antivirus disable notice

**malopr** · 11-08-2010

did the read me first amd here are the rusult;
mbam report
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4413

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/10/2010 12:09:02 PM
mbam-log-2010-08-10 (12-09-02).txt

Scan type: Quick scan
Objects scanned: 122282
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
gmer report
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2010-08-10 13:30:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\fxlyqpoc.sys

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF75DADB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF75DADC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF75DADF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF75DAE46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF75DAD9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF75DAD74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF75DAD88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF75DADDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF75DAE1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF75DAE06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF75DAE70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF75DAE5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF75DAE30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
mbrcheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BCE000 \WINDOWS\system32\KDCOM.DLL
0xF7ADE000 \WINDOWS\system32\BOOTVID.dll
0xF767F000 ACPI.sys
0xF7BD0000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF766E000 pci.sys
0xF76CE000 isapnp.sys
0xF7C96000 pciide.sys
0xF794E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7BD2000 viaide.sys
0xF76DE000 MountMgr.sys
0xF764F000 ftdisk.sys
0xF7956000 PartMgr.sys
0xF76EE000 VolSnap.sys
0xF7637000 atapi.sys
0xF76FE000 disk.sys
0xF770E000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7617000 fltmgr.sys
0xF7605000 sr.sys
0xF75A8000 mfehidk.sys
0xF7591000 KSecDD.sys
0xF7504000 Ntfs.sys
0xF74D7000 NDIS.sys
0xF771E000 uagp35.sys
0xF74BD000 Mup.sys
0xF786E000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7434000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xF7420000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF73C3000 \SystemRoot\system32\drivers\cmaudio.sys
0xF739F000 \SystemRoot\system32\drivers\portcls.sys
0xF787E000 \SystemRoot\system32\drivers\drmk.sys
0xF737C000 \SystemRoot\system32\drivers\ks.sys
0xF729E000 \SystemRoot\System32\DRIVERS\HCF_MSFT.sys
0xF7A06000 \SystemRoot\System32\Drivers\Modem.SYS
0xF788E000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF789E000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF78AE000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A0E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7A16000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF727A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7A1E000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF78BE000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7A26000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7A2E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF78CE000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7B96000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7A36000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7266000 \SystemRoot\System32\DRIVERS\parport.sys
0xF6E9D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF78DE000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF7DAD000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF6E89000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF78EE000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B9E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6DD2000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF78FE000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF790E000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7A3E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6DC1000 \SystemRoot\System32\DRIVERS\psched.sys
0xF791E000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF6D9D000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6D2A000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7A46000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A4E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7A56000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF792E000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7BE4000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6C85000 \SystemRoot\System32\DRIVERS\update.sys
0xF748D000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF793E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7475000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF77CE000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7C06000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7A5E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7C08000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB8000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C0A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A6E000 \SystemRoot\System32\drivers\vga.sys
0xF7C0C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C0E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A76000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A7E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B82000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5B8A000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5B31000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5B1E000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF5AF8000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF77EE000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF5AD0000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5A86000 \SystemRoot\System32\drivers\afd.sys
0xF77FE000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF5A5B000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF59EB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF781E000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6E39000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF59D3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C8A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5C65000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79AE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D28000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xF34CF000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF324E000 \SystemRoot\system32\drivers\wdmaud.sys
0xF33AB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2E83000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7C68000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF2DDC000 \SystemRoot\System32\DRIVERS\srv.sys
0xF29D8000 \SystemRoot\system32\drivers\cfwids.sys
0xF2827000 \SystemRoot\System32\Drivers\HTTP.sys
0xF25DE000 \SystemRoot\system32\drivers\mfeapfk.sys
0xF2657000 \SystemRoot\system32\drivers\mfebopk.sys
0xF2314000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
916 C:\WINDOWS\system32\smss.exe
968 csrss.exe
992 C:\WINDOWS\system32\winlogon.exe
1036 C:\WINDOWS\system32\services.exe
1048 C:\WINDOWS\system32\lsass.exe
1228 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1404 C:\WINDOWS\system32\svchost.exe
1544 svchost.exe
1604 svchost.exe
1784 C:\WINDOWS\system32\spoolsv.exe
252 C:\WINDOWS\explorer.exe
400 C:\Program Files\McAfee.com\Agent\mcagent.exe
408 C:\WINDOWS\mixer.exe
420 C:\WINDOWS\SOUNDMAN.EXE
424 C:\WINDOWS\system32\VTTimer.exe
444 C:\WINDOWS\system32\VTTrayp.exe
464 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
472 C:\Program Files\iTunes\iTunesHelper.exe
556 C:\Program Files\CompuServe 7.0\cstray.exe
772 svchost.exe
816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
832 C:\Program Files\Bonjour\mDNSResponder.exe
888 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1244 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
1520 C:\WINDOWS\wanmpsvc.exe
1964 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
328 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
540 C:\WINDOWS\system32\wuauclt.exe
2336 C:\Program Files\iPod\bin\iPodService.exe
3016 alg.exe
3468 C:\WINDOWS\system32\wscntfy.exe
2448 wmiprvse.exe
3404 C:\Documents and Settings\David\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-75GVC0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!
otl
OTL logfile created on: 8/10/2010 6:24:07 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 696.00 Mb Available Physical Memory | 70.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 142.37 Gb Free Space | 95.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTINE
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/10 14:07:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2010/07/17 13:24:44 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/30 02:44:32 | 000,180,224 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2006/08/02 23:53:02 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006/03/01 16:22:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\WINDOWS\mixer.exe
PRC - [2002/03/04 22:26:50 | 000,032,840 | -H-- | M] (CompuServe Interactive Services, Inc.) -- C:\Program Files\CompuServe 7.0\cstray.exe
PRC - [2001/09/25 09:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/08/10 14:07:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2001/09/25 09:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/05/19 00:44:52 | 003,965,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/09/27 11:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 06:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/10 09:43:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/10 09:43:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/17 12:39:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100717124020.dl l (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe (CompuServe Interactive Services, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1278590199226 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/...131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 22:33:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/10 14:07:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/08/10 13:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\gmer
[2010/08/10 12:38:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/10 11:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes
[2010/08/10 11:48:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/10 11:48:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/10 11:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 11:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/10 11:47:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup-1.46.exe
[2010/08/10 11:37:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2010/08/10 10:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/10 10:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/10 10:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/10 09:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/10 09:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/17 13:49:37 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/17 13:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Adobe
[2010/07/17 13:25:37 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/07/17 13:25:27 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/07/17 13:25:27 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/07/17 13:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/17 13:24:46 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/07/17 13:24:46 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/07/17 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2010/07/17 13:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/17 13:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Real
[2010/07/17 13:22:58 | 000,584,736 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\David\My Documents\RealPlayerSPGold.exe
[2010/07/17 13:05:29 | 000,065,536 | ---- | C] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2010/07/17 13:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\csback
[2010/07/17 13:05:08 | 000,000,000 | ---D | C] -- C:\Install Winamp
[2010/07/17 13:05:07 | 000,000,000 | ---D | C] -- C:\Install Spinner
[2010/07/17 13:04:38 | 000,045,148 | ---- | C] (Sun Microsystems) -- C:\WINDOWS\System32\plugincpl131_02.cpl
[2010/07/17 13:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\JavaSoft
[2010/07/17 13:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/07/17 13:03:58 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.bak
[2010/07/17 13:03:45 | 000,000,000 | ---D | C] -- C:\My Music
[2010/07/17 13:03:34 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/17 13:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/17 13:03:20 | 000,028,396 | ---- | C] (America Online, Inc.) -- C:\WINDOWS\System32\drivers\wanatw4.sys
[2010/07/17 13:03:18 | 000,153,088 | ---- | C] (America Online) -- C:\WINDOWS\System32\jgdwmie.dll
[2010/07/17 13:03:18 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010/07/17 13:03:18 | 000,024,643 | ---- | C] (America Online) -- C:\WINDOWS\System32\csddial.dll
[2010/07/17 13:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\csshare
[2010/07/17 13:03:17 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010/07/17 13:03:17 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010/07/17 13:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\CompuServe 7.0
[2010/07/17 12:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/17 12:48:34 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\David\My Documents\SUPERAntiSpyware.exe
[2010/07/17 10:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Template
[2010/07/17 10:25:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER

========== Files - Modified Within 30 Days ==========

[2010/08/10 18:18:24 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/08/10 18:18:19 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/08/10 18:18:14 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/08/10 18:18:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 18:18:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/10 18:17:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 18:16:50 | 002,656,656 | -H-- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\IconCache.db
[2010/08/10 14:07:45 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\David\NTUSER.DAT
[2010/08/10 14:07:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
[2010/08/10 14:07:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/08/10 14:07:11 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\David\Desktop\MBRCheck.exe
[2010/08/10 13:29:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\David\My Documents\gmer.zip
[2010/08/10 12:11:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\David\My Documents\gvyh929j.exe
[2010/08/10 11:48:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 11:47:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup-1.46.exe
[2010/08/10 11:37:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2010/08/10 10:29:38 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/10 10:20:09 | 000,025,424 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/10 09:43:53 | 000,000,619 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/17 13:25:44 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/07/17 13:25:37 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/07/17 13:25:27 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/07/17 13:25:27 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/07/17 13:24:46 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/07/17 13:24:46 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/07/17 13:24:46 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/17 13:22:59 | 000,584,736 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\David\My Documents\RealPlayerSPGold.exe
[2010/07/17 13:05:14 | 000,000,705 | ---- | M] () -- C:\WINDOWS\csback.exe.lnk
[2010/07/17 13:04:42 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
[2010/07/17 13:04:42 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\CompuServe 7.0.lnk
[2010/07/17 12:48:34 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\David\My Documents\SUPERAntiSpyware.exe

========== Files Created - No Company Name ==========

[2010/08/10 14:07:09 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\David\Desktop\MBRCheck.exe
[2010/08/10 13:29:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\David\My Documents\gmer.zip
[2010/08/10 12:11:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\My Documents\gvyh929j.exe
[2010/08/10 11:48:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 10:29:38 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/17 13:25:46 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/07/17 13:25:45 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/07/17 13:25:44 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/07/17 13:05:14 | 000,000,705 | ---- | C] () -- C:\WINDOWS\csback.exe.lnk
[2010/07/17 13:04:42 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
[2010/07/17 13:04:41 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\CompuServe 7.0.lnk
[2010/07/17 13:04:38 | 000,020,549 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 13:04:38 | 000,020,547 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2010/07/08 08:08:06 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/07/08 07:39:27 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/07/08 07:39:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/07/08 07:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/07/08 07:39:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/07/08 06:20:04 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2010/07/08 06:18:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/07/07 22:33:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/07 22:55:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/07 22:33:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/07 22:33:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/07 22:33:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/07 22:53:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/08 05:22:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/10 18:17:57 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/07/07 15:20:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/07 15:20:57 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/07 15:20:57 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0wFx6n0nH >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0wFx6n0nH

< End of report >
otl extra
OTL Extras logfile created on: 8/10/2010 6:24:07 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 696.00 Mb Available Physical Memory | 70.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 142.37 Gb Free Space | 95.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTINE
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAf ee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CompuServe us" = CompuServe
"ie8" = Windows Internet Explorer 8
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PCI Audio Driver" = PCI Audio Driver
"RealPlayer 12.0" = RealPlayer
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2010 3:18:57 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:18:57 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/17/2010 3:18:57 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:33:37 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:33:37 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:33:37 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:33:38 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:33:38 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:35:23 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 3:35:23 PM | Computer Name = KRISTINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 8/10/2010 5:28:16 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/10/2010 5:28:52 PM | Computer Name = KRISTINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 8/10/2010 5:29:27 PM | Computer Name = KRISTINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

< End of report >

**broni** · 11-08-2010

What are the exact issues?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**malopr** · 11-08-2010

here is the combofix report
thanks

ComboFix 10-08-10.06 - David 08/11/2010 6:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.708 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-10 18:49 . 2010-08-10 18:49 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes
2010-08-10 18:48 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 18:48 . 2010-08-10 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 18:48 . 2010-08-10 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-10 18:48 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 17:28 . 2010-08-10 17:28 -------- d-----w- c:\program files\iPod
2010-08-10 17:28 . 2010-08-10 17:29 -------- d-----w- c:\program files\iTunes
2010-08-10 17:23 . 2010-08-10 17:23 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-10 17:22 . 2010-08-10 17:22 -------- d-----w- c:\program files\Safari
2010-08-10 17:21 . 2010-08-10 17:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-17 20:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-17 20:24 . 2010-07-17 20:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 20:24 . 2010-07-17 20:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-17 20:03 . 2010-07-17 20:25 -------- d-----w- c:\program files\Common Files\Real
2010-07-17 20:03 . 2001-09-27 18:00 28396 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2010-07-17 20:03 . 2010-07-17 20:25 -------- d-----w- c:\program files\Common Files\csshare
2010-07-17 20:03 . 2002-03-05 05:26 24643 ----a-w- c:\windows\system32\csddial.dll
2010-07-17 20:03 . 2001-09-25 16:33 54784 ----a-w- c:\windows\system32\Inetwh32.dll
2010-07-17 20:03 . 2001-09-25 16:33 153088 ----a-w- c:\windows\system32\jgdwmie.dll
2010-07-17 20:03 . 2001-09-25 16:33 1044480 ----a-w- c:\windows\system32\roboex32.dll
2010-07-17 20:03 . 2010-08-10 16:43 -------- d-----w- c:\program files\CompuServe 7.0
2010-07-17 19:49 . 2010-07-17 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-17 17:26 . 2010-07-17 17:26 -------- d-----w- c:\documents and settings\David\Application Data\Template

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-10 17:28 . 2010-07-08 15:24 -------- d-----w- c:\program files\Common Files\Apple
2010-08-10 17:20 . 2010-07-08 06:02 25424 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-17 20:25 . 2010-07-17 20:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimwmp.dll
2010-07-17 20:25 . 2010-07-17 20:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimswf.dll
2010-07-17 20:25 . 2010-07-17 20:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimrp.dll
2010-07-17 20:25 . 2010-07-17 20:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimqt.dll
2010-07-17 20:25 . 2010-07-17 20:25 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt\Components\nprpffbrowserrecordext.dll
2010-07-17 20:25 . 2010-07-17 20:25 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ho ok\rpchromebrowserrecordhelper.dll
2010-07-17 20:25 . 2010-07-17 20:25 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rp mainbrowserrecordplugin.dll
2010-07-17 20:25 . 2010-07-17 20:25 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll
2010-07-17 20:25 . 2010-07-17 20:25 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
2010-07-17 20:25 . 2010-07-17 20:24 -------- d-----w- c:\program files\real
2010-07-17 20:25 . 2010-07-17 20:25 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-17 20:05 . 2010-07-17 20:05 -------- d-----w- c:\program files\Common Files\csback
2010-07-17 20:04 . 2010-07-17 20:04 -------- d-----w- c:\program files\JavaSoft
2010-07-17 20:04 . 2010-07-17 20:04 -------- d-----w- c:\program files\Viewpoint
2010-07-17 19:43 . 2010-07-08 12:48 -------- d-----w- c:\program files\McAfee
2010-07-08 19:14 . 2010-07-08 19:11 -------- d-----w- c:\program files\Microsoft Works
2010-07-08 18:44 . 2010-07-08 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-08 15:29 . 2010-07-08 15:27 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer
2010-07-08 15:26 . 2010-07-08 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-08 15:25 . 2010-07-08 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-08 15:25 . 2010-07-08 15:25 -------- d-----w- c:\program files\QuickTime
2010-07-08 15:24 . 2010-07-08 15:24 -------- d-----w- c:\program files\Apple Software Update
2010-07-08 15:24 . 2010-07-08 15:24 -------- d-----w- c:\program files\Bonjour
2010-07-08 15:24 . 2010-07-08 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-08 14:14 . 2010-07-08 14:04 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-08 14:03 . 2010-07-08 14:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-08 12:49 . 2010-07-08 12:48 -------- d-----w- c:\program files\Common Files\Mcafee
2010-06-01 03:32 . 2010-04-14 19:50 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-04-14 19:50 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"VTTrayp"="VTtrayp.exe" [2006-08-30 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CompuServe 7.0 Tray Icon.lnk - c:\program files\CompuServe 7.0\cstray.exe [2010-7-17 32840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/8/2010 5:48 AM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/8/2010 5:48 AM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/8/2010 5:48 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/8/2010 5:48 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/8/2010 5:49 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/8/2010 5:48 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/8/2010 5:48 AM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/8/2010 5:48 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\ mfendisk.sys [7/8/2010 5:48 AM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/8/2010 5:48 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/8/2010 5:48 AM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-11 06:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-11 06:54:13
ComboFix-quarantined-files.txt 2010-08-11 13:54

Pre-Run: 152,791,166,976 bytes free
Post-Run: 152,761,319,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - F4462EBF523F1F05054D34B6646CDAB6

**broni** · 12-08-2010

Combofix log looks fine

How is computer doing?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

================================================== =============

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

================================================== ==============

Update your Java version here: Verify Java Version

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

================================================== ============

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**malopr** · 12-08-2010

Computer is running fine thanks
here are the logs.

All processes killed
Error: Unable to interpret <:OTL O4 - HKLM..\Run: [KernelFaultCheck] File not found O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found :Services :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" =- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" =- :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]> in the current context!
Error: Unable to interpret <Read more: http://www.d-a-l.com/help/spyware-adware-viruses-hijackthis-logs/68983-active-antivirus-disable-notice.html#ixzz0wOzaqHk5> in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 08122010_073105

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 8/12/2010 7:37:11 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 634.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 143.34 Gb Free Space | 96.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTINE
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/10 14:07:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2010/07/17 13:24:44 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/30 02:44:32 | 000,180,224 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2006/08/02 23:53:02 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006/03/01 16:22:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\WINDOWS\mixer.exe
PRC - [2002/03/04 22:26:50 | 000,032,840 | -H-- | M] (CompuServe Interactive Services, Inc.) -- C:\Program Files\CompuServe 7.0\cstray.exe
PRC - [2001/09/25 09:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/08/10 14:07:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2001/09/25 09:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/05/19 00:44:52 | 003,965,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/09/27 11:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 06:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/12 07:17:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/12 07:17:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/17 12:39:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100717124020.dl l (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe (CompuServe Interactive Services, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1278590199226 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 22:33:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/12 07:31:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/12 07:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\JavaRa
[2010/08/12 07:25:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/12 07:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/12 07:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/12 07:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/12 07:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Sun
[2010/08/12 07:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\.java
[2010/08/12 07:12:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/11 06:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/11 06:43:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/11 06:42:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/11 06:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/11 06:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/11 06:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/11 06:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/10 14:07:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/08/10 13:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\gmer
[2010/08/10 12:38:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/10 11:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes
[2010/08/10 11:48:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/10 11:48:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/10 11:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 11:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/10 11:47:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup-1.46.exe
[2010/08/10 11:37:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2010/08/10 10:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/10 10:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/10 10:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/10 09:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/10 09:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/17 13:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Adobe
[2010/07/17 13:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/17 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2010/07/17 13:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/17 13:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Real
[2010/07/17 13:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\csback
[2010/07/17 13:05:08 | 000,000,000 | ---D | C] -- C:\Install Winamp
[2010/07/17 13:05:07 | 000,000,000 | ---D | C] -- C:\Install Spinner
[2010/07/17 13:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\JavaSoft
[2010/07/17 13:03:45 | 000,000,000 | ---D | C] -- C:\My Music
[2010/07/17 13:03:34 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/17 13:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/17 13:03:18 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010/07/17 13:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\csshare
[2010/07/17 13:03:17 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010/07/17 13:03:17 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010/07/17 13:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\CompuServe 7.0
[2010/07/17 12:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/17 12:48:34 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\David\My Documents\SUPERAntiSpyware.exe
[2010/07/17 10:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Template
[2010/07/08 12:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/07/08 08:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Apple Computer
[2010/07/08 08:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/08 08:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/08 08:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/07/08 08:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple
[2010/07/08 08:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/08 08:24:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/07/08 08:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/08 08:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/08 08:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/07/08 08:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple Computer
[2010/07/08 08:11:16 | 000,593,920 | R--- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTovrlay.dll
[2010/07/08 08:11:16 | 000,180,224 | R--- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTTrayp.exe
[2010/07/08 08:11:16 | 000,028,672 | R--- | C] (VIA) -- C:\WINDOWS\System32\VModes.exe
[2010/07/08 08:11:14 | 000,462,848 | R--- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTGamma2.dll
[2010/07/08 08:11:14 | 000,327,680 | R--- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTInfo2.dll
[2010/07/08 08:11:13 | 000,651,264 | R--- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTDisply.dll
[2010/07/08 08:11:05 | 003,516,032 | R--- | C] (VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\System32\vtdisp.dll
[2010/07/08 07:18:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents\My Videos
[2010/07/08 07:18:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/07/08 07:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Identities
[2010/07/08 07:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/07/08 07:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/08 07:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/08 07:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/08 07:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/08 06:28:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\IECompatCache
[2010/07/08 06:28:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\PrivacIE
[2010/07/08 06:17:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\IETldCache
[2010/07/08 06:08:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/08 06:08:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/08 06:07:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/08 05:52:42 | 003,059,184 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\David\My Documents\DMSetup.exe
[2010/07/08 05:48:46 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/07/08 05:48:42 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/07/08 05:48:42 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/07/08 05:48:42 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/07/08 05:48:42 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/07/08 05:48:42 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/07/08 05:48:42 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/07/08 05:48:42 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/07/08 05:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/07/08 05:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/07/08 05:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/07/08 05:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/07/08 05:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Macromedia
[2010/07/08 05:35:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/08 05:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/08 05:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/07/08 05:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/08 05:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/08 05:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/08 05:22:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/08 05:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/08 04:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/07/08 04:59:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/07/08 04:58:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/07/08 04:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/08 04

34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\UserData
[2010/07/07 23:00:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/07/07 22:55:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/07/07 22:55:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/07/07 22:54:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/07/07 22:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/07/07 22:52:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/07 22:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/07/07 22:48:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/07/07 22:47:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/07/07 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Identities
[2010/07/07 22:47:52 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/07 22:47:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents\My Pictures
[2010/07/07 22:47:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents\My Music
[2010/07/07 22:47:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\David\Application Data\Microsoft
[2010/07/07 22:47:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David\SendTo
[2010/07/07 22:47:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David\Recent
[2010/07/07 22:47:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David\Application Data
[2010/07/07 22:47:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\Start Menu
[2010/07/07 22:47:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents
[2010/07/07 22:47:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\Favorites
[2010/07/07 22:47:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\Cookies
[2010/07/07 22:47:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\David\Templates
[2010/07/07 22:47:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\David\PrintHood
[2010/07/07 22:47:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\David\NetHood
[2010/07/07 22:47:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\David\Local Settings
[2010/07/07 22:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Microsoft
[2010/07/07 22:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop
[2010/07/07 22:43:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/07 22:42:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/07/07 22:42:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/07/07 22:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/07/07 22:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/07/07 22:34:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/07 22:34:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/07 22:33:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/07 22:33:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/07/07 22:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/07/07 22:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/07/07 22:32:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/07/07 22:32:34 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/07/07 22:32:34 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/07/07 22:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/07/07 22:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/07/07 22:31:26 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/07/07 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/07/07 22:31:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/07/07 22:31:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/07/07 22:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/07/07 22:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/07/07 22:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2010/07/07 22:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/07/07 22:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/07/07 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/07/07 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/07/07 22:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/07/07 22:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/07/07 22:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/07/07 22:30:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/07/07 22:30:42 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/07/07 22:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/07/07 22:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/07/07 22:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/07 22:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/07/07 22:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/07/07 22:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/07/07 22:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/07/07 22:29:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/07/07 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/07/07 15:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/07/07 15:22:38 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/07/07 15:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/07/07 15:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/07/07 15:22:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/07/07 15:22:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/07/07 15:22:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/07/07 15:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/07/07 15:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/07/07 15:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/07/07 15:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/07/07 15:22:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/07/07 15:22:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/07/07 15

45 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/07/07 15:16:01 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/07/07 15:16:01 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/07/07 15:16:01 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/07/07 15:16:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/07/07 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 90 Days ==========

[2010/08/12 07:32:14 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/08/12 07:32:13 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/08/12 07:32:08 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/08/12 07:31:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/12 07:31:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/12 07:31:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/12 07:31:16 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\David\NTUSER.DAT
[2010/08/12 07:31:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
[2010/08/12 07:27:26 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\David\Desktop\JavaRa.zip
[2010/08/12 07

43 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\David\plugin131_02.trace
[2010/08/12 07:13:04 | 003,221,026 | -H-- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\IconCache.db
[2010/08/11 17:10:47 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 16:53:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/11 06:52:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/11 06:43:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/10 14:07:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/08/10 14:07:11 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\David\Desktop\MBRCheck.exe
[2010/08/10 13:29:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\David\My Documents\gmer.zip
[2010/08/10 12:11:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\David\My Documents\gvyh929j.exe
[2010/08/10 11:48:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 11:47:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup-1.46.exe
[2010/08/10 11:37:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2010/08/10 10:29:38 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/10 10:20:09 | 000,025,424 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/10 09:43:53 | 000,000,619 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/17 13:25:44 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/07/17 13:24:46 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/17 13:05:14 | 000,000,705 | ---- | M] () -- C:\WINDOWS\csback.exe.lnk
[2010/07/17 13:04:42 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
[2010/07/17 13:04:42 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\CompuServe 7.0.lnk
[2010/07/17 12:48:34 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\David\My Documents\SUPERAntiSpyware.exe
[2010/07/08 12:20:25 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Microsoft Works Word Processor.lnk
[2010/07/08 08:24:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/08 08:16:21 | 000,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2010/07/08 08:01:23 | 000,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI
[2010/07/08 07:39:27 | 000,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2010/07/08 07:39:27 | 000,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/07/08 07:39:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2010/07/08 07:17:59 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/08 07:13:30 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/08 07:13:30 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/08 07:04:28 | 000,377,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/08 07:03:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/08 07:03:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/08 07:02:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2010/07/08 06:17:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/08 05:52:42 | 003,059,184 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\David\My Documents\DMSetup.exe
[2010/07/08 05:35:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/08 05:22:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/08 05:03:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/07 22:55:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/07 22:53:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/07 22:47:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/07 22:47:54 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/07 22:35:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/07 22:34:21 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/07 22:33:08 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/07 22:33:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/07 22:33:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/07 22:33:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/07/07 22:33:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/07 22:33:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/07 22:33:06 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/07 22:33:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/07 22:32:34 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/07 22:32:34 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/07 22:30:55 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/07 22:30:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/07/07 22:30:54 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/31 20:32:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys

========== Files Created - No Company Name ==========

[2010/08/12 07:27:26 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\David\Desktop\JavaRa.zip
[2010/08/12 07

41 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\David\plugin131_02.trace
[2010/08/11 06:43:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/11 06:43:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/11 06:42:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/11 06:42:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/11 06:42:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/11 06:42:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 06:42:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/10 14:07:09 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\David\Desktop\MBRCheck.exe
[2010/08/10 13:29:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\David\My Documents\gmer.zip
[2010/08/10 12:11:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\My Documents\gvyh929j.exe
[2010/08/10 11:48:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 10:29:38 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/10 10:22:59 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/17 13:25:46 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/07/17 13:25:45 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1644491937-839522115-1004.job
[2010/07/17 13:25:44 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/07/17 13:05:14 | 000,000,705 | ---- | C] () -- C:\WINDOWS\csback.exe.lnk
[2010/07/17 13:04:42 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
[2010/07/17 13:04:41 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\CompuServe 7.0.lnk
[2010/07/08 12:20:25 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Microsoft Works Word Processor.lnk
[2010/07/08 08:24:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/08 08:11:17 | 000,051,124 | R--- | C] () -- C:\WINDOWS\System32\VTTrayp.cfg
[2010/07/08 08:11:17 | 000,037,162 | R--- | C] () -- C:\WINDOWS\System32\VTTrayP2.cfg
[2010/07/08 08:11:16 | 000,059,327 | R--- | C] () -- C:\WINDOWS\System32\VTovrlay.cfg
[2010/07/08 08:11:16 | 000,034,375 | R--- | C] () -- C:\WINDOWS\System32\VTOvrly2.cfg
[2010/07/08 08:11:15 | 000,044,076 | R--- | C] () -- C:\WINDOWS\System32\VTInfo2.cfg
[2010/07/08 08:11:14 | 000,050,215 | R--- | C] () -- C:\WINDOWS\System32\VTGamma2.cfg
[2010/07/08 08:11:14 | 000,036,546 | R--- | C] () -- C:\WINDOWS\System32\VTGama_2.cfg
[2010/07/08 08:11:12 | 000,063,489 | R--- | C] () -- C:\WINDOWS\System32\VTDisply.cfg
[2010/07/08 08:11:12 | 000,056,619 | R--- | C] () -- C:\WINDOWS\System32\VTDispl2.cfg
[2010/07/08 08:11:12 | 000,052,037 | R--- | C] () -- C:\WINDOWS\System32\VTDispl3.cfg
[2010/07/08 08:08:06 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/07/08 08:07:49 | 000,141,016 | R--- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2010/07/08 07:39:27 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/07/08 07:39:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/07/08 07:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/07/08 07:39:05 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010/07/08 07:39:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/07/08 07:02:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2010/07/08 06:20:04 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2010/07/08 06:18:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010/07/08 05:49:40 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/07/08 05:13:58 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/07/08 05:13:58 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/07/08 05:13:58 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/07/08 05:13:58 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/07/08 05:13:57 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/07/08 05:13:57 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/07/08 05:13:57 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/07/08 05:13:57 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/07/08 05:13:57 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/07/08 05:13:57 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/07/08 05:13:57 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/07/08 05:13:57 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/07/08 05:13:57 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/07/08 05:13:57 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/07/08 05:13:57 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/07/08 05:13:57 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/07/08 05:13:57 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/07/08 05:13:56 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/07/08 05:13:56 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/07/08 05:13:56 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/07/08 05:13:56 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/07/08 05:13:56 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/07/08 05:13:56 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/07/08 05:13:56 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/07/08 05:13:56 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/07/08 05:13:56 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/07/08 05:13:56 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/07/08 05:13:56 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/07/08 05:13:53 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/07/08 05:13:53 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/07/08 05:13:53 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/07/08 05:13:50 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/07/08 05:13:50 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/07/08 05:13:50 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/07/08 05:13:50 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/07/08 05:13:50 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/07/08 05:13:50 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/07/08 05:13:49 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/07/08 05:13:49 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/07/08 05:13:49 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/07/08 05:13:49 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/07/08 05:13:45 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/07/08 05:13:45 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/07/08 05:13:43 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/07/08 05:13:42 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/07/08 05:13:40 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/07/08 05:13:40 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/07/08 05:13:40 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/07/08 05:13:40 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/07/08 05:13:40 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/07/08 05:13:40 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/07/08 05:13:40 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/07/08 05:13:40 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/07/08 05:13:40 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/07/08 05:13:40 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/07/08 05:13:40 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/07/08 05:13:40 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/07/08 05:13:40 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/07/08 05:13:40 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/07/08 05:13:40 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/07/08 05:13:40 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/07/08 05:13:38 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/07/08 05:13:38 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/07/08 05:13:38 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/07/08 05:13:34 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/07/08 05:13:34 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/07/08 05:13:34 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/07/08 05:13:34 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/07/08 05:13:34 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/07/08 05:13:34 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/07/08 05:13:34 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/07/08 05:13:33 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/07/08 05:13:31 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/07/08 05:13:30 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/07/08 05:13:30 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/07/08 05:13:29 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/07/08 05:13:29 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/07/08 05:13:29 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/07/08 05:13:29 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/07/08 05:13:29 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/07/08 05:13:29 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/07/08 05:13:29 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/07/08 05:13:29 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/07/08 05:13:29 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/07/08 05:13:29 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/07/08 05:13:28 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/07/08 05:03:16 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/07 22:55:30 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/07 22:55:14 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/07/07 22:55:14 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/07/07 22:55:14 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/07/07 22:55:13 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2010/07/07 22:47:57 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/07 22:47:52 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/07 22:47:52 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/07 22:47:49 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\David\NTUSER.DAT
[2010/07/07 22:47:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\David\ntuser.dat.LOG
[2010/07/07 22:47:49 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\David\ntuser.ini
[2010/07/07 22:35:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/07 22:34:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 22:34:01 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/07 22:33:52 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/07 22:33:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/07 22:33:47 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/07 22:33:46 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/07 22:33:36 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/07 22:33:32 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/07 22:33:24 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/07 22:33:08 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/07 22:33:08 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/07 22:33:08 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/07 22:33:08 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/07/07 22:33:08 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/07/07 22:33:07 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/07 22:33:07 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/07 22:33:07 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/07 22:33:06 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/07 22:32:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/07 22:32:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/07 22:32:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/07 22:32:22 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/07/07 22:31:41 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/07/07 22:31:41 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/07/07 22:31:34 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/07/07 22:30:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/07 22:30:19 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/07/07 22:30:19 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/07/07 22:30:19 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/07/07 22:30:19 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/07/07 22:30:19 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/07/07 22:30:19 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/07/07 22:30:19 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/07/07 22:30:19 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/07/07 22:30:18 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/07/07 22:30:18 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/07/07 22:30:18 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/07/07 22:30:18 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/07/07 22:30:18 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/07/07 22:30:18 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/07/07 22:30:18 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/07/07 22:30:18 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/07/07 22:30:17 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/07/07 22:30:17 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/07/07 22:30:17 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/07/07 22:30:15 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/07/07 22:30:15 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/07/07 22:30:13 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/07/07 22:30:03 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/07/07 15:22:44 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/07 15:22:40 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/07/07 15:22:40 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/07/07 15:22:39 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/07/07 15:22:39 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/07/07 15:22:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/07/07 15:22:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/07/07 15:22:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/07/07 15:22:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/07/07 15:22:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/07/07 15:22:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/07/07 15:22:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/07/07 15:22:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/07/07 15:22:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/07/07 15:22:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/07/07 15:22:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/07/07 15:22:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/07/07 15:22:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/07/07 15:22:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/07/07 15:22:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/07/07 15:22:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/07/07 15:22:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/07/07 15:22:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/07/07 15:22:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/07/07 15:22:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/07/07 15:22:22 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/07 15:22:18 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/07 15:22:18 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/07 15:22:18 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/07 15:22:18 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/07 15:22:18 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/07 15:22:18 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/07 15

44 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/07 15:20:57 | 000,000,281 | RHS- | C] () -- C:\boot.ini
[2010/07/07 15:20:57 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== LOP Check ==========

[2010/07/08 08:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/17 10:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Template

========== Purity Check ==========

< End of report >

**broni** · 13-08-2010

You did something wrong while running OTL fix.
I suspect, you missed a "colon" in front of "OTL" (1st line).
Please, redo.

antivirus disable notice

antivirus disable notice

Similar Threads

Error Notice on desktop.

Resolution notice

Scripts notice

Virus notice keeps appearing,

PC Reboots without notice