WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


HDD removed, desktop gone

2 posters

descriptionHDD removed, desktop gone EmptyHDD removed, desktop gone8th December 2010, 12:24 am

more_horiz
Removed HDD with malwarebytes, desktop gone. Help!? Sad tearing

OTL logfile created on: 12/7/2010 6:52:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.39 Gb Total Space | 13.71 Gb Free Space | 43.66% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 4.63 Gb Free Space | 79.16% Space Free | Partition Type: FAT32

Computer Name: TRAINOFFICE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 11:47:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/02/11 10:06:36 | 000,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/16 20:07:24 | 000,263,600 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PRC - [2009/01/16 20:07:22 | 000,562,608 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 16:46:50 | 001,589,248 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5011\Belkinwcui.exe
PRC - [2005/12/21 15:01:17 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/11/05 12:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/06/03 10:00:00 | 000,098,816 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
PRC - [2003/06/03 10:00:00 | 000,030,208 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
PRC - [2003/06/03 10:00:00 | 000,028,672 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CAPM3RSK.EXE
PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 09:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/12 23:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
PRC - [2001/12/06 10:00:00 | 000,098,816 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
PRC - [2001/12/06 10:00:00 | 000,030,208 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
PRC - [2001/12/06 10:00:00 | 000,028,672 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CAPM1RSK.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/07 11:47:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
MOD - [2009/02/11 10:06:38 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2004/11/05 12:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/02/11 10:06:36 | 000,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/16 20:07:24 | 000,263,600 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2005/12/21 15:01:17 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/08/06 18:21:32 | 000,020,504 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/12/18 07:41:10 | 000,273,280 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2005/12/21 14:55:46 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/04/19 17:57:00 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/31 17:46:58 | 000,350,976 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/31 17:46:10 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/02/12 05:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/04 13:59:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/02/04 13:59:00 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/04 13:59:00 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/17 23:27:00 | 003,222,784 | ---- | M] (Intel®️ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/11/05 12:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/09/24 23:36:44 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/30 15:39:00 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/12 04:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 03:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 20:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/03 10:00:00 | 000,022,976 | ---- | M] (CANON INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CAPM3LP.SYS -- (RapidPortM3)
DRV - [2001/12/06 10:00:00 | 000,022,912 | ---- | M] (CANON INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CAPM1LP.SYS -- (RapidPortM1)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/06 23:38:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/07 07:57:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106040200.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5011\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D600 iR1200G Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE (CANON INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://www.stokescorod.org/controls/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://sslvpn.towerco.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6A6F4B83-45C5-4CA9-BDD9-0D81C12295E4} https://sslvpn.towerco.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.towerco.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} http://www.stokescorod.org/controls/prntpro2.CAB (Pegasus PrintPRO Control v2.0)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/26 15:25:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1a3451cf-c5ae-11da-9e5f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1a3451cf-c5ae-11da-9e5f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a3451cf-c5ae-11da-9e5f-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 14:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{95b3964e-82b5-11de-9f3b-0012f09cca48}\Shell - "" = AutoRun
O33 - MountPoints2\{95b3964e-82b5-11de-9f3b-0012f09cca48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95b3964e-82b5-11de-9f3b-0012f09cca48}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 11:47:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2010/12/07 11:09:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/07 10:45:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/12/07 10:37:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/12/07 10:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/12/07 10:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/12/07 10:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/12/07 10:28:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/12/07 10:18:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/12/07 08:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/07 07:59:24 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/07 07:59:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/07 07:59:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/07 07:59:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/07 07:59:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/07 07:54:01 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/12/06 20:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/12/06 20:31:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/06 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/06 20:31:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/06 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/06 20:27:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/12/06 20:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/12/05 20:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/12/05 20:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/12/05 20:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/12/05 20:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/12/05 20:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/12/05 20:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/12/05 20:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/12/05 20:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 18:28:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/07 13:37:44 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F5FDA3E-4C12-4D6E-B723-018AF87C054A}.job
[2010/12/07 11:47:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2010/12/07 11:17:23 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/07 11:17:23 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/07 11:12:48 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 11:12:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/07 11:11:27 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/07 11:11:21 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/12/07 11:08:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 11:08:35 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/07 11:08:34 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 10:27:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/07 07:57:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/07 07:57:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/07 07:57:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/07 07:57:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/07 07:57:25 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/07 07:54:46 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/12/06 20:55:21 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet.lnk
[2010/12/06 20:31:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/04 03:31:44 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 16:51:09 | 009,626,979 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\attachments_2010_11_27.zip
[2010/11/27 13:50:00 | 002,727,943 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DSC00584.JPG
[2010/11/13 19:43:41 | 000,649,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\First 100.doc
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 11:11:12 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/12/06 20:55:20 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet.lnk
[2010/12/06 20:49:02 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/06 20:31:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk


descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone8th December 2010, 12:25 am

more_horiz
[2010/11/27 16:53:11 | 002,727,943 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DSC00584.JPG
[2010/11/27 16:51:04 | 009,626,979 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\attachments_2010_11_27.zip
[2010/11/13 19:43:41 | 000,649,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\First 100.doc
[2009/10/16 20:44:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/06 13:20:31 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/11/28 14:55:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/11/27 17:20:18 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2006/11/27 17:20:18 | 000,000,508 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2006/10/03 17:27:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/10/03 17:27:04 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/08/22 18:05:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/08/22 17:40:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/08/22 17:39:36 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/08/22 17:39:36 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/08/22 17:39:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/08/22 17:39:36 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/08/04 10:42:59 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/08/02 10:57:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/05/04 14:03:24 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\hpothb07.tif
[2006/05/04 14:03:24 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\hpothb07.dat
[2006/05/01 14:59:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/01 14:09:54 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/05/01 14:09:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/04/24 10:06:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/13 10:03:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2006/04/06 14:40:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/21 14:52:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2004/05/27 05:35:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/26 14:31:01 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/26 14:31:01 | 000,000,498 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/26 08:14:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/05/26 15:24:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/08 23:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2006/11/27 17:20:20 | 000,000,508 | ---- | M] () -- C:\Program Files\INSTALL.LOG
[2001/09/28 18:00:28 | 000,164,864 | ---- | M] () -- C:\Program Files\UNWISE.EXE

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/12/07 10:40:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/04/06 15:56:49 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/05/26 15:33:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/07 07:54:46 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/04/06 15:56:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/05/26 08:13:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/05/26 08:13:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/05/26 08:13:06 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\*.sys >
[2004/08/04 14:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\CBTNDIS5.sys
[2004/08/04 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 14:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 14:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 14:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 00:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/02/08 23:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2006/11/27 17:20:26 | 000,000,111 | ---- | M] () -- C:\aptreg.log
[2004/05/26 15:25:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/01 15:12:52 | 011,711,196 | ---- | M] () -- C:\BellSouthIW.re~
[2006/04/24 16:20:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/05/26 15:25:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/11/27 17:20:26 | 000,002,116 | ---- | M] () -- C:\cossreg.log
[2010/12/07 11:08:34 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/04 14:00:50 | 000,000,938 | -H-- | M] () -- C:\hpothb07.dat
[2006/05/04 14:00:50 | 000,034,328 | -H-- | M] () -- C:\hpothb07.tif
[2004/05/26 15:25:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/21 14:57:05 | 000,000,837 | -H-- | M] () -- C:\IPH.PH
[2010/12/07 08:10:37 | 000,000,638 | ---- | M] () -- C:\JavaRa.log
[2004/05/26 15:25:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/12/07 10:27:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/07 11:08:32 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2005/06/12 10:34:01 | 000,000,256 | ---- | M] () -- C:\SmartInstaller.log
[2005/12/21 14:52:55 | 000,000,191 | ---- | M] () -- C:\touchpad.log

< %PROGRAMFILES%\*. >
[2005/12/21 14:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2005/12/21 14:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2006/04/06 15:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Toolbar
[2009/08/17 18:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2006/11/30 16:18:21 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2006/05/01 14:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2006/11/30 16:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2009/10/18 07:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/05/26 15:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/12/06 07:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/11/27 17:19:53 | 000,000,000 | ---D | M] -- C:\Program Files\COSSTEMP
[2005/12/21 14:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/11/28 14:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Funk Software
[2005/12/21 14:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway
[2009/10/18 07:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/04/12 13:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/08/17 18:16:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/12/21 14:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/12/07 10:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/07 08:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/12/21 14:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2006/08/04 10:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark
[2010/12/06 20:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/10 07:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/05/10 07:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/12/07 10:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/04/24 10:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/27 11:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/05/26 15:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/04/22 17:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/01 03:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/04/24 10:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/12/07 10:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/22 17:08:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/05/26 15:20:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/26 15:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/12/07 10:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/08/07 12:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2006/04/24 11:10:09 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2006/11/30 19:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/07 11:01:01 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/11/27 17:19:49 | 000,000,000 | ---D | M] -- C:\Program Files\PDFlib
[2009/08/14 13:01:39 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Viewer
[2006/04/06 14:41:44 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2006/11/30 19:19:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/12/21 14:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/08/22 17:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2009/10/18 07:49:30 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/02/09 16:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\SonicWALL
[2005/12/21 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2004/05/26 15:33:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/12/21 14:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/12/07 10:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/12/07 10:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/05/26 15:23:04 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/05/26 15:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/07/25 15:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2004/05/26 08:14:28 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2006/05/04 14:03:30 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\hpothb07.dat
[2006/05/04 14:03:30 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\hpothb07.tif


< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:disk.sys
[2004/08/04 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2010/12/07 08:46:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-07 16:03:08

< End of report >
OTL Extras logfile created on: 12/7/2010 6:52:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.39 Gb Total Space | 13.71 Gb Free Space | 43.66% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 4.63 Gb Free Space | 79.16% Space Free | Partition Type: FAT32

Computer Name: TRAINOFFICE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{097E54AF-F499-4CD4-85EA-3DF65BD027F5}" = Belkin Wireless G USB Adapter Software
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}" = PDFlib 4.0.1
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"BroadJump Client Foundation" = BroadJump Client Foundation
"Canon PC1200/iC D600/iR1200G" = Canon PC1200/iC D600/iR1200G
"Canon PC1200/iC D700" = Canon PC1200/iC D700
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_0460107B" = SoftV92 Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee SecurityCenter
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"OMUS Life Holdings" = OMUS Life Holdings
"PDFLIB" = PDFLIB
"Photo Viewer S3.0_is1" = Photo Viewer S3.0
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2010 1:23:46 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 4/2/2010 1:23:46 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:23:46 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:23:46 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:24:23 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:24:23 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:25:17 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:25:17 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:27:23 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/2/2010 1:27:23 AM | Computer Name = TRAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 12/5/2010 10:04:58 AM | Computer Name = TRAINOFFICE | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/6/2010 9:27:58 PM | Computer Name = TRAINOFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


Last edited by Rtrain on 8th December 2010, 12:26 am; edited 1 time in total (Reason for editing : missed text from bottom of report)

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone9th December 2010, 12:22 am

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    HDD removed, desktop gone CF_download_FF

    HDD removed, desktop gone CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    HDD removed, desktop gone Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    HDD removed, desktop gone Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD removed, desktop gone DXwU4
HDD removed, desktop gone VvYDg

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone9th December 2010, 1:37 am

more_horiz
ComboFix 10-12-07.06 - Administrator 12/08/2010 20:08:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.279 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Cookies\hpothb07.dat
c:\documents and settings\Administrator\My Documents\DPE.DUS
c:\program files\INSTALL.LOG
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-08 07:33 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-08 07:33 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-08 07:33 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-08 07:27 . 2010-12-08 07:27 -------- d-----w- c:\windows\LastGood
2010-12-07 15:37 . 2010-12-07 15:37 -------- d-----w- c:\windows\system32\scripting
2010-12-07 15:37 . 2010-12-07 15:37 -------- d-----w- c:\windows\l2schemas
2010-12-07 15:37 . 2010-12-07 15:37 -------- d-----w- c:\windows\system32\en
2010-12-07 15:37 . 2010-12-07 15:37 -------- d-----w- c:\windows\system32\bits
2010-12-07 12:59 . 2010-12-07 12:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-07 12:59 . 2010-12-07 12:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-07 01:32 . 2010-12-07 01:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-07 01:31 . 2010-12-07 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 01:31 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 01:31 . 2010-12-07 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 01:31 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 01:14 . 2010-12-07 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 02:28 . 2010-05-03 19:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 02:28 . 2010-05-03 19:00 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 02:28 . 2010-05-03 19:00 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-14 02:28 . 2010-05-03 19:00 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 02:28 . 2010-05-03 19:00 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-14 02:28 . 2010-05-03 19:00 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 02:28 . 2010-05-03 19:00 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 02:28 . 2010-05-03 19:00 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-14 02:28 . 2010-05-03 19:00 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 02:28 . 2010-05-03 19:00 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-18 17:23 . 2004-05-26 19:29 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-05-26 19:29 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-05-26 19:29 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-05-26 19:29 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-05-26 19:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-05-26 19:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-05-26 19:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2001-09-28 23:00 . 2006-11-27 22:20 164864 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Gateway Extended Warranty"="c:\program files\Gateway\GWCares\GWCares.exe" [2004-02-09 73728]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-13 126976]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-21 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-01-17 562608]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5011\Belkinwcui.exe [2009-8-17 1589248]
Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2006-10-23 30208]
Canon PC1200 iC D700 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE [2006-4-14 30208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/3/2010 2:00 PM 84072]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [8/17/2009 6:16 PM 38144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/6/2009 11:01 PM 210216]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/3/2010 2:00 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/3/2010 2:00 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/3/2010 2:01 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/3/2010 2:00 PM 141792]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [8/17/2009 6:17 PM 273280]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/3/2010 2:00 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/3/2010 2:00 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/3/2010 2:00 PM 88544]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [8/6/2008 6:21 PM 20504]
S2 gupdate1ca4ff181db1814;Google Update Service (gupdate1ca4ff181db1814);c:\program files\Google\Update\GoogleUpdate.exe [10/18/2009 7:49 AM 133104]
S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [10/23/2006 1:40 PM 22912]
S2 RapidPortM3;RapidPortM3;c:\windows\system32\drivers\CAPM3LP.SYS [4/14/2006 9:19 AM 22976]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/3/2010 2:00 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/3/2010 2:00 PM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 12:49]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 12:49]

2006-04-06 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-05-26 00:12]

2006-04-06 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-05-26 00:12]

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{5F5FDA3E-4C12-4D6E-B723-018AF87C054A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.stokescorod.org/controls/LTOCX14N.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://sslvpn.towerco.com/NELX.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.stokescorod.org/controls/prntpro2.CAB
.
- - - - ORPHANS REMOVED - - - -

AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-PDFLIB - c:\progra~1\COSSTEMP\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 20:23
Windows 5.1.2600 Service Pack 3 NTFS

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone10th December 2010, 12:19 am

more_horiz
Desktop still does not come up when I boot, but the file exists...

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone10th December 2010, 1:02 am

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD removed, desktop gone DXwU4
HDD removed, desktop gone VvYDg

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone11th December 2010, 1:41 pm

more_horiz
Ok, ran it, system boots fine, but desktop still missing.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=c47270d17d5c9e4991b0df20bcba750a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-10 02:57:56
# local_time=2010-12-09 09:57:56 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777189 100 75 0 21100498 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84536
# found=0
# cleaned=0
# scan_time=3501ons still missing.

Log:

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone11th December 2010, 5:39 pm

more_horiz
The Desktop as in explorer isn't loading? your icons/task bar doesn't load?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD removed, desktop gone DXwU4
HDD removed, desktop gone VvYDg

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone11th December 2010, 11:56 pm

more_horiz
That is correct; the task bar does, but no desktop icons.

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone12th December 2010, 1:11 am

more_horiz
Open the Task Manager via ctrl/alt/del. Go to the "Applications" tab, and press "New Task..."

In the open field, type in explorer.exe and hit the OK button.

Does your Desktop load now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD removed, desktop gone DXwU4
HDD removed, desktop gone VvYDg

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone12th December 2010, 1:19 am

more_horiz
That opens the MY DOCUMENTS folder.

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone12th December 2010, 10:27 pm

more_horiz
Hmm, it opens My Documents but doesn't make the Desktop icons/Task Bar re-appear? Okay do the same, but type this in instead.

%windir%\explorer.exe

Any luck this time?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD removed, desktop gone DXwU4
HDD removed, desktop gone VvYDg

descriptionHDD removed, desktop gone EmptyRe: HDD removed, desktop gone

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum