select* Run as Administrator* (Vista) or Double click *Remover.exe* to run it (XP)
It will show a Black screen with some data on it 
*Right click* on the screen and select > *Select All *
Press *Control+C*
Now open a *notepad* and press *Control+V*
Post the resultant log here please


----------



## APPACHE (Jul 2, 2010)

I tryed 3 times I get the black screen with the data and select all,press ctrl+c the black screen goes away.
when I open notebook nothing.ctrl+v


----------



## eddie5659 (Mar 19, 2001)

When you selected all of the data, did it become highlighted?

Can you see if right-clicking after its all highlighted, and selecting Copy works. You can still press Control V when in the Notepad, so it should paste.

Let me know if that still doesn't work.

eddie


----------



## APPACHE (Jul 2, 2010)

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com
\\.\C: -> \\.\PhysicalDrive0
MD5: f074c54f7f0be93a12d0a5e3644f4758
\\.\E: -> \\.\PhysicalDrive0
\\.\F: -> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...


----------



## eddie5659 (Mar 19, 2001)

Okay, lets get the MBR Rootkit sorted.

When you start Windows, it will ask you at the beginning of the boot process if you want to boot into XP or the Recovery Console. Boot into the Recovery Console.

It will ask you to pick a Windows Installation, I assume you have only one on the C:\ drive. But, if you see one for your E:\ use that instead.

When you get to the prompt, type in *fixmbr* and press ENTER. It will ask you if you want to re-write the MBR, type in *y* for yes, and hit ENTER.

Then type *fixboot* and hit ENTER. It will ask you if you want to repair the boot sector, type in *y* for yes, and hit ENTER.

Then type in *exit* and press ENTER. Your computer will reboot, boot back into Windows and run GMER to produce a log after (details after this fix).

==========================

Download the *GMER Rootkit Scanner*. Unzip it to your Desktop.

*Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.*

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double-click *gmer.exe*. The program will begin to run.

***Caution***
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Click *NO*
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is *un-checked*.
Now click the Scan button.
_Once the scan is complete, you may receive another notice about rootkit activity._
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "*GMER.txt*" 
Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

eddie


----------



## APPACHE (Jul 2, 2010)

sorry I chose the recovery console,and every time it takes me to the blue screen.


----------



## dvk01 (Dec 14, 2002)

that does happen sometimes with an installed recovery console when it can't use the sata drivers

have you got teh windoows install cd as you can boot from taht & use the recovery console on the cd without blue screening ( normally)


----------



## APPACHE (Jul 2, 2010)

yes I do,like I said when I first got my computer last aug.I had to wipe it all out,dell had me do it,when I got done,I couldn't validate my windows,after trying things they said,they wanted me to pay to validate my windows,I was in tears and it a new computer,I found a old back up disk just for kicks stuck it in and it validated my windows,it scares me and afraid it will happen again.believe me they don't give a hoot,I even extended my warranty,of course they said it didn't cover it.So is there away I can save something on my windows for it will still validate?I tryed the backup disk it didn't work this time.


----------



## dvk01 (Dec 14, 2002)

delete existing version of combofix from desktop & download an updated version from your original link
Combofix has been updated to install a revised version of the recovery console to get round the blue screen problems 

let us know if after installing teh updated recovery comnsole, you still get a BSOD


----------



## APPACHE (Jul 2, 2010)

I done the combofix first and it booted into recovery then I messed up,and had to restore and ran it again,then I keep getting blue screen again,but here is the log.

ComboFix 10-07-10.01 - pamela salyers young 07/10/2010 20:07:57.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2388 [GMT -4:00]
Running from: c:\documents and settings\pamela salyers young\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\autochk.exe was found and disinfected 
Restored copy from - c:\windows\system32\dllcache\autochk.exe 
.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.
2010-07-10 23:22 . 2010-07-10 23:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-10 23:11 . 2010-07-10 23:22 -------- d-----w- C:\RECYCLER(2)
2010-07-10 23:11 . 2010-07-10 23:22 -------- d-----w- C:\ComboFix(2)
2010-07-10 22:52 . 2010-07-10 23:22 -------- d---a-w- C:\cmdcons(2)
2010-07-06 20:36 . 2010-07-06 20:36 388096 ----a-r- c:\documents and settings\pamela salyers young\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 23:37 . 2010-07-03 23:38 -------- dc-h--w- c:\windows\ie8
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\program files\Trend Micro
2010-07-03 07:10 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-03 03:20 . 2010-07-03 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SASCORE
2010-07-03 03:20 . 2010-07-05 16:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 15:03 . 2010-07-03 21:10 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ApplicationHistory
2010-07-02 12:16 . 2010-07-02 12:16 14592 ----a-w- c:\windows\system32\drivers\KBDHID.SYS
2010-07-02 10:10 . 2010-07-02 10:10 324120 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-07-02 04:14 . 2010-07-02 04:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-02 04:01 . 2010-07-02 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-02 03:33 . 2010-07-02 03:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 03:30 . 2010-07-02 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-01 21:36 . 2010-07-01 21:36 324120 ----a-w- c:\windows\system32\drivers\lhyoapjy.sys
2010-07-01 17:45 . 2010-07-01 17:45 324120 ----a-w- c:\windows\system32\drivers\mlaoufwq.sys
2010-07-01 04:44 . 2010-07-01 04:44 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-07-01 04:44 . 2010-07-01 04:44 16 ----a-w- c:\windows\system32\asdict.dat
2010-07-01 04:37 . 2010-07-01 15:28 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\wsbl.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_white.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_black.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords.dat
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\program files\BitDefender
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-07-01 01:38 . 2010-07-01 15:29 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-30 22:03 . 2010-06-30 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-30 08:21 . 2010-06-30 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-30 08:21 . 2010-06-30 08:21 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-06-29 23:06 . 2010-06-29 23:06 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\Opera
2010-06-29 23:05 . 2010-06-29 23:13 -------- d-----w- c:\program files\Opera
2010-06-29 07:09 . 2010-06-29 07:09 -------- d-----w- C:\Restored Files
2010-06-29 05:21 . 2010-06-29 05:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-29 04:46 . 2010-06-29 06:20 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ootgxomll
2010-06-29 03:46 . 2010-06-29 20:59 -------- d-----w- c:\program files\ESET
2010-06-29 03:42 . 2010-06-29 03:42 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Uniblue
2010-06-29 03:27 . 2010-06-29 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-29 01:12 . 2010-06-30 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 23:42 . 2010-06-28 23:42 16384 ---ha-w- C:\SZKGFS.dat
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\program files\Common Files\iS3
2010-06-28 23:41 . 2010-06-29 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-06-18 05:44 . 2010-06-18 05:44 -------- d-----w- c:\windows\XSxS
2010-06-18 05:44 . 2010-06-18 05:44 -------- d-----w- c:\program files\Xenocode
2010-06-17 22:32 . 2010-06-17 22:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-17 22:32 . 2010-06-17 22:27 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-17 22:32 . 2010-06-17 22:27 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-17 22:32 . 2010-06-17 22:32 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\DivX
2010-06-17 22:30 . 2010-06-17 22:30 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-17 22:30 . 2010-06-17 22:30 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-17 22:27 . 2010-06-17 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 00:13 . 2009-11-29 06:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-11 00:13 . 2009-11-29 15:09 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-07-11 00:13 . 2009-11-30 00:02 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-09 19:50 . 2009-12-03 08:48 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Vso
2010-07-09 01:43 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Free Download Manager
2010-07-05 22:23 . 2009-11-29 15:16 36336 ----a-w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 18:03 . 2009-12-03 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-05 16:28 . 2009-12-05 23:25 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SUPERAntiSpyware.com
2010-07-05 16:16 . 2009-11-29 23:33 -------- d-----w- c:\program files\MSBuild
2010-07-05 16:05 . 2010-01-24 06:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-02 17:53 . 2010-05-29 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 05:29 . 2010-07-01 05:29 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2010-07-01 05:24 . 2010-07-01 05:24 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys.upd
2010-07-01 01:20 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 01:20 . 2010-04-26 04:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-01 01:20 . 2009-11-30 07:02 -------- d-----w- c:\program files\Symantec
2010-06-30 22:21 . 2010-02-11 06:58 -------- d-----w- c:\program files\Alwil Software
2010-06-30 08:34 . 2009-12-07 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-29 20:47 . 2009-11-30 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-06-29 20:42 . 2009-11-30 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-29 00:07 . 2010-06-28 23:45 1512 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-17 22:32 . 2009-12-16 23:10 -------- d-----w- c:\program files\DivX
2010-06-17 22:31 . 2010-06-17 22:31 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-17 22:30 . 2009-12-16 23:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-09 16:10 . 2009-11-30 00:02 57752 ------w- c:\windows\system32\rpcnet.exe
2010-06-01 06:38 . 2010-06-01 06:37 -------- d-----w- c:\program files\Free Download Manager
2010-06-01 06:37 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2010-05-30 06:31 . 2010-03-14 21:54 -------- d-----w- c:\program files\LogMeIn
2010-05-28 19:15 . 2010-05-28 19:15 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Tific
2010-05-26 16:58 . 2010-05-26 16:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-05-26 15:22 . 2010-05-26 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-05-26 01:27 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperHideIP
2010-05-25 23:43 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SuperHideIP
2010-05-24 16:44 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-19 05:41 . 2009-12-01 05:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-15 04:26 . 2010-05-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2010-05-06 10:41 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-13 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-29 05:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-29 05:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2010-06-17 22:31 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-07-26 22:22 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-07-26 22:22 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2007-07-26 11:00 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-06-20 11:00 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-27 18:40 . 2007-06-20 11:00 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-04-20 05:30 . 2008-04-13 23:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-08-07 14:38 . 2010-07-01 02:25 44544 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((( [email protected]_02.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-11 00:13 . 2010-07-11 00:13 16384 c:\windows\Temp\Perflib_Perfdata_470.dat
+ 2008-04-13 23:00 . 2010-07-07 02:27 68558 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2010-07-05 18:55 68558 c:\windows\system32\perfc009.dat
+ 2009-12-01 23:24 . 2010-07-10 23:23 448356 c:\windows\system32\Restore\rstrlog.dat
+ 2008-04-13 23:00 . 2010-07-07 02:27 435828 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2010-07-05 18:55 435828 c:\windows\system32\perfh009.dat
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(85).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(84).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(83).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(82).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(81).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(80).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(79).exe
+ 2010-07-06 20:36 . 2010-07-06 20:36 1094656 c:\windows\Installer\c300ba.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-03 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-30 01:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^pamela salyers young^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\pamela salyers young\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-04-30 19:51 2396160 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 22:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-13 20:38 39264 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-01-29 05:51 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 16:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-03 03:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/29/2010 1:26 AM 304464]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/29/2009 7:55 PM 112512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/29/2010 1:26 AM 20952]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [11/30/2009 1:34 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [11/30/2009 1:34 AM 41760]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:51 AM 135664]
S2 SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCore.exe" --> c:\program files\SUPERAntiSpyware\SASCore.exe [?]
S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" --> c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [?]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;"c:\program files\Microsoft Office\Office14\GROOVE.EXE" /auditservice --> c:\program files\Microsoft Office\Office14\GROOVE.EXE [?]
S3 osppsvc;Office Software Protection Platform;"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" --> c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [?]
S3 SymSnapService;SymSnapService;"c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe" --> c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
2010-07-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = 
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - 
FF - ProfilePath - c:\documents and settings\pamela salyers young\Application Data\Mozilla\Firefox\Profiles\dc41a5cb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\rpcnet.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-10 20:15:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 00:15
ComboFix2.txt 2010-07-10 23:06
ComboFix3.txt 2010-07-06 02:23
Pre-Run: 231,069,032,448 bytes free
Post-Run: 231,108,464,640 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - A3B726A5FDE903FD01F610E8BCFA4C49


----------



## APPACHE (Jul 2, 2010)

what do I do ?thanks all


----------



## eddie5659 (Mar 19, 2001)

Hi, sorry for the lateness, I'll look at this as soon as I get home, as I'm still at work.


----------



## eddie5659 (Mar 19, 2001)

Just going thru the log now, but at the above reply you posted this:



> I done the combofix first and it booted into recovery then I messed up,and had to restore and ran it again,then I keep getting blue screen again,but here is the log.


Can you not get to the Recovery Console that Derek (dvk) mentioned above?

If you can, just do the following in there:

It will ask you to pick a Windows Installation, I assume you have only one on the C:\ drive. But, if you see one for your E:\ use that instead.

When you get to the prompt, type in *fixmbr* and press ENTER. It will ask you if you want to re-write the MBR, type in *y* for yes, and hit ENTER.

Then type *fixboot* and hit ENTER. It will ask you if you want to repair the boot sector, type in *y* for yes, and hit ENTER.

Then type in *exit* and press ENTER. Your computer will reboot, boot back into Windows.

You can run GMER later, after you've done the above:

http://forums.techguy.org/7482482-post37.html

eddie


----------



## eddie5659 (Mar 19, 2001)

If you can't boot to the Recovery Console to run the above, then can you try the GMER program I posted in the above link, and we may be able to manually remove it.


----------



## APPACHE (Jul 2, 2010)

sorry but I'm on vacation and the internet is so weak I can hardly get to this site.I will be back home sunday night or for sure monday.thank you so much


----------



## APPACHE (Jul 2, 2010)

sorry but I'm on vacation and the internet is so weak I can hardly get to this site.I will be back home sunday night or for sure monday.thank you so much


----------



## eddie5659 (Mar 19, 2001)

Oki doki, any time is fine


----------



## APPACHE (Jul 2, 2010)

This is combo new version log
ComboFix 10-07-19.01 - pamela salyers young 07/19/2010 20:27:19.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2542 [GMT -4:00]
Running from: c:\documents and settings\pamela salyers young\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\autochk.exe was found and disinfected 
Restored copy from - c:\windows\system32\dllcache\autochk.exe 
.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.
2010-07-20 00:00 . 2010-07-20 00:00 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-19 23:41 . 2010-07-19 23:59 -------- d-----w- C:\RECYCLER(3)
2010-07-19 20:31 . 2010-07-20 00:00 -------- d---a-w- C:\cmdcons(3)
2010-07-15 19:41 . 2010-07-15 19:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-07-10 23:11 . 2010-07-10 23:22 -------- d-----w- C:\RECYCLER(2)
2010-07-10 23:11 . 2010-07-10 23:22 -------- d-----w- C:\ComboFix(2)
2010-07-10 22:52 . 2010-07-10 23:22 -------- d---a-w- C:\cmdcons(2)
2010-07-06 20:36 . 2010-07-06 20:36 388096 ----a-r- c:\documents and settings\pamela salyers young\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 23:37 . 2010-07-03 23:38 -------- dc-h--w- c:\windows\ie8
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\program files\Trend Micro
2010-07-03 07:10 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-03 03:20 . 2010-07-03 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SASCORE
2010-07-03 03:20 . 2010-07-05 16:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 15:03 . 2010-07-03 21:10 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ApplicationHistory
2010-07-02 12:16 . 2010-07-02 12:16 14592 ----a-w- c:\windows\system32\drivers\KBDHID.SYS
2010-07-02 10:10 . 2010-07-02 10:10 324120 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-07-02 04:14 . 2010-07-02 04:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-02 04:01 . 2010-07-02 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-02 03:33 . 2010-07-02 03:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 03:30 . 2010-07-02 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-01 21:36 . 2010-07-01 21:36 324120 ----a-w- c:\windows\system32\drivers\lhyoapjy.sys
2010-07-01 17:45 . 2010-07-01 17:45 324120 ----a-w- c:\windows\system32\drivers\mlaoufwq.sys
2010-07-01 04:44 . 2010-07-01 04:44 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-07-01 04:44 . 2010-07-01 04:44 16 ----a-w- c:\windows\system32\asdict.dat
2010-07-01 04:37 . 2010-07-01 15:28 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\wsbl.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_white.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_black.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords.dat
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\program files\BitDefender
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-07-01 01:38 . 2010-07-01 15:29 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-30 22:03 . 2010-06-30 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-30 08:21 . 2010-06-30 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-30 08:21 . 2010-06-30 08:21 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-06-29 23:06 . 2010-06-29 23:06 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\Opera
2010-06-29 23:05 . 2010-06-29 23:13 -------- d-----w- c:\program files\Opera
2010-06-29 07:09 . 2010-06-29 07:09 -------- d-----w- C:\Restored Files
2010-06-29 05:21 . 2010-06-29 05:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-29 04:46 . 2010-06-29 06:20 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ootgxomll
2010-06-29 03:46 . 2010-06-29 20:59 -------- d-----w- c:\program files\ESET
2010-06-29 03:42 . 2010-06-29 03:42 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Uniblue
2010-06-29 03:27 . 2010-06-29 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-29 01:12 . 2010-06-30 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 23:42 . 2010-06-28 23:42 16384 ---ha-w- C:\SZKGFS.dat
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\program files\Common Files\iS3
2010-06-28 23:41 . 2010-06-29 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 00:31 . 2009-11-29 06:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-20 00:31 . 2009-11-30 00:02 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-20 00:13 . 2009-11-29 15:09 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-07-09 19:50 . 2009-12-03 08:48 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Vso
2010-07-09 01:43 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Free Download Manager
2010-07-05 22:23 . 2009-11-29 15:16 36336 ----a-w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 18:03 . 2009-12-03 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-05 16:28 . 2009-12-05 23:25 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SUPERAntiSpyware.com
2010-07-05 16:16 . 2009-11-29 23:33 -------- d-----w- c:\program files\MSBuild
2010-07-05 16:05 . 2010-01-24 06:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-02 17:53 . 2010-05-29 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 05:29 . 2010-07-01 05:29 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2010-07-01 05:24 . 2010-07-01 05:24 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys.upd
2010-07-01 01:20 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 01:20 . 2010-04-26 04:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-01 01:20 . 2009-11-30 07:02 -------- d-----w- c:\program files\Symantec
2010-06-30 22:21 . 2010-02-11 06:58 -------- d-----w- c:\program files\Alwil Software
2010-06-30 08:34 . 2009-12-07 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-29 20:47 . 2009-11-30 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-06-29 20:42 . 2009-11-30 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-29 00:07 . 2010-06-28 23:45 1512 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-18 05:44 . 2010-06-18 05:44 -------- d-----w- c:\program files\Xenocode
2010-06-17 22:32 . 2010-06-17 22:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-17 22:32 . 2010-06-17 22:32 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-17 22:32 . 2009-12-16 23:10 -------- d-----w- c:\program files\DivX
2010-06-17 22:32 . 2010-06-17 22:32 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\DivX
2010-06-17 22:31 . 2010-06-17 22:31 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-17 22:30 . 2010-06-17 22:30 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-17 22:30 . 2010-06-17 22:30 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-17 22:30 . 2009-12-16 23:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-17 22:27 . 2010-06-17 22:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-17 22:27 . 2010-06-17 22:32 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-14 14:31 . 2009-11-29 15:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 16:10 . 2009-11-30 00:02 57752 ------w- c:\windows\system32\rpcnet.exe
2010-06-01 06:38 . 2010-06-01 06:37 -------- d-----w- c:\program files\Free Download Manager
2010-06-01 06:37 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2010-05-30 06:31 . 2010-03-14 21:54 -------- d-----w- c:\program files\LogMeIn
2010-05-28 19:15 . 2010-05-28 19:15 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Tific
2010-05-26 16:58 . 2010-05-26 16:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-05-26 15:22 . 2010-05-26 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-05-26 01:27 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperHideIP
2010-05-25 23:43 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SuperHideIP
2010-05-24 16:44 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-06 10:41 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-13 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-29 05:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-29 05:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2010-06-17 22:31 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-07-26 22:22 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-07-26 22:22 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2007-07-26 11:00 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-06-20 11:00 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-27 18:40 . 2007-06-20 11:00 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-08-07 14:38 . 2010-07-01 02:25 44544 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((( [email protected]_02.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-20 00:31 . 2010-07-20 00:31 16384 c:\windows\Temp\Perflib_Perfdata_620.dat
+ 2008-04-13 23:00 . 2010-07-15 21:29 68558 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2010-07-05 18:55 68558 c:\windows\system32\perfc009.dat
+ 2009-12-01 23:24 . 2010-07-20 00:00 436436 c:\windows\system32\Restore\rstrlog.dat
+ 2008-04-13 23:00 . 2010-07-15 21:29 435828 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2010-07-05 18:55 435828 c:\windows\system32\perfh009.dat
- 2009-11-29 15:04 . 2008-04-13 23:00 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-11-29 15:04 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(88).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(87).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(86).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(85).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(84).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(83).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(82).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(81).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(80).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(79).exe
+ 2010-07-06 20:36 . 2010-07-06 20:36 1094656 c:\windows\Installer\c300ba.msi
+ 2009-09-24 16:06 . 2010-06-01 15:46 4064656 c:\windows\Downloaded Program Files\RACtrl.dll
+ 2009-11-29 23:53 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-03 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-13 126976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-30 01:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^pamela salyers young^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\pamela salyers young\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-04-30 19:51 2396160 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 22:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-13 20:38 39264 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-13 07:44 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 16:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-03 03:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/29/2010 1:26 AM 304464]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/29/2009 7:55 PM 112512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/29/2010 1:26 AM 20952]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [11/30/2009 1:34 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [11/30/2009 1:34 AM 41760]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:51 AM 135664]
S2 SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCore.exe" --> c:\program files\SUPERAntiSpyware\SASCore.exe [?]
S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" --> c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [?]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;"c:\program files\Microsoft Office\Office14\GROOVE.EXE" /auditservice --> c:\program files\Microsoft Office\Office14\GROOVE.EXE [?]
S3 osppsvc;Office Software Protection Platform;"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" --> c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [?]
S3 SymSnapService;SymSnapService;"c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe" --> c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
2010-07-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = 
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - 
FF - ProfilePath - c:\documents and settings\pamela salyers young\Application Data\Mozilla\Firefox\Profiles\dc41a5cb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\rpcnet.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-19 20:34:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 00:34
ComboFix2.txt 2010-07-19 20:55
ComboFix3.txt 2010-07-11 00:15
ComboFix4.txt 2010-07-10 23:06
ComboFix5.txt 2010-07-20 00:18
Pre-Run: 230,301,175,808 bytes free
Post-Run: 230,294,700,032 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - D6CA66CEB62E4696052C66CED895CF8B


----------



## eddie5659 (Mar 19, 2001)

Okay, we'll remove some stuff, but in first can you do the following, just to see what is hidden, if anything:

Download the *GMER Rootkit Scanner*. Unzip it to your Desktop.

*Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.*

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double-click *gmer.exe*. The program will begin to run.

***Caution***
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Click *NO*
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is *un-checked*.
Now click the Scan button.
_Once the scan is complete, you may receive another notice about rootkit activity._
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "*GMER.txt*" 
Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

eddie


----------



## APPACHE (Jul 2, 2010)

ready any time you are


----------



## eddie5659 (Mar 19, 2001)

Not sure, but did you run the GMER program above? Its a possibility you have a rootkit, and this may show what it is.

If you have, can you post the GMER.txt contents and I'll look thru it.

-----

However, am I right in thinking that you can't use the Recovery Console? If you're unsure, this is the bit about it:



> When you start Windows, it will ask you at the beginning of the boot process if you want to boot into XP or the Recovery Console. Boot into the Recovery Console.
> 
> It will ask you to pick a Windows Installation, I assume you have only one on the C:\ drive. But, if you see one for your E:\ use that instead.
> 
> ...


If you can do the above, then let me know and post a fresh ComboFix log with a GMER log as mentioned above.

=============

If not, just run the GMER program and post the details


----------



## APPACHE (Jul 2, 2010)

ok lets try again.every time I run gmer my computer locks completely up.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-21 21:35:14
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PAMELA~1\LOCALS~1\Temp\pxtdapow.sys

---- Devices - GMER 1.0.15 ----
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 1
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- Files - GMER 1.0.15 ----
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP1\A0000004.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP10\A0001741.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP3\A0000460.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP33\A0003702.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP33\A0003733.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP33\A0003743.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP33\A0003759.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP33\A0003778.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP35\A0003879.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP35\A0003892.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP36\A0003908.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP36\A0003927.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP37\A0003941.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP37\A0003954.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP37\A0003967.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP38\A0003999.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP40\A0004021.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP40\A0004036.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP41\A0004053.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP41\A0004061.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP41\A0004069.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP41\A0004082.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP41\A0004096.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP41\A0004117.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP42\A0004168.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP42\A0004181.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP44\A0004202.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP44\A0004215.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP44\A0004228.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP44\A0004472.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP44\A0005472.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP45\A0005845.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP46\A0006103.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP46\A0006008.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP46\A0006079.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP46\A0006087.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP46\A0006117.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP46\A0006129.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP46\A0006142.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP47\A0006165.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP47\A0006177.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP47\A0006191.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP47\A0006203.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP47\A0006236.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP48\A0006265.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP48\A0006281.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP48\A0006298.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP49\A0006314.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP51\A0006359.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP51\A0006374.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP52\A0006387.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP52\A0006403.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP52\A0006416.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP52\A0006431.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP53\A0006451.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP53\A0006464.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP54\A0006478.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP54\A0006495.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP54\A0006726.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP54\A0006801.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP55\A0010101.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP55\A0010112.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP8\A0001429.exe:BAK 23040 bytes executable
ADS C:\System Volume Information\_restore{3A184155-5A33-43D3-8580-FDF062CA1F92}\RP9\A0001494.exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(46).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(38).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(39).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(40).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(41).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(43).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(70).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(71).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(72).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(73).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(74).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(75).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(77).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(78).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(80).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(81).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(83).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(84).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(85).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(47).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(48).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(50).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(51).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(52).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(53).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(54).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(55).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(56).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(57).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(58).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(61).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(62).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(63).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(65).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(66).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(68).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(69).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(87).exe:BAK 23040 bytes executable
ADS C:\WINDOWS\system32\autochk(88).exe:BAK 23040 bytes executable
---- EOF - GMER 1.0.15 ----


----------



## APPACHE (Jul 2, 2010)

ComboFix 10-07-21.01 - pamela salyers young 07/21/2010 22:13:05.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2563 [GMT -4:00]
Running from: c:\documents and settings\pamela salyers young\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\autochk.exe was found and disinfected 
Restored copy from - c:\windows\system32\dllcache\autochk.exe 
.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.
2010-07-20 21:08 . 2010-07-20 21:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-20 01:22 . 2010-07-20 21:08 -------- d-----w- C:\RECYCLER(4)
2010-07-19 23:41 . 2010-07-19 23:59 -------- d-----w- C:\RECYCLER(3)
2010-07-19 20:31 . 2010-07-20 00:00 -------- d---a-w- C:\cmdcons(3)
2010-07-15 19:41 . 2010-07-15 19:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-07-10 23:11 . 2010-07-10 23:22 -------- d-----w- C:\RECYCLER(2)
2010-07-10 23:11 . 2010-07-10 23:22 -------- d-----w- C:\ComboFix(2)
2010-07-10 22:52 . 2010-07-10 23:22 -------- d---a-w- C:\cmdcons(2)
2010-07-06 20:36 . 2010-07-06 20:36 388096 ----a-r- c:\documents and settings\pamela salyers young\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 23:37 . 2010-07-03 23:38 -------- dc-h--w- c:\windows\ie8
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\program files\Trend Micro
2010-07-03 07:10 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-03 03:20 . 2010-07-03 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SASCORE
2010-07-03 03:20 . 2010-07-05 16:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 15:03 . 2010-07-03 21:10 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ApplicationHistory
2010-07-02 12:16 . 2010-07-02 12:16 14592 ----a-w- c:\windows\system32\drivers\KBDHID.SYS
2010-07-02 10:10 . 2010-07-02 10:10 324120 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-07-02 04:14 . 2010-07-02 04:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-02 04:01 . 2010-07-02 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-02 03:33 . 2010-07-02 03:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 03:30 . 2010-07-02 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-01 21:36 . 2010-07-01 21:36 324120 ----a-w- c:\windows\system32\drivers\lhyoapjy.sys
2010-07-01 17:45 . 2010-07-01 17:45 324120 ----a-w- c:\windows\system32\drivers\mlaoufwq.sys
2010-07-01 04:44 . 2010-07-01 04:44 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-07-01 04:44 . 2010-07-01 04:44 16 ----a-w- c:\windows\system32\asdict.dat
2010-07-01 04:37 . 2010-07-01 15:28 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\wsbl.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_white.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\ph_black.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-07-01 01:53 . 2010-07-01 01:53 0 ----a-w- c:\windows\system32\pcwords.dat
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\program files\BitDefender
2010-07-01 01:40 . 2010-07-01 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-07-01 01:38 . 2010-07-01 15:29 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-01 00:44 . 2010-07-04 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-30 22:03 . 2010-06-30 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-30 08:21 . 2010-06-30 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-30 08:21 . 2010-06-30 08:21 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-06-29 23:06 . 2010-06-29 23:06 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\Opera
2010-06-29 23:05 . 2010-06-29 23:13 -------- d-----w- c:\program files\Opera
2010-06-29 07:09 . 2010-06-29 07:09 -------- d-----w- C:\Restored Files
2010-06-29 05:21 . 2010-06-29 05:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-29 04:46 . 2010-06-29 06:20 -------- d-----w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\ootgxomll
2010-06-29 03:46 . 2010-06-29 20:59 -------- d-----w- c:\program files\ESET
2010-06-29 03:42 . 2010-06-29 03:42 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Uniblue
2010-06-29 03:27 . 2010-06-29 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-29 01:12 . 2010-06-30 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 23:42 . 2010-06-28 23:42 16384 ---ha-w- C:\SZKGFS.dat
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\program files\Common Files\iS3
2010-06-28 23:41 . 2010-06-29 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 02:18 . 2009-11-29 06:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-22 02:18 . 2009-11-29 15:09 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-07-22 02:18 . 2009-11-30 00:02 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-09 19:50 . 2009-12-03 08:48 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Vso
2010-07-09 01:43 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Free Download Manager
2010-07-05 22:23 . 2009-11-29 15:16 36336 ----a-w- c:\documents and settings\pamela salyers young\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 18:03 . 2009-12-03 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-05 16:28 . 2009-12-05 23:25 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SUPERAntiSpyware.com
2010-07-05 16:16 . 2009-11-29 23:33 -------- d-----w- c:\program files\MSBuild
2010-07-05 16:05 . 2010-01-24 06:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-02 17:53 . 2010-05-29 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 05:29 . 2010-07-01 05:29 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys.upd
2010-07-01 05:29 . 2010-07-01 05:29 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2010-07-01 05:24 . 2010-07-01 05:24 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys.upd
2010-07-01 01:20 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 01:20 . 2010-04-26 04:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-01 01:20 . 2009-11-30 07:02 -------- d-----w- c:\program files\Symantec
2010-06-30 22:21 . 2010-02-11 06:58 -------- d-----w- c:\program files\Alwil Software
2010-06-30 08:34 . 2009-12-07 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-29 20:47 . 2009-11-30 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-06-29 20:42 . 2009-11-30 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-29 00:07 . 2010-06-28 23:45 1512 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-18 05:44 . 2010-06-18 05:44 -------- d-----w- c:\program files\Xenocode
2010-06-17 22:32 . 2010-06-17 22:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-17 22:32 . 2010-06-17 22:32 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-17 22:32 . 2009-12-16 23:10 -------- d-----w- c:\program files\DivX
2010-06-17 22:32 . 2010-06-17 22:32 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-17 22:32 . 2010-06-17 22:32 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\DivX
2010-06-17 22:31 . 2010-06-17 22:31 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-17 22:31 . 2010-06-17 22:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-17 22:30 . 2010-06-17 22:30 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-17 22:30 . 2010-06-17 22:30 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-17 22:30 . 2009-12-16 23:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-17 22:27 . 2010-06-17 22:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-17 22:27 . 2010-06-17 22:32 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-14 14:31 . 2009-11-29 15:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 16:10 . 2009-11-30 00:02 57752 ------w- c:\windows\system32\rpcnet.exe
2010-06-01 06:38 . 2010-06-01 06:37 -------- d-----w- c:\program files\Free Download Manager
2010-06-01 06:37 . 2010-06-01 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2010-05-30 06:31 . 2010-03-14 21:54 -------- d-----w- c:\program files\LogMeIn
2010-05-28 19:15 . 2010-05-28 19:15 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\Tific
2010-05-26 16:58 . 2010-05-26 16:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-05-26 16:37 . 2010-05-26 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-05-26 15:22 . 2010-05-26 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-05-26 01:27 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperHideIP
2010-05-25 23:43 . 2010-05-25 23:43 -------- d-----w- c:\documents and settings\pamela salyers young\Application Data\SuperHideIP
2010-05-24 16:44 . 2009-11-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-06 10:41 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-13 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-29 05:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-29 05:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2010-06-17 22:31 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-07-26 22:22 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-07-26 22:22 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2007-07-26 11:00 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-06-20 11:00 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-27 18:40 . 2007-06-20 11:00 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-08-07 14:38 . 2010-07-01 02:25 44544 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((( [email protected]_02.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-22 02:18 . 2010-07-22 02:18 16384 c:\windows\Temp\Perflib_Perfdata_460.dat
+ 2008-04-13 23:00 . 2010-07-15 21:29 68558 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2010-07-05 18:55 68558 c:\windows\system32\perfc009.dat
+ 2009-12-01 23:24 . 2010-07-20 21:08 279276 c:\windows\system32\Restore\rstrlog.dat
+ 2008-04-13 23:00 . 2010-07-15 21:29 435828 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2010-07-05 18:55 435828 c:\windows\system32\perfh009.dat
- 2009-11-29 15:04 . 2008-04-13 23:00 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-11-29 15:04 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(88).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(87).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(86).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(85).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(84).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(83).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(82).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(81).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(80).exe
+ 2008-04-13 23:00 . 2008-04-13 23:00 588800 c:\windows\system32\autochk(79).exe
+ 2010-07-06 20:36 . 2010-07-06 20:36 1094656 c:\windows\Installer\c300ba.msi
+ 2009-09-24 16:06 . 2010-06-01 15:46 4064656 c:\windows\Downloaded Program Files\RACtrl.dll
+ 2009-11-29 23:53 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-03 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-13 126976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-30 01:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^pamela salyers young^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\pamela salyers young\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-04-30 19:51 2396160 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 22:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-13 20:38 39264 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-13 07:44 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 16:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-12-18 22:28 150040 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-03 03:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/29/2010 1:26 AM 304464]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/29/2009 7:55 PM 112512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/29/2010 1:26 AM 20952]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [11/30/2009 1:34 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [11/30/2009 1:34 AM 41760]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:51 AM 135664]
S2 SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCore.exe" --> c:\program files\SUPERAntiSpyware\SASCore.exe [?]
S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" --> c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [?]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;"c:\program files\Microsoft Office\Office14\GROOVE.EXE" /auditservice --> c:\program files\Microsoft Office\Office14\GROOVE.EXE [?]
S3 osppsvc;Office Software Protection Platform;"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" --> c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [?]
S3 SymSnapService;SymSnapService;"c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe" --> c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:51]
2010-07-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
2010-07-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-113007714-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 23:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = 
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - 
FF - ProfilePath - c:\documents and settings\pamela salyers young\Application Data\Mozilla\Firefox\Profiles\dc41a5cb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 22:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ...

c:\windows\system32\autochk(46).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(38).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(39).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(40).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(41).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(43).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(70).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(71).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(72).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(73).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(74).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(75).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(77).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(78).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(80).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(81).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(83).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(84).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(85).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(47).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(48).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(50).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(51).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(52).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(53).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(54).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(55).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(56).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(57).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(58).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(61).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(62).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(63).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(65).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(66).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(68).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(69).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(87).exe:BAK 23040 bytes executable
c:\windows\system32\autochk(88).exe:BAK 23040 bytes executable
scan completed successfully
hidden files: 39
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\rpcnet.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-21 22:21:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 02:21
ComboFix2.txt 2010-07-20 00:34
ComboFix3.txt 2010-07-19 20:55
ComboFix4.txt 2010-07-11 00:15
ComboFix5.txt 2010-07-22 02:11
Pre-Run: 229,910,261,760 bytes free
Post-Run: 230,083,657,728 bytes free
- - End Of File - - 94EF41997B1181EC434BC2F4BA11F036


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Okay, as soon as I get home tonight, I'll post a fix. At work, so no access to my notes etc.

Will be about 8pm (GMT time).


----------



## eddie5659 (Mar 19, 2001)

Overtime, don't you love or hate it 

Just a bit later than planned being home......by about 4 hours.

Back in a few mins


----------



## eddie5659 (Mar 19, 2001)

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C176AF6C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
:Files
C:\WINDOWS\System32\rezumatenoi.dat
C:\WINDOWS\System32\drivers\kgpcpy.cfg
C:\WINDOWS\System32\autochk(*.exe
c:\windows\system32\aspdict-en.dat
c:\windows\system32\asdict.dat
c:\documents and settings\All Users\Application Data\SITEguard
c:\program files\Common Files\iS3
c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\Administrator\Application Data\IObit
c:\program files\IObit
:Services
c:\windows\system32\drivers\lhyoapjy.sys
c:\windows\system32\drivers\mlaoufwq.sy
:Commands
[purity]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

eddie


----------



## APPACHE (Jul 2, 2010)

my computer frooze while I tryed that,I am going to redownload OTL.EXE

ok I tryed and let it sit for over an hour ctrl alt delete.it was non resonsive

and I have a new error since the last few days.the device for the dell wireless 355 module with blue tooth is preventing the machine from entering standby.


----------



## APPACHE (Jul 2, 2010)

I think I got the bluetooth stuff taken care of,not what we started tho


----------



## eddie5659 (Mar 19, 2001)

Looks like something may be stopping us, so can you run this for me:

Download MBR Check to your desktop


Right click *MBRcheck.exe* and select* Run as Administrator* (Vista/Windows 7) or Double click *MBRcheck.exe* to run it (XP)
It will show a Black screen with some data on it 
it will create a log called MBRcheck_time and date.txt on desktop 
Post that resultant log here please
Do NOT fix anything or run any suggested fix before we see the report 

eddie


----------



## APPACHE (Jul 2, 2010)

MBRCheck, version 1.1.1
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\E: --> \\.\PhysicalDrive0
\\.\F: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected

Done! Press ENTER to exit...


----------



## APPACHE (Jul 2, 2010)

anything yet ?the clock left again today,I told dell what I thought about the windows activation thing,and they wrote me back and offered to send me a oem disk.

I used system restore and got the volume icon back..


----------



## eddie5659 (Mar 19, 2001)

Hiya

Just so you know, I haven't left this thread. However, after moving house, and finding out that BT will take 4 days for the phone line to be active, and O2 will take 10 days afterwards to reactivate my internet, I can only access the internet at work.

I'll try and do what I can, but can only do these in the lunch hours 

I've contacted someone to take a look at the thread, to see if they can help in my abscence.

I'll still reply when I can, hope you understand 

eddie


----------



## APPACHE (Jul 2, 2010)

thank you very much.oh yes I truley understand..wish you the best..


----------



## eddie5659 (Mar 19, 2001)

From your message to me you said that Dell have helped you back to the original settings, is this correct? Just typing here so that other's who may have looked at this thread, know the reason for the Solved heading (when you reply )

eddie


----------



## APPACHE (Jul 2, 2010)

yes Eddie,I end up reinstalling a clean windows.not to worry,I have another computer of my boyfriends that don't have a warranty..you get your stuff done and good luck..thank you so much.oh and looking around I found a cure for a friends computer with a virus


----------



## eddie5659 (Mar 19, 2001)

Okay, will mark this one Solved, as it is kind of 

If your friend's computer still has problems, just post and point me to the thread, if you want 

eddie


----------



## APPACHE (Jul 2, 2010)

will do eddie,I just need to find out where to put the post..
your the man and thank you again for ALL your time


----------



## eddie5659 (Mar 19, 2001)

If its malware/virus related, this forum is the best. If not, drop me a message, and I'll point you to the correct forum, as some are best in certain ones 


And just so you know, O2 say 10 days from yesterday for my internet....WOOOOO


----------



## APPACHE (Jul 2, 2010)

happy to hear your good news sweetie.I have excess to my boyfriends computer 24-7
it is a acer vista windows.it runs very slow..startup and shut down takes apr 6-8 min,then
starts freezing after being on just a few min.so I will let you go on that for now..


----------



## eddie5659 (Mar 19, 2001)

Got the internet back at last 

If its slow on startup/shutdown, that can point to too many programs loading up when Windows starts.

If you want to create a thread, let me know, and I can reply to it for you 

eddie


----------



## APPACHE (Jul 2, 2010)

I would really like that eddie,can you send me in the right direction?glad you got your internet


----------



## eddie5659 (Mar 19, 2001)

Well, you mentioned earlier about a virus on the computer, so if you post a fresh thread in this forum, the Malware forum.

Then, send me a link, or put the link in this thread, and I'll reply to it 

Also, this is something new we've just added to the forum, so before you post the thread, make sure you do the following first 

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

eddie


----------



## APPACHE (Jul 2, 2010)

http://forums.techguy.org/virus-other-malware-removal/944966-wont-restore-slow-start-up.html
this is for you eddie


----------



## eddie5659 (Mar 19, 2001)

I've replied, so other's won't 

I'll look as soon as I can


----------

